Welcome to neoRhino IT Solutions' The Breacher Report, where twice a month we provide some of the biggest cybersecurity news and data breaches in snippets for you to keep you informed and aware of what's happening in the world of cybersecurity.
For January 18th-31st, 2020:
- Ryuk Ransomware Can Now Encrypt Offline Devices: The Ryuk Ransomware Strain has been the talk of cybersecurity experts and concerned pc owners alike for nearly all of 2019 and has no signs of stopping in 2020, especially with this new development. It has been discovered that Ryuk now uses a “Wake-On-LAN” feature, which hardware devices use to wake up powered-off devices within a connected network by sending a specific network packet to it. Since Ryuk is engineered to hide unexpectedly within a network and encrypt devices all at once, this feature makes the ransomware even more dangerous, as it can now turn on devices that are powered off and not even connected to the internet to encrypt them. Once successful, Ryuk will then mount and encrypt the remote drive as well. (KnowBe4 / BleepingComputer)
- New Windows 10 Update Fixes Broken File Explorer: After numerous users voiced their complaints of a change made during a November 2019 update, Microsoft released a patch fix for its File Explorer system in Windows 10. The November update added suggestions and online OneDrive results to the Search box, but doing so created new bugs within File Explorer including blocking user input in the search bar and sporadic inabilities to paste copied text through a right-click. The update that rectifies this bug was released on January 28th. (Windows Latest)
- Got Office 365 ProPlus and Use Chrome? Prepare for Bing Search: Speaking of Microsoft updates, beginning in mid-February, Microsoft will be changing the default search engine in Chrome to Bing Search automatically, specifically for its Office 365 ProPlus Users. In the upcoming Office 365 ProPlus Version 2002 update, Microsoft pushes out Bing as the new default search engine so “users in your organization with Google Chrome will be able to take advantage of Microsoft Search, including being able to access relevant workplace information directly from the browser address bar.” Apparently, the change will not occur if Bing is already chosen as the default search engine but trying to switch back if the change occurs would require the Office Deployment Tool or changing via Group Policy. (ZDNet)
- Japan Strengthens Cybersecurity Efforts Ahead of Tokyo 2020 OIympics: Japan’s Ministry of Internal Affairs & Communications are developing a set of cybersecurity measures in preparation of the 2020 Summer Olympic Games. The measure that are being implemented include increased cybersecurity training for nearly all central government bodies, evaluating security measures for their transportation infrastructure, and further strengthening the data security on devices that utilize IoT (Internet of Things) connections. In lieu of the DDoS attacks during the Rio Summer Olympics of 2016, this is great news to hear that Japan is fully aware of their level of cybersecurity and is fortifying their defenses. (InfoSec Magazine)
- Wawa Suffers Credit Card Breach, Jokers Go Wild: In December 2019, convenience store chain, Wawa, alerted its customers that their credit card payment system had been compromised, affecting all its 850+ stores nationwide. However, the fallout from the hacker attack continues as customer data from the attack was reportedly exposed on Joker’s Stash, a marketplace on the Dark Web. The runners of the marketplace proudly announced their acquisition, offering to sell over 30 million debit/credit card credentials under the title “Bigbadaboom-III.” According to Wawa, the attack did not expose PIN numbers, ATM usage, or driver’s license information, though CVV numbers may have been exposed. (CBS News)
- Greenville Water Company Suffers Cyber-Attack, Affects 500,000: The Greenville Water company was the target of an cyber-attack, shutting down access of customer information for its employees as well as payment access for over 500,000 residents. Fortunately, the attack was minor and are in remediation, but it just shows that government organizations are continuing to be a focus for cyber-criminals, as was shows in last year’s attack on several Texas government offices. (WSPA News)
- Germany Pays nearly $900K for extended Windows 7 Updates: Windows 7 is a done deal as far as security updates go… unless you’re willing to pay the price. The Federal Ministry of Germany apparently is, and they are paying the Redmond giant over $880,000 to extend security updates for 33,000 PCs that cannot handle the Windows 10 update. Just goes to show that holding on to Windows 7 and end of life hardware can be not only be a strain, not just on potential ransomware, but on your pocketbook. (Engadget, Handelsblatt)
- The NFL, ESPN, and UFC Twitter Accounts Have All Been Hacked: Nearly half of all the Twitter accounts of NFL leagues and football teams were the victim of a hack attack. According to ESPN (who was also compromised), the attack was minor and was the result of a well-known hacker group named OurMine. UFC was also a target by OurMine in this attack and they recently targeted the Twitter accounts of HBO, Mark Zuckerberg, and even Twitter CEO Jack Dorsey. (The Verge)
- Ransomware Threat Exploits Citrus Flaw: A patch has been released to resolve a known security flaw within the Citrix Server program. Security experts have discovered that a backdoor attack called “NotRobin” as well as a ransomware variant named “Ragnarok” could exploit the flaw and spread if not properly updated. It is also known that up to 5 different hacking groups are tying to exploit this flaw even further, so it is imperative that the update is applied if you are a Citrix user. (Cybersecurity Insiders)
- NEC Confirms Security Breach from Four Years Ago: Legacy Japanese IT, PC, and video game manufacturer NEC recently confirmed of a data breach that happened back in 2016. NEC stated that the company had failed to detect any intrusion on their infrastructure until June 2017 but did not notify any affected parties of the breach until this week. Whether or not this was intentionally kept a secret from the parties by NEC or was an oversight remains to be determined. (ZDNet)
- UN Offices Hacked Via SharePoint: A new report was released that several servers located at the Geneva and Vienna offices of the United Nations were the victim of a SharePoint compromise. The attack included the UN Office of the High Commissioner for Human Rights (OHCHR) headquarters in Geneva. 42 servers have been confirmed to be compromised with another 25 under suspect, and the attackers gained access via the servers’ Active Directory. According to an official at the UN, the attackers cleaned up their tracks very well and are suspecting to be an espionage effort. (Associated Press, New Humanitarian)
neoRhino’s Remote Managed Services and Security Awareness Team are here so you can focus on your business needs. You can relax knowing that we are here to protect your technology. Call us at (281) 779-4850 for a FREE consultation and we can help your business today.
