Security News
The U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency earlier today issued a warning to all industries operating critical infrastructures about a new ransomware threat that if left unaddressed could have severe consequences. The advisory comes in response to a cyberattack targeting an unnamed natural gas compression facility that employed spear-phishing to deliver ransomware to the company's internal network, encrypting critical data and knocking servers out of operation for almost two days.
The U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency earlier today issued a warning to all industries operating critical infrastructures about a new ransomware threat that if left unaddressed could have severe consequences. The advisory comes in response to a cyberattack targeting an unnamed natural gas compression facility that employed spear-phishing to deliver ransomware to the company's internal network, encrypting critical data and knocking servers out of operation for almost two days.
Election officials in Palm Beach County, Florida, revealed this week that its voter registration system was hit by ransomware in the weeks leading up to the 2016 presidential election, according to the The Palm Beach Post. On Wednesday, Wendy Sartory Link, the recently appointed election supervisor of Palm Beach county, acknowledged that the government voting system sustained a previously undisclosed ransomware attack in mid-September 2016, according to the news report.
Ransomware brings a business to a screeching halt every 11 seconds, making it the most pervasive and destructive malware threat out there. With fast-evolving ransomware strains, protecting your business means it is essential to take on so-called zero-day attacks that slip by traditional anti-virus defenses.
Businesses and individuals lost $3.5 billion to cybercriminals last year while reporting more incidents of internet crime to the FBI than any year previously, according to the bureau's Internet Core Competency Certification 2019 Internet Crime Report, which was released on Tuesday. People reported 467,361 complaints of cybercrime to the FBI in 2019-an average of nearly 1,300 incidents every day, and more than 100,000 more than the year prior, according to the report.
A kernel-level Windows driver for old PC motherboards has been abused by criminals to silently disable antivirus protections, and hold files to ransom. When the ransomware infects a computer - either by some other exploit or by tricking a victim into running it - and loads the driver, the operating system and antivirus packages will allow it because the driver appears legit.
The City of North Miami Beach last week announced that ransomware was found on computers within its police department's network. The attack was discovered on Tuesday and the FBI, the Secret Service, and the Miami-Dade Police Department were immediately alerted.
Ransomware-wielding attackers have devised a novel tactic for disabling security protections that might get in their way: they are using a deprecated, vulnerable but signed driver to deliver a malicious, unsigned one that allows them to kill processes and files belonging to Windows endpoint security products. The vulnerable driver they are misusing was created by Taiwan-based motherboard manufacturer Gigabyte, found to be vulnerable in 2018 and later deprecated, but the signing certificate was never revoked.
UM has been open and forthcoming on the details of the attack, providing detailed insight into a classic targeted ransomware attack. "The modus operandi of the group behind this specific attack," said Fox-IT in a forensic report commissioned by UM, "Comes over with a criminal group that already has a long history, and goes back to at least 2014. The group is often referred to publicly as 'TA505', as well as 'GraceRAT', named after one of the tools used by the group."