February 26, 2021 — A hacking group called ‘Hotarus Corp’ has hacked Ecuador’s Ministry of Finance and the country’s largest bank, Banco Pichincha, where they claim to have stolen internal data.
The ransomware gang first targeted Ecuador’s Ministry of Finance, the Ministerio de Economía y Finanzas de Ecuador, where they deployed a PHP-based ransomware strain to encrypt a site hosting an online course. Source: BleepingComputer
February 20, 2021 — A previously undetected piece of malware found on almost 30,000 Macs worldwide is generating intrigue in security circles, and security researchers are still trying to understand precisely what it does and what purpose its self-destruct capability serves.
Once an hour, infected Macs check a control server to see if there are any new commands the malware should run or binaries to execute. Source: arstechnica
Apple users advised to install latest iPhone and iPad iOS update
March 30, 2021 – Apple users are being urged to install the latest iOS software which fixes a security issue in both iPhones and iPad.
The tech giant released both iOS 14.4.2 and iPadOS 14.4.2 on Friday which, according to its security support website, relates to Webkit – the web browser engine used by Safari, Mail, App Store and dozens of other iOS apps. Source: 7news
January 15, 2021 — 2020 was a tough year for cybersecurity. Security teams had to secure remote work environments in a matter of days as the COVID-19 pandemic triggered widespread, extended lockdowns. Then, they had to maintain secure operations throughout the year without physical access to the resources they typically use. Meanwhile, ransomware attacks expanded in scale and intensity, sometimes making the majority of an organization’s computers unusable all at once, while also stealing sensitive data. Source: TechTarget
January 4, 2021 — Cybersecurity is an arms race, with defensive tools and training pushing threat actors to adopt even more sophisticated and evasive intrusion techniques as they attempt to gain a foothold in victim networks. Most modern endpoint protection (EPP) services are capable of easily identifying traditional malware payloads as they are downloaded and saved on the endpoint, which means attackers have now turned to fileless malware techniques that never touch the victim’s storage. Source: HelpNetSecurity
December 10, 2020 — A persistent malware campaign has been actively distributing an evolved browser modifier malware at scale since at least May 2020. At its peak in August, the threat was observed on over 30,000 devices every day. The malware is designed to inject ads into search engine results pages. The threat affects multiple browsers—
December 5, 2020 — In attempts to put pressure on victims, some ransomware gangs are now cold-calling victims on their phones if they suspect that a hacked company might try to restore from backups and avoid paying ransom demands.
“We’ve seen this trend since at least August-September,” Evgueni Erchov, Director of IR & Cyber Threat Intelligence at Arete Incident Response, told ZDNet on Friday.
December 3, 2020 — US department store Kmart has suffered a ransomware attack that impacts back-end services at the company, BleepingComputer has learned.
Sears Holding Corp originally owned both Kmart and Sears, but after the company filed for bankruptcy in 2018, it was purchased by Transform Holdco LLC (Transformco) in 2019. Source: BleepingComputer
November 24, 2020 — One of South Korea’s largest retailers had to shut down nearly half of its retail stores on Sunday after a ransomware attack.
E-Land said its corporate network system was attacked early in the morning, forcing it to close 23 of its 50 NC department stores and NewCore outlets.
According to Yonhap, E-Land quarantined part of its corporate network system to contain the damage and police are now investigating the attack’s origins. Source: Inside Retail
November 19, 2020 — So, you’re a ransomware gang and you want to ensure that you have caught the attention of your latest corporate victim.
You could simply drop your ransom note onto the desktop of infected computers, informing the firm that their files have been encrypted.
You could lock infected PCs and display a ghoulish skull on a bright red background (most ransomware seems to insist upon using a shade of red. Maybe the developers have conducted market research as to what Pantone colour is most likely to ensure a swift coughing up of a ransom.)
Too clichéd? Read more…. Source: Tripwire
November 10, 2020 — Attackers are using ads for fake Microsoft Teams updates to deploy backdoors, which use Cobalt Strike to infect companies’ networks with malware.
Microsoft is warning its customers about the so-called “FakeUpdates” campaigns in a non-public security advisory, according to a report in Bleeping Computer. The campaign is targeting various types of companies, with recent targets in the K-12 education sector, where organizations are currently dependent on using apps like Teams for videoconferencing due to COVID-19 restrictions. Source: ThreatPost
November 5, 2020 — Italian liquor company Campari Group was hit by a Ragnar Locker ransomware attack, where 2 TB of unencrypted files was allegedly stolen. To recover their files, Ragnar Locker is demanding $15 million.
