Weekly
May 23 - 27, 2022
Austrian federal state Carinthia has been hit by the BlackCat ransomware gang, who demanded a $5 million to unlock the encrypted computer systems. The attack has caused severe operational disruption of government services, as thousands of workstations have allegedly been locked by the threat actor. Read more
Cheerscrypt, or Cheers, targets VMware ESXi servers in a double extortion attack. The ransomware needs to acquire privileged shell access or otherwise gain the ability to run commands on the host to encrypt the ESXi host. After which, the malware runs an esxcli command to terminate all VMs and seeks to encrypt files with .log, .vmdk, .vmem, .vswp, and .vmsn extensions. Read more
Somerset County, New Jersey, was hit by a ransomware attack rendering county databases including land records, vital statistics, email, and probate records temporarily unavailable. Phone lines and emergency 911 communications remain unaffected. Clerk and surrogate services that depend on access to county databases were unavailable, while title searches were possible only on paper records dated before 1977. Read more
The Host header manipulation vulnerability, tracked as CVE-2022-22972, affects VMware Workspace ONE Access, Identity Manager and vRealize Automation. It allows malicious actors with network access to the UI to bypass authentication. Penetration testing company Horizon3.ai has published a technical deep dive for CVE-2022-22972 and made public a PoC exploit. VMware has updated its initial advisory to inform customers about the availability of a PoC, which further increases the chances of exploitation. Read more
Traditional log archiving systems are built to focus on affordable long-term retention which is why most storage administrators use unreliable and insecure storage hardware such as tape arrays. This approach is costly in terms of time and resources, and risks business IT systems by being vulnerable to ransomware attacks. Read more
EnemyBot, a botnet based on code from multiple malwares, is expanding its reach by quickly adding exploits for recently disclosed vulnerabilities in web servers, content management systems, IoT, and Android devices. The ransomware launches distributed denial-of-service (DDoS) attacks and also has modules to scan for new target VMware devices to infect them by leveraging the remote code execution flaw (CVSS: 9.8). The new additions also impact F5 BIG-IP threatening vulnerable endpoints with device takeover. Read more
1PB Fully Air Gapped and Immutable Veeam Backup and DR appliance with Object Lockdown Technology for Ransomware protection & Instant multi VM recovery for $49,995.
This powerful 1PB DR365V site in a box leverages Veeam-integration using the built-in Air-Gapped network, power management controller repository and storage controller using fully automated and Veeam integrated isolation technology.
Fully Populated 1U, 4 bay head unit plus 60-bay 4U JBOD all filled with total of 64x16TB (1,024 TB) Enterprise SAS drives, 10 core Storage Virtualization Engine, 64GB System Memory, 512GB NVMe SSD, Hot-Swappable Power Supply, 12Gb SAS Hardware RAID Controller. Fully Integrated SAN, NAS and optional S3 cloud object storage.
For hardware specifications and demos, contact us.
Weekly
May 16 - 20, 2022
Han Bing, a former database administrator for Lianjia, a Chinese real-estate brokerage giant, has been sentenced to 7 years in prison for logging into corporate systems and deleting the company's data using his administrative privileges and “root” access. This crippled large portions of Lianjia’s operations, leaving tens of thousands of employees without salaries for an extended period of time and forcing a data restoration effort that cost $30,000. Read more
DarkSide ransomware, which cybersecurity experts found to be a REvil variant and also known to have triggered the shutdown of the Colonial pipeline, has attacked the European subsidiaries of the Toshiba Tec Group. The ransomware group hacked Toshiba’s IT systems in France, stole confidential files and claims to have stolen over 740 gigabytes of data that includes information on management, new businesses and personal data. Read more
Microsoft has warned organizations of a new wave of brute force attacks that are targeting SQL servers using an uncommon living-off-the-land binary (LOLBin). The attackers use sqlps.exe, a PowerShell wrapper that supports the execution of SQL-built cmdlets allowing the attackers to run recon commands and to modify the start mode of the SQL service to LocalSystem enabling the malicious activity hidden from detection tools that hinders forensic analysis. Read more
Air-gapping allows users to protect critical backups, snapshots, and replicas from ransomware infection even if production and backup servers are compromised. Learn what air-gapped backups are, what are the advantages, and how you can add air-gapping to your IT systems. Read more
Experts have discovered a recent malware distribution campaign using PDF attachments to smuggle malicious Word documents that infect users with malware. Opening the PDF prompts the user to open a DOCX file contained inside, named "has been verified," creating a file prompt "The file 'has been verified,” tricking recipients into believing that Adobe verified the file as legitimate and that the file is safe to open. The file then runs the Snake Keylogger, a modular info-stealer with powerful persistence, defense evasion, credential access, data harvesting, and data exfiltration capabilities. Read more
The Taiwan-based company has asked users to update their NAS devices to the latest software version and ensure that they're not exposed to remote access over the Internet. The QNAP Product Security Incident Response Team (QNAP PSIRT) said the attack targeted NAS devices using QTS 4.3.6 and QTS 4.4.1, and the affected models were mainly TS-x51 series and TS-x53 series. Once deployed on a NAS device, DeadBolt uses AES128 to encrypt files, appending a .deadbolt extension to their names. Read more
NO matter 100TB or 10PB - Power ONLY 1000W. Benefits include 1) Low Power consumption, 2) Low cost, 3) Low maintenance, 4) Less Rack Space, 5) Low cooling need and built-in Zero Trust.
