Microsoft says Ukraine, Poland targeted with novel ransomware attack
According to Microsoft in a blog post released Friday, a new hacking group has attacked transportation and logistics companies in Ukraine and Poland with a novel kind of ransomware. A wide range of systems were attacked within an hour on the Tuesday prior, Microsoft said, but no known group has been attributed to it. The hacks apparently resemble another Russian government-linked cyber team that has disrupted Ukraine government agencies before. The ransomware being used is named “Prestige,” and closely resembles the tools used in a with those of another data-shredding cyberattack that involved the “FoxLoad,” or “HermeticWiper” malware.
(Reuters)
Wi-Fi spy drones snoop on financial firm
In a Twitter thread, Security researcher Greg Linares said a hacking incident at an unnamed US East Coast private investment firm was discovered when the financial firm spotted unusual activity on its internal Atlassian Confluence page. The company’s security team responded and found that the user whose MAC address was used to gain partial access to the company Wi-Fi network was also logged in at home several miles away. On the roof they found two Phantom drones, one with a modified Wi-Fi Pineapple device, and the other carrying a case that contained a Raspberry Pi, several batteries, a GPD mini laptop, a 4G modem, and another Wi-Fi device. Sophos senior threat researcher Sean Gallagher told The Register the attack described is something people have done “warwalking” with Wi-Fi Pineapples or the equivalent.
Indian power generation giant Tata Power hit by a cyber attack
On Friday, the Mumbai-based power company stated that the attack “impacted some of its IT systems,” but did not share any further specifics. When asked by TechCrunch, “a PR representative refused to answer questions related to the nature of the attack and its impact on the organization, and declined to say whether any data was stolen.”
Taiwan touts $900 million in new business from Silicon Valley meetings
Taiwan’s economy minister Wang Mei-hua met with top executives from NVIDIA, Cisco, Applied Materials, and Synopsys, adding that she “got great interest” from them. The visits are expected to bring back U.S. research and development investment and orders in Taiwan worth more than $900 million, although the island’s position as a producer has prompted worries in the United States that it is too reliant on Taiwan, especially as China ramps up military drills to assert its sovereignty claims.
(Reuters)
Thanks to this week’s episode sponsor, SafeBase
SafeBase’s Smart Trust Center is a centralized source of truth for your organization’s security and compliance information. After implementing SafeBase, many companies see a 90% reduction in custom questionnaires. Imagine how much time you’d save. Visit safebase.com to find out more.
Microsoft Office 365 vulnerability lets hackers sidestep email encryption
A researcher from WithSecure has discovered an “unpatchable flaw in Microsoft Office 365 Message Encryption (OME).” The flaw enables a hacker to infer the contents of encrypted messages. According to Venturebeat.com, “OME uses the electronic codebook (ECB) block cipher, which leaks structural information about the message. This means if an attacker obtains many emails they can infer the contents of the messages by analyzing the location and frequency of patterns in the messages and matching these to other emails.” Though this requires some sophistication, it suggests that just because emails are encrypted, doesn’t mean they’re safe from threat actors.
Almost 900 servers hacked using Zimbra zero-day flaw
The critical Zimbra Collaboration Suite (ZCS) vulnerability existed as a zero-day without a patch for nearly 1.5 months. According to Bleeping Computer, “the vulnerability tracked as CVE-2022-41352 is a remote code execution flaw that allows attackers to send an email with a malicious archive attachment that plants a web shell in the ZCS server while, at the same time, bypassing antivirus checks.” According to Kaspersky, various APTgroups actively exploited the flaw soon after it was reported on the Zimbra forums.
Last week in ransomware
The most interesting news last week involved the Dutch Police police tricking ransomware into releasing keys to victims calling ransomware operations liars. Last week also saw “fake adult sites pushing data wipers, TTPs on Black Basta, information on a new Prestige Ransomware targeting Ukraine and Poland, and Magniber ransomware being installed via JavaScript files.” Some attacks that were made public last week include Healthcare organization CommonSpirit who admitted a ransomware attack, while Taiwanese chip maker ADATA denies they suffered a recent attack by RansomHouse and says the data is being recirculated from a 2021 breach by RagnarLocker.