Campari Group is an Italian beverage company known for its popular liquor brands, including Campari, Frangelico, SKYY vodka, Epsolon, Wild Turkey, and Grand Marnier. Source: Bleeping Computer
October 13, 2020 — Seyfarth Shaw, a global legal firm with Australian offices, said it is the victim of an “aggressive malware” attack that it believes to be ransomware.
October 12, 2020 — Microsoft has warned about a new strain of mobile ransomware that takes advantage of incoming call notifications and Android’s Home button to lock the device behind a ransom note.
The findings concern a variant of a known Android ransomware family dubbed “MalLocker.B” which has now resurfaced with new techniques, including a novel means to deliver the ransom demand on infected devices as well as an obfuscation mechanism to evade security solutions. Source: The Hacker News
October 9, 2020 — Software AG, one of the largest software companies in the world, has suffered a ransomware attack over the last weekend, and the company has not yet fully recovered from the incident.
A ransomware gang going by the name of “Clop” has breached the company’s internal network on Saturday, October 3, encrypted files, and asked for more than $20 million to provide the decryption key. Source: ZDNet
October 8, 2020 — Attackers are persistent and motivated to continuously evolve –
October 6, 2020 — Malware researchers monitoring ransomware threats noticed a sharp increase in these attacks over the past months compared to the first six months of 2020.
At the top of the list are Maze, Ryuk, and REvil (Sodinokibi) ransomware families, according to recently published data from Check Point and IBM Security X-Force Incident Response team. Source: Bleeping Computer
September 28, 2020 — CMA CGM has confirmed it has become the latest liner to suffer a cyber attack today. The company stated today that it is currently dealing with a cyber attack impacting peripheral servers. A number of the group’s websites have been down for large parts of Monday.
“As soon as the security breach was detected, external access to applications was interrupted to prevent the malware from spreading,” CMA CGM stated today. Splash 247
September 28, 2020 — UNIVERSAL HEALTH SERVICES, a hospital and health care network with more than 400 facilities across the United States, Puerto Rico, and United Kingdom, suffered a ransomware attack early Sunday morning that has taken down its digital networks at locations around the US. As the situation has spiraled, some patients have reportedly been rerouted to other emergency rooms and facilities and had appointments and test results delayed as a result of the attack. Source: WIRED
September 23, 2020 — Security firm Group-IB says it identified a new cybercrime group that, for the past six months, has repeatedly and intentionally targeted Russian businesses with malware and.
Pakistan: September 8, 2020 — K-Electric, the sole electricity provider for Karachi, Pakistan, has suffered a Netwalker ransomware attack that led to the disruption of billing and online services.
K-Electric is Pakistan’s largest power supplier, serving 2.5 million customers and employing over 10 thousand people. Source: BleepingComputer
Argentina: September 6, 2020 — Argentina’s official immigration agency, Dirección Nacional de Migraciones, suffered a Netwalker ransomware attack that temporarily halted border crossing into and out of the country.
While ransomware attacks against cities and local agencies have become all too common, this may be a first known attack against a federal agency that has interrupted a country’s operations. Source BleepingComputer
OLATHE, August 5, 2020 — Garmin’s database suffered a ransomware attack — a common form of cyberattack — on July 23, leading to many of the fitness tech company’s services going offline.
The only way to recuperate the data was to obtain the decryption key, held by the hackers and the subject of costly negotiations. And according to documents obtained by Bleeping Computer, the company acquiesced to the payment. Source: Malay Mail
Brazil: July 14, 2020 – is a well-known country with plenty of banking trojans developed by local crooks. The Brazilian criminal underground is home to some of the world’s busiest and most creative perpetrators of cybercrime. Like their counterparts’ in China and Russia, their cyberattacks have a strong local flavor, and for a long time, they limited their attacks to the customers of local banks. Source: Kaspersky
July 14, 2020 – Business giant SAP released a patch today for a major vulnerability that impacts the vast majority of its customers. The bug, codenamed RECON, exposes companies to easy hacks, according to cloud security firm Onapsis, who discovered the vulnerability earlier this year, in May, and reported it to SAP to have it patched. Source: ZDNet
July 7, 2020 – Researchers uncovered new ransomware, known as ‘Try2Cry’, which is striking Windows users through the help of USB flash drive.
‘Try2Cry’ is a .NET ransomware and also an alternative of the open-source Stupid ransomware family. Researchers after investigating a sample that is confused with the DNGuard code protection tool. Source: Cyber Security News