Cyber Security Headlines – Week in Review is live every Thursday at 4pm PT/7pm ET. Join us each week by registering for the open discussion.
Ransomware backup provider Exagrid pays $2.6m to ransomware attackers
The ransom was paid in bitcoin on May 13. Accession to the ransomware attacker’s demands was made more embarrassing when the backup appliance supplier – which makes a big play of its strengths against ransomware – accidentally deleted the decryption tool and had to ask for it again. The ransomware group, Conti, who had lurked inside the Exagrid network for over a month, revealed they had over 800 gigabytes of personal data of clients and employees, commercial contracts, NDA forms, financial data, tax returns and source code. The initial ransom demanded was $7,480,000 but was negotiated down to $2.6 million.
US recovers millions in cryptocurrency paid to Colonial Pipeline ransomware hackers
This follows the attack which prompted the shutdown of the key East Coast pipeline last month. The Justice Department is expected on Monday to announce details of the operation led by the FBI with the cooperation of the Colonial Pipeline operator, people briefed on the matter said. Though paying the ransom to restore operations, behind the scenes, the company had taken steps to notify the FBI and followed instructions that helped investigators track the payment to a cryptocurrency wallet used by the hackers, believed to be based in Russia. CNN earlier reported that federal agencies are adept at tracing currency used to pay ransomware groups, but its ability to effectively do so “situationally dependent” and relies a great deal on how the ransomware organizations manage their operational network.
StackOverflow, Twitch, Reddit, others down in Fastly CDN outage
A Who’s Who of major websites around the world also including Amazon, CNN, Shopify, Hulu, Quora, the BBC and many others went down or slowed yesterday. Browsers received a “503 Service Unavailable” notice or CSS-free web pages as content failed to arrive. The outage was traced to San Francisco-based Fastly, a popular content delivery network. Fastly calls the occurrence, which lasted just an hour, a “global CDN disruption.”
Thanks to our episode sponsor, Trend Micro
47% phishing increase in first quarter of 2021
PhishLabs identified 47% more phishing sites in Q1 of 2021 than there were in Q1 of 2020. This trend is continuing as Q2 attacks are also up significantly year-over-year. Social media, especially messaging apps, topped the list for the first time, suggesting that threat actors are increasingly drawn to the massive reach and often careless user attitudes toward the security of their social media accounts. Accounts used for single sign-on (SSO) were also heavily targeted in Q1, accounting for 40% of overall phishing volume.
Survey finds many workers don’t know emergency procedures
Rave Mobile Safety issued the results of its 2021 Workplace Safety and Preparedness Survey, which indicates that employers remain challenged with how to best protect and communicate with employees both on-site and remotely in a year of unprecedented change. Key findings revealed only 28% of traveling and remote workers are involved with safety drills. A third of respondents said they were unsure of emergency plans related to active shooter, cyberattacks/system outages and workplace violence. Finally, survey results showed that email and in-person alerting were the most common communication methods utilized by employers, even though respondents in the 30-44 and 45-60 age groups say their preferred method of communication is mass text message.
US brokerage firms warned of ongoing phishing scam leveraging penalty threats
U.S. securities industry regulator, FINRA, has warned brokerage firms of an ongoing phishing campaign threatening recipients with late submission penalties unless they provide the information requested by the attackers. The tactic is designed to induce a sense of urgency, in hopes that victims will respond before validating the legitimacy of the emails. The market regulator, which supervises over 620,000 brokers across the U.S, stated on Monday, “FINRA warns member firms of an ongoing phishing campaign that involves fraudulent emails purporting to be from FINRA and using the domain name @gateway-finra.org.”
Google fixes sixth Chrome zero-day exploited in the wild this year