Colonial Pipeline makes ransom payment of nearly $5 million
Within hours of last Friday’s ransomware attack, Colonial Pipeline reportedly paid close to $5 million to hackers, presumed to be Darkside operators, to help restore the country’s largest fuel pipeline. This contradicts earlier reports that the company had no intention of paying an extortion fee. A source familiar with company operations indicated that after receiving payment, the hackers supplied a decrypting tool, however, the decryption process was so slow that the company continued using its own backups to recover its systems. On Thursday, the company indicated that it had made substantial progress in safely restoring pipeline operations and delivering fuel within the majority of its markets.
Biden signs executive order to bolster federal cyber defenses
Amidst unprecedented cyber attacks on the U.S. government and infrastructure, President Biden signed an executive order on Wednesday to boost the cyber defenses of U.S. agencies and their software contractors. The White House stated in a related fact sheet, “Outdated security models and unencrypted data have led to compromises of systems in the public and private sectors.“ The order drives agencies to secure cloud services and zero trust models, including implementing multi-factor authentication and encrypting data at rest and in transit. The order also establishes a Cybersecurity Safety Review Board, comprised of government and private-sector experts, which will provide recommendations after major cyber incidents based on its analysis.
(Infosecurity Magazine & ZDNet)
Apple failed to disclose security incident affecting millions of users
An email emerged this week as part of Epic Games’ lawsuit against Apple revealing that Apple was aware of 2,500 malicious apps that had been downloaded by 128 million users back in 2015, but failed to disclose the breach. According to Ars Technica, the apps contained malware that enlisted iPhones and iPads into a botnet that stole potentially sensitive user information. Referencing Apple’s decision not to disclose the breach, Global Vice President, Security Research at New Net Technologies, Dirk Schrader, stated, “It seems that they feared public outrage and backlash more than standing up and telling customers about the potential risks involved.”
Dark Web bombarded with bogus Covid-19 vaccines and documents
Suspect Covid-19 vaccines, test results, and vaccination cards are emerging on the dark web in the latest attempt by cybercriminals to capitalize on the coronavirus pandemic. Ann An, a Senior security researcher at McAfee’s Advanced Programs Group, stated, “A new and troubling phenomenon is that consumers are buying COVID-19 vaccines on the black market due to the increased demand around the world,” Darknet listings for bogus vaccines are selling for anywhere between $600 to $2,500 while fake vaccine cards, which appear to be issued by the CDC, are being sold for between $50 and $150.
Thanks to our episode sponsor, Altitude Networks
WeLeakInfo marketplace operator receives to two years in prison
A 23-year-old Dutch suspect, whose name has not been released, was sentenced to two years in prison after admitting to having a hand in operating the WeLeakInfo website, which sold access to over 10,000 hacked databases containing over 12.4 billion records. The site, which offered threat actors access to people’s online profile credentials for $2 per day, was seized by authorities from the U.S, Netherlands, and Britain in January of 2020. Two others, including a man from Northern Ireland, are believed to have been involved with operating the site.
Zix secure email system used in latest phishing scam
Phishing emails claiming to contain a closing settlement counteroffer are being sent from a compromised email address belonging to Authentic Title, LLC, and are using yet another clever tactic to trick users into clicking on embedded links. The emails are being sent using legitimate Zix secure emails which contain standard security features including branded headers and footers. The attack uses several layers of redirect links in an attempt to skirt security systems, and ultimately aims to exploit end-user trust that has been built by Zix.
(Softpedia News)
Editor’s note (5-26-21): We have been contacted by Zix requesting to remove this story because they believe it contains false and misleading statements. Zix indicated, “based on our findings to date, as to why the blog was incorrect and mischaracterizes the functionality of Zix products:
- The report noted that the attack was sent using the secure email system Zix, which lends an air of credibility to the attack because Zix should ostensibly be verifying that the link isn’t malicious. This is incorrect as the attacks were sent from a compromised Office 365 account, not “using” a Zix product. Authentic Title, LLC who owns the compromised O365 account is not a Zix customer.
- The blog noted “As the header and footer of the message suggest, this link takes the message recipient to an official Zix authentication site (zixcentral.com) that checks the link for safety.” From what we observed, the email in the phishing campaign email sent by the compromised O365 account: (a) did not include a link having zixcentral.com in the URL; and (b) did not include a header or footer identifying Zix.”
We have contacted Abnormal Security, the original source of the information, and a spokesperson stated, “Abnormal Security removed the blog post after receiving legal notice from Zix. The company stands by the accuracy of its research.”
Report reveals spike in double extortion ransomware attacks
A new report from Zscaler details a sharp increase in double extortion ransomware attacks since late 2019. The report details the double extortion attack chain highlighting that after gaining access to a target network, the malware first exfiltrates data before applying data encryption and then proceeds to launch a DDOS attack on the victim’s website to apply further pressure during ransom negotiations. The report indicates that, in 2020, ransomware was second-most damaging type of malware, totaling $1.4 billion in ransom demands and an average of $1.45 million per incident in remediation costs. The full report is available at Zscaler.com.
(Zscaler)
Crypto exchange glitch causes purchase delays and duplication
Earlier this week, the cryptocurrency exchange Crypto.com, which claims to have over 10 million users in more than 90 countries, experienced glitches causing multi-day delays in users receiving their purchased goods. Some users attempting to resubmit declined or expired transactions found out days later that they were charged multiple times for the same transactions. As many frustrated Crypto.com customers took to Twitter to vent their frustrations, the company issued a statement indicating that the application latency issues had been addressed but have remained silent with regards to rectifying duplicative transactions.