Green PetaByte Archive (GPA) is a Fully Air-Gapped and Immutable backup and DR appliance with SAN-NAS and S3 Object Lockdown Technology for Ransomware protection & Instant multi VM FastTrack recovery for Starting at $8,900.
For hardware specifications and demos, contact us.
Weekly
May 9 - 13, 2022
Researchers identified that a U.S. philanthropic organization had its network infiltrated by Charming Kitten using previously secured access which then prompted web shell deployment for dropping more files including a file named dllhost.exe. The malicious executable is a Go binary that appears to be in part based on the Fast Reverse Proxy (FRP) code available on GitHub. When executed, the dllhost.exe collects system information and sets up a communication tunnel with the command-and-control (C & C) server. The attack used BitLocker to encrypt workstations at the organization. Read more
The Five Eyes alliance of cybersecurity authorities from the US, UK, Australia, New Zealand, and Canada, has issued a warning to MSPs about cyberattacks that may have "globally cascading effects." According to the advisory, whether the customer's network is hosted on-premises or externally, threat actors can use a vulnerable MSP to gain initial access into multiple victim networks and can compromise the MSP through follow-on activity - such as ransomware and cyber espionage - as well as across the MSP's customer base in a supply chain attack. Read more
A post-exploitation framework “IceApple” is targeting global organizations that use Internet Information Services (ISS) - Microsoft's extensible web server software - and Microsoft Exchange servers since at least 2021. IceApple uses in-memory execution and unique stealth techniques to avoid detection. The malware can leverage the .NET framework and assemblies to target victims. Researchers say that IceApple shows persistence and long-running objectives aimed at intelligence collection, such as credential harvesting, file and directory deletion and data exfiltration. Read more
Cybersecurity threats are aimed at accessing an organization’s sensitive data. In 2021, cyberattacks were at an all-time high, and they will not be slowing down any time soon. Learn how to protect Your data from cyberthreats in 2022. Read more
Pro-Russian hacktivists known as Killnet attempted distributed denial of service (DDoS) attacks against crucial government sites including ministry, parliament, and even army websites using the "Slow HTTP" technique. This method is based on sending one HTTP request at a time to webservers but sets the request at a very slow transmission rate or makes it incomplete, leaving the server waiting for the next request which allocates resources to wait for the remaining data. Too many accumulated requests overwhelm the servers until it can no longer take further requests. Read more
Black Basta, a new ransomware gang, swiftly rose to prominence in recent weeks after it caused massive breaches to organizations in a short span of time. Researchers found that the ransomware needs admin rights to run. After which, it removes shadow copies, disabled Windows recovery and repair, and boots the PC in safe mode – later encrypting files, creating a registry entry, and demanding ransom. Read more
42TB purpose-built Physically isolated and detachable air-gap node for your mission-critical Veeam backups, snapshots and replicas are Offline by Default and accessible only when the node is in-use.
This DR365VIVA leverages Veeam-integration and enable storage administrators to set policies which automatically isolates the nodes using the built-in network and power controller and turns itself off once the backup job is done making it isolated from your production and backup environments.
8-bay 2U Rackmount unit, 3x14TB (42TB) Enterprise SAS drives, 10 core Storage Virtualization Engine, 32GB System Memory, 512GB NVMe SSD, Dual Redundant Power Supply, 12Gb SAS Hardware RAID Controller. For more information, visit DR365VIVA air-gapped nodes webpage.
Weekly
May 2 - 6, 2022
The Costa Rican President Rodrigo Chaves has declared a national emergency following cyber-attacks from Conti ransomware group on multiple government bodies. Conti has, so far, stolen 672GB of data and published 97% of it on their leak site. The leak site presently lists the finance ministry, ministry of labor and social security, the social development and family allowances fund, the Interuniversity Headquarters of Alajuela government departments purportedly affected by the attack. Read more
Lincoln College in Illinois will shut down permanently this week after financial woes caused by the pandemic were magnified by a ransomware attack last December. The college’s finances were stretched thin due to the COVID-19 pandemic leading to a drop in enrollments and the large tech spendings for remote learning. The final blow came on December 19 when the college was hit by ransomware, which affected its IT systems for recruitment, retention and fundraising. Read more
AGCO, a leading US-based agricultural machinery producer, has announced it was hit by a ransomware attack impacting some of its production facilities. AGCO is a giant in the field, having a revenue of over $9 billion, employing 21,000 people, and owning brands like Fendt, Massey Ferguson, Challenger, Gleaner, and Valtra. As such, any production disruption caused by the ransomware attack could have a significant supply chain impact on the production and delivery of equipment. Read more
Cybersecurity experts recommend immutable backups to protect sensitive information such as Personally Identifiable Information, Protected Health Information, etc. from ransomware attacks. Learn what immutable backups are and why do you need them. Read more
Fake Windows 10 updates are being used to distribute the Magniber ransomware in a massive campaign that started earlier in April. These updates are distributed under various names, with Win10.0_System_Upgrade_Software.msi and Security_Upgrade_Software_Win10.0.msi being the most common.
Read more
Ransomware target the corporate impacting not just production but also connected storage devices and backup servers. As a result, backups alone aren’t enough to effectively protect your data from ransomware which is why experts recommend air-gapping and immutability. Read more
Veeam Cloud Backups with Integrated Immutable and Air-Gapped for $50/TB per month. Backup or Replicate, Spin-up in the cloud for $50/TB.
Need help with planning, installation, configuration, optimization, testing, or training? 24/7 Smart Protect remote backup and DR management plan available for your complete support needs. For demos and details, contact us.