Cyber Security Headlines – December 28, 2021

Study looks at ransomware market share

Research ers at Intel 471 analyzed 612 ransomware attacks between July and September 2021, finding them attributed to 35 different ransomware variants. Four ransomware strains accounts for over 60% of all attacks. LockBit 2.0 accounted for 33% of attacks, Conti was behind 15%, BlackMatter came in with 6.9%, and Hive with 6%. The researchers noted this period saw several groups go quiet after external actions forced groups to shut down, rather than more typical ransomware rebranded that’s internally driven. The most impacted sectors in the attacks analyzed were manufacturing, consumer and industrial systems, professional services, and real estate. 

(CISO Mag)

Researchers find abundant toolkits to get around 2FA

Researchers at Stony Brook University and Palo Alto Networks found that from March 2020 to March 2021, over 1200 phishing sites were using reverse proxies, an indicator that the operator is trying to bypass 2FA using Man-in-the-Middle toolkits. This is a significant increase from roughly 200 phishing sites found using reverse proxies in an early 2019 study. These toolkits focus on stealing a user’s authentication cookies, which are generated inside a web browser once they log into an account with 2FA. The researchers note that these toolkits are often free to download, easy to run, and often have plentiful documentation to operate available online. 

(The Record)

Shutterfly hit with ransomware

The photo company confirmed it experienced an attack on its network, which disrupted parts of its Lifetouch and BorrowLenses business, Groovebook, manufacturing and some internal corporate systems. It maintains credit cards and financial information were not impacted. The Conti ransomware group seemingly took credit for the attack, displaying legal agreements, bank and merchant accounts, and spreadsheets on its leak page. The company declined to comment on if it was negotiating on a ransom payment. 

(CyberScoop)

DuckDuckGo has a big 2021

In 2021, the privacy-focused search engine received 34.6 billion total search queries, up 46% from 2020. Statcounter reports the search engine had a 2.53% market share in the US as of November 2021, up from 2.32% on the year, although this is still fourth behind Google, Bing, and Yahoo. This comes as DuckDuckGo expanded its product offerings, from ad-blocking features on Android to an announced web browser set to launch next year. 

(Bleeping Computer)

Thanks to our episode sponsor, Lookout

Complexity is the enemy of security. With an integrated Zero Trust platform, Lookout makes things simple. Whether data is on employees’ smartphones or in the cloud, Lookout enables organizations to protect sensitive information no matter where it goes. Discover why IDC named the Lookout CASB a major player in its latest MarketScape at lookout.com/idc.

Mobile apps feel the impact of China’s tech crackdown 

A review of data from China’s Ministry of Industry and Information Technology by the South China Morning Post found that the total number of apps in Chinese app stores fell from 4.52 million at the end of 2018 to just 2.78 million apps as of October 2021. Over the course of 2019, the number of available apps fell by roughly 850,000 as regulators cracked down on collection of personal information. 2020 saw available apps fall by 220,000 over the course of the year, followed by a net loss of 670,000 in 2021. This doesn’t mean China isn’t letting new apps into app stores, with 110,000 added in October 2021 alone, just that more are being removed in that same window. The exception is gaming apps, which haven’t received any new approvals since July. 

(South China Morning Post)

EV charging station open to remote hacking

Schneider Electric announced it patched several vulnerabilities in its EVlink charging stations that could have opened up the hardware to remote attacks. These vulnerabilities included cross-site scripting and cross-site request forgery bugs, and could be exploited either locally through an internal communications port or online if the station was connected to a network. Searches on Shodan for internet connected EV stations with the bugs revealed thousands of exposed systems. Some of the patched vulnerabilities impacted end-of-life systems. The bugs were found as part of security researcher Tony Nasr ongoing report on EV charging station management systems.EV

(Security Week)

QNAP gets more ransomware for Christmas

QNAP NAS devices are no strangers to ransomware attacks, and just got another fresh campaign in time for the holidays. Threat actors around the QNAPCrypt ransomware strain ramped up activity about a week before Christmas, taking control of devices with admin privileges. It’s unclear what the attack vector is for the attack, but the attack allows QNAPCrypt to create a user in the admin group and then encrypt all files on the device. The threat actors have asked for between $1200 and $3000 worth of Bitcoin to unlock files. QNAPCrypt is not a new threat to the NAS devices, with attacks dating back to June 2019. It’s unclear why there was a sudden spike in activity. 

(Bleeping Computer)

ToRRez dark web market announces shut down

The operators of the dark web market announced plans to close the site on a hacking forum. Registration, uploading, purchasing, and support have been disabled, although the market will remain online for the next two to three weeks to finalize all orders and moderate any final disputes. The operators claim this is not an exit scam although the exact reason for the shut down is unknown. ToRReZ came online in April 2020, focused on the sale of narcotics, and was notable for accepting Bitcoin, Monero, Zcash and Litecoin.

(Security Affairs)

Rich Stroffolino is a podcaster, editor and writer based out of Cleveland, Ohio. He's spent the past five years creating media for technology enthusiasts and IT practitioners. He dreams of someday writing the oral history of Transmeta.