December Breach Trends: Nation-State Attack, Ransomware Attack & More

December Breach Report

This report summarises the top breaches between mid – November till 15th December 2020. The report will help you to keep track of the latest hacks and add insights to safeguard your organization by looking at the trends. 

Most common data breach trends identified – 

  1. Nation-state Attacks
  2. Ransomware Attacks
  3. Spear Phishing Attacks

 

List Of Breaches:

 

FireEye – U.S. Cybersecurity Firm FireEye Discloses Breach, Theft Of Internal Hacking Tools

FireEye, one of the largest cybersecurity companies in the United States, has been hacked, leading to the theft of internal hacking tools typically reserved to privately test the cyber defenses of their own clients. It’s an eye-opener that anyone can be breached.

The FireEye breach was disclosed in a blog post authored by CEO Kevin Mandia. The post said “red team tools” were stolen as part of a highly sophisticated, likely “nation-state” hacking operation. It is not clear exactly when the hack initially took place. There is no evidence yet that FireEye’s hacking tools have been used for clients’ data exfiltration but the investigation is still in its early phase.

Impact: It is difficult to measure the impact of a hacking tool leak that focuses on known software vulnerabilities. Organizations should not only focus on prevention but also detection and response because it increases their overall resilience.

Source – Economic Times 

 

Gartner says “Nation-state actors and criminal organizations operate with a level of sophistication that surpasses the preventative and detection capabilities of most security and risk management teams.”

 

>>[Free RECON Report] – Reconnaissance Techniques as Nation State Actors

 

 

 7 Million Indian Debit and Credit Card users PII leaked On Dark Web

A cybersecurity researcher, Rajshekhar Rajaharia, has revealed that personal data of 7 million Indian credit card and debit cardholders have been leaked on the dark web. 2 GB of screenshots of the leaked data were found, which consists of data from 2010 to 2019, according to a report by Inc42. The screenshot is reportedly public on Google Drive and it gives out details like cardholders’ names, phone numbers, email addresses, names of employer firms, annual incomes, types of accounts and if the users have switched on their mobile alerts or not. The report also reveals that PAN numbers of 5 lakh cardholders are also available online.

According to the researcher, most of the users belonged to companies like Axis Bank, Bharat Heavy Electricals Limited, Kellogg India Private Limited, and Mckinsey, among several others. The annual income of these users ranges from Rs 7 lakh to Rs 35 lakh.

The leaked data can possibly be used for spam messages and phishing attacks by cybercriminals. As per the report, almost 66 percent of Indian companies reported data breaches since 24 March right when the people shifted to work-from-home. The most used phishing campaign these days is “Free Covid Tests”.

Impact: 7 Million Indian credit card and debit card users PII like Names, email addresses, Phone numbers, employer details, and annual income. Also, PAN numbers of 5 Lakh cardholders.

Source – Firstpost

 

 

>>[Free Report] – Get the Hacker’s View Of Your Attack Surface 

 

 

Apple Manufacturer Foxconn Confirms Ransomware Attack

Foxconn Technology Group confirmed Tuesday that a November cyberattack knocked some of its U.S. operations offline. The incident is reportedly a ransomware attack carried out by a cybergang attempting to extort $34 million from the global manufacturing powerhouse.

Attackers encrypted 1,200 servers, downloaded 100GB of data, and deleted between 20-to-30TB backups. Confidential business documents belonging to Foxconn appear to have been released publicly by the attackers in an attempt to verify that the data systems have been breached.

Impact: Foxconn North American operations were impacted by Ransomware Attack.

Source – Threatpost

 

Microsoft O365 Fails to Block Spoofed Emails Sent From Microsoft.com

The 200 million Microsoft Office 365 (O365) users worldwide are now being targeted by a new global spear-phishing attack spoofing Microsoft.com. IRONSCALES researchers first identified a well-coordinated email spoofing campaign targeting O365 users particularly within the financial services, healthcare, insurance, manufacturing, utilities, and telecom industries, among others.

This spear-phishing campaign is putting companies at high risk since even the savviest employees – those who know how to check sender addresses – are likely to perceive the message as legitimate.

An email is sent from a fraudulent domain that is an exact match to the spoofed brand’s domain. In this spoof, the attackers devised a realistic-looking email from sender “Microsoft Outlook,” attempting to compel users to take advantage of a relatively new 0365 capability which allows for “reclaiming emails that have been accidentally marked as phishing or spam messages.” The fraudulent message is intended to convince users to click on malicious links without hesitation.

Impact: O365 login credentials will be leaked and sold out in Dark Web

Source – Ironscales

 

Ransomware Forces Hosting Provider Netgain To Take Down Data Centers

Netgain,  Cloud hosting and IT services provider, stated that they were victims of a ransomware attack and customers began receiving emails from Netgain stating that they may experience “system outages or slowdowns” due to a cyberattack on the hosting provider.

The next day, Netgain stated that they were forced to shut down their data centers to isolate and contain the ransomware attack.

“As you are aware, in response to the cybersecurity incident, we took protective measures to isolate and contain the threat, including taking a number of our data centers offline. Please know that we understand the impact this outage has on your business, and our team is working around the clock, 24-7 to contain this threat and restore services,” the December 5th email stated.

Impact: Netgain was forced to take some of its data centers offline after suffering a ransomware attack in late November.

Source – Bleeping Computer

 

GE Puts Default Password In Radiology Devices, Leaving Healthcare Networks Exposed

Dozens of radiology products from GE Healthcare contain a critical vulnerability that threatens the networks of hospitals and other health providers that use the devices. 

The devices—used for CT scans, MRIs, X-Rays, mammograms, ultrasounds, and positron emission tomography—use a default password to receive regular maintenance. The passwords are available to anyone who knows where on the Internet to look. A lack of proper access restrictions allows the devices to connect to malicious servers rather than only those designated by GE Healthcare.

Attackers can exploit these shortcomings by abusing the maintenance protocols to access the devices. From there, the attackers can execute malicious code or view or modify patient data stored on the device or the hospital or healthcare provider servers.

Source – Arstechnica

 

Insights

 

Ransomware attacks have increased 40% to 199.7 million cases globally in Q3 of 2020. 27% of Malware incidents happening were Ransomware Attacks. Major Reasons for Increasing Ransomware Attacks: 

  • Increase in Remote working, 
  • Employees inability to detect phishing attacks, 
  • Security Teams unaware of open risky ports
  • Ransomware risk assessment is necessary if your organization cannot be able to answer the questions like Recovery Readiness, Safety of your sensitive data (encrypted after paying the ransom), business impact, Defense Technology capabilities against real-world attacks, and employees’ ability to detect and report Phishing Attacks.

Gartner’s report shows that over 90% of ransomware attacks are preventable. Security and risk management leaders can mitigate risk.