Safety information report

Why is it so difficult to solve the problem of ransomware

There are three main ways to blackmail software organizations , Gain initial access to the victim's Network ： phishing 、 Use stolen login information and exploit known vulnerabilities . The organization needs to organize phishing awareness training and phishing practice for employees on a regular basis .

The last attack method is left （ At least until ransomware organizations discover new attack vectors ）： Exploit . stay REvil Blackmail software organizations or their affiliates to use previously unknown vulnerabilities （ Known as zero day vulnerability ） attack Kaseya After hosting service provider customers , Blackmail software organizations that exploit vulnerabilities have received widespread attention .

But in terms of extortion software and vulnerability exploitation , The real challenge is not zero day vulnerability , It is a well-known vulnerability that extortion software organizations often exploit .

The target of a ransomware attacker is a huge attack surface , Whereas 2021 Number of ransomware attacks so far in , They seem to be winning .

Extortion software attackers and other cyber criminals are becoming more and more adept at exploiting vulnerabilities , The attack speed is getting faster and faster . in fact , They often build exploits before most organizations can fix them , This gives extortion software participants a great advantage .

News source ： 

https://statescoop.com/government-ransomware-patching-problem/

Phishing attacks affected tens of thousands of professional dental alliance patients

Dental clinic network affiliated to the North American Dental Group Professional Dental Alliance Tens of thousands of patients have been notified , Some of their protected health information is stored in email accounts , stay 3 month 31 solstice 4 month 1 During the day , Unauthorized individuals have access to this information .

In the investigation of violations , No evidence of attempted or actual misuse of patient data was found , The investigators concluded that the violation may be limited to voucher collection . A comprehensive review of the affected email accounts confirms , They contain protected health information , For example, name 、 Address 、 E-mail address 、 Phone number 、 Insurance information 、 Social security number 、 Dental information and / Or financial information .

Each affected entity has reported violations to the office of civil rights of the Department of homeland security . at present , At least... Are known 125,760 Patients' protected health information was exposed .

News source ： 

https://www.hipaajournal.com/phishing-attack-professional-dental-alliance/

Security vulnerabilities threaten

Zerodium Want to WindowsVPN The client carries out a zero day attack

Exploit mediations Zerodium Express , It is seeking access to three popular virtual private networks in the market (VPN) Zero day exploit of service provider vulnerabilities .

Zerodium The current interest is in influencing NordVPN、ExpressVPN and SurfSharkVPN Service Windows Client vulnerabilities . Together, they serve millions of users , As report goes ,NordVPN and ExpressVPN Once claimed to have at least 1700 Million users .

According to the data on its website , These three companies manage... In dozens of countries 11,000 Multiple servers .

Zerodium Our customer base consists of government agencies , Mainly from Europe and North America , Advanced Zero Day vulnerability exploitation and network security capabilities are required .

Earlier this year ,Zerodium Announce a temporary increase in Chrome The expense of loopholes .Zerodium Provide 1,000,000 Dollars for remote code execution (RCE) Escape with sandbox (SBX) Linked exploits . in addition ,Chrome in RCE and SBX The bonuses of the are increased to 400,000 dollar .

News source ： 

https://www.bleepingcomputer.com/news/security/zerodium-wants-zero-day-exploits-for-windows-vpn-clients/

LyceumAPT The return will be for Tunisian companies

Lyceum The threat group surfaced again , This is a remote access Trojan horse (RAT) A strange variant of , It cannot be associated with command and control (C2) Server communication , It may be a new kind of proxy traffic between internal network clusters .

Kaspersky global research and analysis team (GReAT) Senior security researcher for Mark Lechtik In a post on Monday, I said , The team has identified a new Lyceum Active clusters , Focus on two entities in Tunisia .

In... Earlier this month Virus Bulletin A paper published at the meeting (PDF) in ,Lechtik And Kaspersky researchers Aseel Kayal and Paul Rascagneres writes , The threat actors attacked well-known Tunisian organizations , Such as telecommunications or airlines .

Lyceum As early as 2018 year 4 The month begins to be active , It attacked the telecommunications and critical infrastructure of the Middle East oil and gas organization .Lyceum Your steps are light , But there is a big stick ：“ It keeps a low profile , It rarely attracts the attention of security researchers ,” Three researchers wrote .

News source ： 

https://threatpost.com/lyceum-apt-tunisian-firms/175579/

53% Of companies facing supply chain attacks

-Acronis Cyber Readiness Report 2021 Key security vulnerabilities are revealed

According to this year's global 18 A country's 3,600 Of a small and medium-sized company IT Independent survey results of managers and remote employees , The report states that ,53% Global companies face supply chain attacks . Even though Kaseya or Solar Winds And other trusted software vendors are under globally recognized attacks , But more than half IT Leaders believe in using “ Known 、 Trusted software ” To provide adequate protection , Make them easy targets .

The number and complexity of attacks are increasing

Three out of ten companies say they face cyber attacks at least once a day —— Similar to last year ; But this year , Only 20% The company reported no attack —— Than 2020 Year of 32% It's down , This means that the number of attacks is increasing .

The most common type of attack this year has reached an all-time high , Including phishing attacks —— Its frequency continues to grow , It is now the highest type of attack , Occupy 58%.2021 Malware attacks are also increasing in ： This year's 36.5% Our company has detected malware attacks —— Than 2020 Year of 22.2% There has been an increase in .

However , This year is the year of phishing ： since 2020 Since then , Yes URL The demand for filtering solutions has increased 10 times ——20% Global companies are now aware of the dangers that phishing poses to their business .

Remote employees become the most attractive target

A quarter of remote employees report that , lack IT Support is one of the main challenges they face this year . Three technical challenges identified by global remote employees ：Wi-Fi Connect 、 Use VPN And other safety measures 、 lack IT Support .

Remote employees do not use multiple authentication —— This makes them easy targets for phishing , Phishing is 2021 The most common type of attack in .

We have seen attackers actively expand their target pool —— It is no longer just based on Microsoft Windows Operating system workloads , in the light of Linux、MacOS、Android and iOS Attacks on devices have also proliferated . Attackers also attack virtualized environments more frequently .

News source ： 

https://www.13abc.com/prnewswire/2021/10/19/53-companies-are-left-exposed-supply-chain-attacks-acronis-cyber-readiness-report-2021-reveals-critical-security-gaps/