Second farming cooperative shut down by ransomware this week
Crystal Valley, a Minnesota-based farming cooperative, has been hit by a ransomware attack by an unknown threat actor. The company confirmed in a statement on Thursday that the cyberattack has forced them to shut down their payment systems. Crystal Valley is the second agriculture business to be hit with a ransomware attack this week after Iowa-based grain cooperative NEW Cooperative Inc. was struck by BlackMatter ransomware, where the threat actors demanded a payment of $5.9 million.
Canadian VoIP provider battles massive DDoS attack
Canada-based VoIP company, VoIP.ms, continues to battle a week-long, massive distributed denial of-service (DDoS) attack that began on September 16. The company, which provides internet telephony services to 80,000 customers in 125 countries, posted to its customers on Twitter, “We continue to work full-on re-establishing all of our services so we can have you connected.” The attack also affected its domain name service (DNS) infrastructure and it remains difficult to access the company’s website. In an update on Wednesday, VoIP.ms apologized to customers and confirmed it was still being targeted by what it described as a ‘ransom DDoS attack’.
(ZDNet)
REvil double-crosses ransomware affiliates using sneaky backdoor tactics
New reports confirm that the REvil ransomware-as-a-service (RaaS) operation has been scamming its affiliates out of their ransom payments. In REvil’s ransomware model, developers create the malware and maintain the underlying infrastructure, and then recruit affiliates to attack victims, dividing the proceeds between the two parties with affiliates taking the larger cut (typically 70-80%). Yelisey Boguslavskiy, head of research at Advanced Intel, said that when talks reached a critical point, REvil would use a backdoor in its software to take over the chat, posing as the victim refusing to pay, and would then continue the negotiations with the victim in order to obtain the full ransom payment.. Boguslavskiy added that since at least 2020, claims of REvil’s scam have been made by various actors on underground forums.
Bug in Microsoft Exchange Autodiscover leaks credentials of companies across the globe
Security researchers from Guardicore discovered a flaw in the Microsoft Exchange Autodiscover feature that can be exploited to harvest Windows domain and app credentials from users worldwide. The Autodiscover protocol enables the Exchange application to configure itself with minimal user input. Autodiscover performs a sequential URL search, during which it transmits an authorization header already populated with user credentials. By registering a number of Autodiscover domains, Guardicore researchers were able to capture over 372,000 Windows domain credentials and roughly 96,000 unique credentials from applications such as Microsoft Outlook from organizations worldwide. Guardicore shared its findings with Microsoft who is investigating and has indicated it will take appropriate steps to protect its customers.
Thanks to our episode sponsor, Kanu Solutions
Apple patches new zero-day bug used to hack iPhones and Macs
Apple has released security updates to fix a zero-day vulnerability exploited in the wild by attackers to hack into iPhones and Macs running older iOS and macOS versions.The zero-day patched on Thursday, tracked as CVE-2021-30869, was found in the XNU operating system kernel, the successful exploitation of which leads to arbitrary code execution with kernel privileges on compromised devices. The list of vulnerable Apple devices includes iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation) running iOS 12.5.5 as well as Macs with Security Update 2021-006 Catalina.
Hacking group targets hotels and high profile targets
Slovakian internet security firm ESET has identified a hacking group, dubbed “FamousSparrow,” targeting hotels worldwide, as well as some higher-profile companies, since at least 2019. The group leverages Internet-exposed web applications to breach target networks, using remote code execution vulnerabilities in Microsoft SharePoint, the Oracle Opera hotel management software, and the Microsoft Exchange security flaws known as ProxyLogon. The group then deploys custom tools such as a Mimikatz variant and a signature backdoor known as “SparrowDoor.” ESET noted that FamousSparrow likely leveraged its access into compromised hotel systems for espionage purposes, including to track high-profile targets. ESET added, “This is another reminder that it is critical to patch internet-facing applications quickly, or, if quick patching is not possible, to not expose them to the internet at all.”
New Windows bug could let hackers easily install a rootkit
Security researchers from Eclypsium have disclosed an unpatched weakness in Microsoft Windows Platform Binary Table (WPBT) affecting all Windows-based devices since Windows 8 that could be potentially exploited to install a rootkit and compromise the integrity of devices. Researchers noted that the tables can be attacked with direct physical access, remote access, through supply chain attacks, or by taking advantage of services that have access to WPBT. In response to the findings, Microsoft has recommended using a Windows Defender Application Control (WDAC) policy to tightly control what binaries can be permitted to run on the devices.
Indian orgs attribute cyberattacks to vulns in pandemic tech deployments
The cyber firm, Tenable, published a global study that revealed 71% of organizations in India attribute recent business-impacting cyberattacks on the remote workforce due to vulnerabilities in technology deployed during the pandemic. In the past year, 88% of Indian organizations experienced a business-impacting cyberattack, with 56% of respondents indicating that the attacks targeted remote workers. The study showed that over half of security and business leaders are concerned with the security of employee home networks and personal devices, lack of visibility into employee security practices and having inadequate staff to monitor the attack surface. In response, Indian security leaders plan to increase cybersecurity investments in vulnerability management, cloud infrastructure and platforms and identity access management. Nathan Wenzler, Tenable Chief Security Strategist, said, “The responses we got from the Indian audience are very much in line with what we saw overall. So, I don’t think we see India as being an outlier.”
(CISO MAG)