The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends and indicators, curated by our intelligence specialists.
- Ransomware Round-up: Education and technology sectors come under attack.
- Purple Fox Malware Gets Crafty: Worm-like capabilities are now among the malware’s arsenal.
- Chrome Extensions Gone Rogue: 24 more Chrome browser extensions are found to contain malware.
- Data Breaches: Shell and Hobby Lobby disclose separate incidents.
- A BIG Problem: A serious flaw in unpatched F5 BIG IP and BIG IQ appliances is being actively exploited.
- Not-so-Quantum Leap for Quantum Computing: D-Wave Systems has announced the deployment of their quantum computing technology.
- Computer manufacturer Acer has suffered an REvil ransomware attack. Threat actors are demanding USD 50 million, the largest known ransom ever demanded.
- The Clop group have targeted the universities of Colorado and Miami in separate ransomware attacks. The threat group, having gained access exploiting the Accellion FTA vulnerability, has already leaked students’ grades and SSNs on their leak site.
- Sierra Wireless, a major IoT manufacturer, and Stratus Technologies, who make high-availability servers, have also suffered ransomware attacks. Sierra was forced to halt production and Stratus have had to shut down portions of their network to isolate the attack.
So what? A good threat intelligence operation can help organisations understand the threats they face and prevent or mitigate the inevitable attacks.
Purple Fox Malware Develops Worm Capabilities
- An updated Purple Fox malware, usually spread by phishing emails, can now self-propagate. The new worm module uses port scanning and server message block (SMB) brute forcing to infect internet facing Windows systems with weak passwords.
- Since May 2020, Purple Fox attacks have risen by 600%, amounting to over 90,000 attacks. For an extensive list of IOCs, see this Github page.
So what? Organisations should enforce strict password policies, especially for internet exposed services, including lockout polices and multi factor authentication.
Beware of the Chrome Browser Extensions
- Researchers discover 24 malicious Google Chrome extensions and 40 associated malicious domains. The extensions can harvest credentials and sensitive data, spy on users, and redirect them to sites controlled by adversaries.
So what? Only allow extensions created by well-known developers to be downloaded from the official Google Chrome Web Store to reduce your exposure to this risk.
Data Breaches at Shell and Hobby Lobby
- Shell has suffered a data breach in which threat actors accessed various unspecified personal data and information. The attacker’s identity is unclear, but they exploited the well-publicised vulnerability in Accellion’s FTA software.
- Hobby Lobby, the arts and crafts giant, has suffered a data breach exposing 138GB of data. What appears to be a misconfigured AWS bucket has exposed data (including payment info) belonging to more than 300,000 users.
So what? Avoiding legacy software, mandating secure data storage configuration, and network segmentation can reduce the risk of data breaches.
CVE-2021-22986: A BIG Problem
- Both F5’s BIG IP and BIG IQ appliances are vulnerable to a critical flaw, which is being actively exploited. This vulnerability, CVE-2021-22986, is a remote code execution flaw that leads to a full system compromise.
- Organisations who use either the BIG IP or BIG IQ products are being urged to apply F5’s latest security patch immediately. The mass scanning activity that was detected last week, as cybercriminals started looking for unpatched appliances, is expected to continue.
So what? Ensure that high-severity vulnerabilities are identified and patched as soon as possible, as part of robust patch management procedures.
Not-so-Quantum Leap for Quantum Computing
- D-Wave Systems has announced that quantum computing is ready for mainstream application. The technology can be rolled out to help tackle optimisation problems, reducing the time of certain logistical problems by more than 98%.
- It still remains unlikely that quantum computing will break cryptography any time soon. Engineers are working on solutions to mitigate the risks of this by using quantum computers to enhance existing encryption.
So what? In addition to using encryption, organisations should be improving their access controls to protect sensitive data.