Cyber Weekly Digest - Week #20
In this week's digest, we discuss how a ransomware attack led to the US declaring a state of emergency in 18 states and why a UK train company is being criticised for a simulated phishing test. Keep reading to hear about the biggest cyber security stories from across the globe.
This week's biggest story is how a ransomware attack led to a US state of emergency in 18 states. Colonial Pipeline, which supplies almost half of all the fuel consumed on the East Coast in the US, temporarily shut down its infrastructure as a precaution following a DarkSide ransomware attack. According to media reports, the suspension of operations led to an increase in gas prices. Following the attack, President Biden recognised the severity of recent cyber attacks in the US and signed an executive order to increase US cyber security defences.
Microsoft released the Patch Tuesday, May 2021 Edition, which fixed 55 security vulnerabilities, around half of the typical monthly updates. Most notable this month is CVE-2021-31166, with a 9.8 severity score. The flaw is a Windows 10 and Windows Server flaw which allows an unauthenticated attacker to execute malicious code at the operating system level remotely. With this weakness, an attacker could compromise a host simply by sending it a specially crafted packet of data. Researchers note that this kind of vulnerability is a prime target for ransomware attackers to exploit.
A researcher has discovered a number of Wi-Fi bugs, which he named "Frag Attacks", which is short for "fragmented and aggregation attacks". Interestingly some of these bugs date back to 1997, so some devices as old as 24 years could be vulnerable. The researcher said that 3 of the vulnerabilities are design flaws in the Wi-Fi standard, which affect most devices. Several other flaws are caused by "widespread programming mistakes", which means that every Wi-Fi product is affected by at least one of the flaws. He also noted it is likely the flaws are not currently being exploited, nor have they in the past.
The British train company, West Midlands Trains, has received a lot of criticism this week after a poorly timed phishing test. The phishing test thanked staff for their hard work through 2020 and told them that they would receive a one-off payment as a reward for their efforts. The test was designed to warn staff of the red flags associated with financial rewards. However, the content of the emails has been criticised for being insensitive to the pandemic. Simulated phishing is one of the most effective ways to train your staff on suspicious emails; however, these tests should be designed to educate rather than trick employees.
Another major DarkSide ransomware story this week was how the world's leading chemical distribution company Brenntag paid a $4.4 million ransom in Bitcoin. Brenntag paid the ransom in hopes of receiving a decryptor for encrypted files and to prevent the ransomware gang from leaking stolen data publicly. There is a lot of debate around whether victims should pay ransoms; although it is not illegal to do so, it is strongly advised against. This week the UK Home Secretary, Priti Patel, warned against paying ransoms as it does not guarantee a successful outcome and encourages criminal activity.
To Pay Or Not To Pay?
Read SentinelOne's whitepaper on paying ransoms and what your next steps should be.