Ransomware: What board members should know and what they should be asking their technical experts
www.ncsc.gov.uk/blog-post/what-board-members-should-know-about-ransomware Ransomware is the subject of this spotlight topic for board members, building on the guidance given in the Cyber Security Toolkit for Boards. This blog, part of the Cyber Security Toolkit for Boards, explains the basics of ransomware, and suggests relevant questions that board members might want to ask their technical experts to help drive greater cyber resilience against these types of attack.
Ransomware attack disrupts Massachusetts ferries
therecord.media/ransomware-attack-disrupts-massachusetts-ferries/ A ransomware attack has caused delays and disruptions at Steamship Authority, the largest ferry service in Massachusetts, and has disrupted ferry transports between mainland US and the Martha’s Vineyard and Nantucket islands. The attack took place earlier today, according to a series of tweets posted on the company’s official Twitter account.
FUJIFILM shuts down network after suspected ransomware attack
www.bleepingcomputer.com/news/security/fujifilm-shuts-down-network-after-suspected-ransomware-attack/ FujiFilm is investigating a ransomware attack and has shut down portions of its network to prevent the attack’s spread. “Based on our unique threat prevention platform Andariel, FUJIFILM Corporate appeared to be infected with Qbot malware based on May 15, 2021, ” Advanced Intel CEO Vitali Kremez told BleepingComputer. “Since the underground ransomware turmoil, the Qbot malware group currently works with the REvil ransomware group.”
Babuk ransomware gang says it’s no longer interested in encrypting data, would rather kidnap it instead
hotforsecurity.bitdefender.com/blog/babuk-ransomware-gang-says-its-no-longer-interested-in-encrypting-data-would-rather-kidnap-it-instead-25910.html In the early days of ransomware things were fairly simple: malware would infect your company’s infrastructure, encrypting your valuable data with a secret key that was only known to your attackers. But in recent years there have been more and more ransomware attacks which have been combined with the exfiltration of data, prior to its encryption. If criminal hackers have a copy of your data you don’t have the “get-out-of-jail-free” card of a secure backup to play. Because your extortionists can also threaten to publish your data online regardless of whether you have successfully recovered your systems, potentially damaging your brand and relationships with customers and business partners.
Breaking down NOBELIUM’s latest early-stage toolset
www.microsoft.com/security/blog/2021/05/28/breaking-down-nobeliums-latest-early-stage-toolset/ NOBELIUM is an actor that operates with rapid operational tempo, often leveraging temporary infrastructure, payloads, and methods to obfuscate their activities. Despite growing community visibility since the exposure of the SolarWinds attack in late 2020, NOBELIUM has continued to target government and diplomatic entities across the globe. We anticipate that as these operations progress, NOBELIUM will continue to mature their tools and tactics to target a global audience. Each of the NOBELIUM tools discussed in this blog is designed for flexibility, enabling the actor to adapt to operational challenges over time.
Uyghurs, a Turkic ethnic minority in China, targeted via fake foundations
research.checkpoint.com/2021/uyghurs-a-Turkic-ethnic-minority-in-china-targeted-via-fake-foundations/ During the past year, Check Point Research (CPR), in cooperation with Kaspersky’s GReAT, have been tracking an ongoing attack targeting a small group of Uyghur individuals located in Xinjiang and Pakistan. In this report, Check Point Research (CPR) examine the flow of both infection vectors and provide our analysis of the malicious artifacts we came across during this investigation, even though we were unable to obtain the later stages of the infection chain.
Routers prove weak point in remote-work strategy
www.kaspersky.com/blog/rsa2021-hijacked-router/40117/ Home and SOHO routers are often insecure, but companies can protect themselves from attacks through remote workers’ home routers.
Zerodium acquiring zero-days in Pidgin, an IM client popular with cybercriminals
therecord.media/zerodium-acquiring-zero-days-in-pidgin-an-im-client-popular-with-cybercriminals/ Exploit broker Zerodium announced plans today to pay up to $100, 000 for zero-days in Pidgin, a multi-protocol instant messaging desktop client and a popular IM tool used in cybercriminal circles. The company, which buys exploits from security researchers and sells them to government and law enforcement agencies, said it would buy Pidgin zero-days at the higher $100, 000 price for the next three months, until August 2021, in what the company described as a temporary bug acquisition drive.