It’s been a big week for cyberattacks, with malicious actors reportedly compromising the personal email of a new Dragos employee. Despite gaining access to new sales employee resources, the criminal group failed at an extortion scheme against the industrial security company. Cybercriminals may have been unsuccessful at breaching Dragos, but the ransomware group, Play, that purports to have hacked the city of Lowell, Massachusetts allegedly released 5G of stolen data including, “Private and personal confidential data, finance, taxes, clients and employee information.”
Attacks continued across the country. While West Virginia’s Bluefield University is working with cybersecurity experts to recover from a cyberattack, seven members of the Montana Army National Guard were deployed to Montana State University to help “identify possible vectors and the extend of the attack,” that occurred in late April. Another threat actor dubbed “Bl00dy Ransomware Gang” has reportedly been targeting the education facilities sector by exploiting a known vulnerability in PaperCut servers.
Threat actors are successfully encrypting data in three out of four cyberattacks, according to the recently published State of Ransomware 2023 report from Sophos. However, Chester Wisniewski, Chief Technology Officer at Sophos told MSSP Alert, “Incident costs rise significantly when ransoms are paid. Most victims will not be able to recover all their files by simply buying the encryption keys; they must rebuild and recover from backups as well. Paying ransoms not only enriches criminals, but it also slows incident response and adds cost to an already devastatingly expensive situation.”
To learn more about ransomware and incident response explore the content available in our Library. Below is a rundown of other industry headlines you might have missed this week.
May 12: Rockwell Automation released half a dozen security advisories, alerting customers to what could be “serious vulnerabilities found and patched in several products.”
May 11: A new survey revealed that Baby Boomers are the generation most likely to create unique passwords and the least likely to reuse passwords, according to the World Economic Forum.
May 11: The Wall Street Journal reported, “Army Gen. Paul Nakasone, the director of the National Security Agency, has told colleagues in the Biden administration he expects to step down from the helm of the nation’s electronic spy agency and military’s Cyber Command in the coming months.”
May 10: The now 23-year-old Joseph James O’Connor, best known as the “Twitter Hacker” pled guilty to charges of “computer intrusion, extortion, stalking, wire fraud and money laundering,” Infosecurity Magazine reported.
May 10: Google will be providing all Gmail users in the United States with the ability to use the dark web report security feature so that users can discover whether their email address can be found on the dark web according to Bleeping Computer.
May 9: Krebs on Security reported, “The U.S. Federal Bureau of Investigation (FBI) this week seized 13 domain names connected to “booter” services that let paying customers launch crippling distributed denial-of-service (DDoS) attacks.”
May 9: Joint federal agencies issued a cybersecurity advisory after having identified “Snake” malware, a cyber espionage tool used by Russia’s Federal Security Service, in more than 50 countries.
May 9: “A new SolarWinds report details how foreign hackers have become the largest concern among government entities, and how zero-trust strategies have become the most popular defense,” NextGov reported.
May 8: Malicious actors have been exploiting known vulnerabilities in VPN appliances to compromise networks and deploy CACTUS, a new ransomware tool that enables lateral movement.