Security News

Phishing impersonations and business email compromise attacks designed to steal victims' bitcoin surged by 192% between October 2020 and May 2021, closely following the rising demand and increasing price of bitcoin over the last eight months, according to analysis by Barracuda Networks. Bitcoin themed cyber attacks have typically been used in extortion and ransomware attacks in the past, but hackers have now started to incorporate cryptocurrency into spear phishing, impersonation, and BEC attacks, the analysis revealed.

IT management software provider Kaseya has deferred an announcement about restoration of its SaaS services, after falling victim to a supply chain attack that has seen its products become a delivery mechanism for the REvil ransomware. The update is needed because last Friday Kaseya advised users of its on-premises software to shut it down ASAP after a detecting a supply chain attack on its VSA product - a tool that combines endpoint management and network monitoring.

The threat actors behind the REvil ransomware gang appear to have pushed ransomware via an update for Kaseya's IT management software, hitting around 40 customers worldwide, in what's an instance of a widespread supply-chain ransomware attack. Following the incident, the IT and security management services company said it took immediate steps to shut down our SaaS servers as a precautionary measure, in addition to notifying its on-premises customers to shut down their VSA servers to prevent them from being compromised.

The REvil ransomware gang is increasing the ransom demands for victims encrypted during Friday's Kaseya ransomware attack. With Friday's attack on Kaseya VSA servers, REvil targeted the managed service providers and not their customers.

The zero-day vulnerability used to breach on-premise Kaseya VSA servers was in the process of being fixed, just as the REvil ransomware gang used it to perform a massive Friday attack. The vulnerability had been previously disclosed to Kaseya by security researchers from the Dutch Institute for Vulnerability Disclosure, and Kaseya was validating the patch before they rolled it out to customers.

Ransomware news has been steady this week with new tactics, decryptors, the return of ransomware gangs, and likely the largest single ransomware attack in history conducted Friday afternoon. Finally, a sample of the new REvil Linux encryptor used to encrypt ESXi virtual machines was found, TrickBot is using a new Diavol ransomware, CISA released a new ransomware self-assessment tool, and a decryptor for Lorenz was released.

Swedish supermarket chain Coop has shut down approximately 500 stores after they were affected by an REvil ransomware attack targeting managed service providers through a supply-chain attack. Last night, the supermarket chain closed its stores after the REvil ransomware gang targeted managed service providers and their customers in a massive supply-chain attack through Kaseya VSA, a remote patch management and monitoring uite.

Swedish supermarket chain Coop has shut down approximately 500 stores after they were affected by an REvil ransomware attack targeting managed service providers through a supply-chain attack. Last night, the supermarket chain closed its stores after the REvil ransomware gang targeted managed service providers and their customers in a massive supply-chain attack through Kaseya VSA, a remote patch management and monitoring uite.

Supply chain cyberattack could have wide blast radius through compromised MSPs. Software maker Kaseya Limited is urging users of its VSA endpoint management and network monitoring tool to immediately shut down VSA servers to prevent them from being compromised in a widespread ransomware attack. While the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency had not yet issued an official alert as of early Saturday, the agency said late Friday that it was "Taking action to understand and address the recent supply-chain ransomware attack against Kaseya VSA and the multiple managed service providers that employ VSA software."

Cybersecurity researchers on Thursday revealed details about a new Mirai-inspired botnet called "Mirai ptea" that leverages an undisclosed vulnerability in digital video recorders provided by KGUARD to propagate and carry out distributed denial-of-service attacks. Chinese security firm Netlab 360 pinned the first probe against the flaw on March 23, 2021, before it detected active exploitation attempts by the botnet on June 22, 2021.