This week’s cyber news headlines will have you thinking about whether you are doing enough to ensure cybersecurity for yourself and your organization. From the revival of a ransomware strain to attacks caused by ignorance, here are the top cyberattack news updates from across the globe.
Babuk Ransomware Announces Revival
The Babuk ransomware gang, which had announced its retirement, is again in action. Following a leak of its builder (a month ago) that enabled cyberattacks to create custom ransomware variants, Babuk is back in the encryption-based extortion game with a new malware version.
The new Babuk variant comes disguised as PayLoad Bin. Although there has been minimal activity in its news leak site, organizations must continue using ransomware protection. Ransomware operators may announce their exit, but one can never take them for their word, as they are more likely to come back with a more vigorous and deadlier malware version, just like Babuk!
China-Based Hackers Impersonate State Bank Of India (SBI)
Two new SBI scams have emerged, and Chinese origin hackers are believed to be responsible for these phishing attacks impersonating the State Bank of India. In the first scam, users received a text message from SBI asking them to update their KYC using the embedded link. The link leads to a spoofed landing page of SBI Online. The users are requested to log in by entering their username, password, and a captcha. An OTP is then sent to the user’s mobile number, and entering this OTP leads them to a second page that requests personal details such as the account holder’s name, DOB, and mobile number.
The second scam involves the circulation of a WhatsApp message where SBI offers users a gift of Rs. 50 lakh (About $67,000). Getting lured by this bait and clicking on the attached link leads users to a fake SBI landing page where they need to participate in a quick survey to be eligible for the gift. This page also shows a Facebook comment section crowded with fake messages from users commenting that they have received the reward. A team of researchers from CyberPeace Foundation and Autobot Infosec Pvt. Ltd. have been investigating the incident. The researchers advise people to use email security tools and avoid opening such messages circulating on social media.
Consumers Worry More About Security Than Online Brands, Says Study
The business of online brands has bloomed because of the pandemic and our growing reliance on digital services. However, these brands seem to be more concerned about providing seamless service and robust cybersecurity measures. A recent Trulioo study reveals that consumers globally are more concerned about safety from identity theft than flexibility, choice, or seamless digital experience. Following are the prime highlights of the study:
- 71% of China, the UK, and US-based respondents feel that security takes a backseat among online brands that are now prioritizing speed.
- 76% of the respondents worried about being at a greater risk of an attack now than a year ago.
- 75% of the respondents fear becoming the victim of a fraud.
- For 71% of the respondents, security is an essential aspect while opening a new account.
Email protection and cybersecurity awareness have increased among users because of which they now perceive security as more important than a quick and flexible digital experience. As such, online brands must focus on gaining consumers’ trust instead of only pleasing their senses.
An Abundance Of Threats For The US Department Of Defense Network
While users are gaining awareness of cybersecurity, the existence of ignorants persists. A recent report by a security watchdog revealed that the US military’s office of 3D printing left designs defense technology has been treating computer systems like any other machinery such as welding and milling machines that do not require cybersecurity fixes. Consequently, most of the systems at the Department of Defense have not been updated for over five years.
These security gaps could lead to multiple attacks on the DoD where adversaries steal military designs, insert flaws into design data, protective weapons systems brackets, body armour, prosthetic body parts, tactical vehicle gear, or infect computers with malware. However, the DoD office has now agreed to update computer systems to the latest version. The report further suggests the DoD chief information officer mandate the immediate implementation of security controls for its systems.
DIVD Had Forewarned Kaseya Of Its Security Flaws
The world was taken by storm on 2nd July 2021 when the Florida technology firm Kaseya underwent a massive ransomware attack affecting hundreds of global companies, businesses, schools, credit unions, and public sector groups. The vicious Russia-linked ransomware gang REvil was responsible for this attack. However, a Miami-based technology firm – the Dutch Institute for Vulnerability Disclosure (DIVD) had warned of a possible attack back in April when it had spotted vulnerabilities in Kaseya’s system.
DIVD had privately informed Kaseya of the security loopholes and waited for the patch delivery in an abundance of caution. But the attack occurred before Kaseya could implement ransomware protection measures, and it had to shut down its cloud and servers. The DIVD is yet to disclose all details of the vulnerability: it shall do so when Kaseya releases a patch and enough systems install it.
As per reports, the threat actors have demanded a ransom of $70 million in exchange for the decryption key, but Kaseya has privately negotiated and reduced the amount.
US To Take Action Against Russian Hackers If Russia Doesn’t
The REvil attack on Kaseya was one of the many recent attacks on US organizations by Russian cybercriminal groups. The issue was taken up in a meeting between the high-level US and Russian officials, where the US declared that it reserves the right to take action against these hacker groups if the Russian government doesn’t do so.
Jen Psaki, Secretary, the White House Press, informed that the US and Russian officials would meet again next week to discuss the recent attacks on US organizations.
In its part, Kaseya says that the REvil attack had a limited impact on less than 60 managed service providers (MSPs). It further added that up to 1,500 downstream businesses were compromised in the attack and had no effect on critical infrastructure. Only 50 of the 35,000 Kaseya customers were affected in the incident, and therefore, the IT firm says that this highly sophisticated attack has been overstated.
On the other hand, REvil claimed to have over 1,000,000 systems in its possession and had demanded a ransom of $70 million. This was later brought down to $50 million for a universal decryptor.