Search This Blog

Latest News

WhatsApp's 'disappearing messages' now available for Indian users; here's how you can enable disappearing messages on your WhatsApp

 The much popular messaging application earlier announced that they will be rolling out a new 'Disappearing Messages' feature, wher...

All the recent news you need to know

Manchester United Hit By a Cyber Attack on their Systems

 

Manchester United affirmed the hacking on the club and revealed systems required for the match remained secure.

Have been hit by a cyber-attack on their systems however state they are not “currently aware of any breach of personal data associated with our fans and customers”. 

In a statement, United stated: “Manchester United can confirm that the club has experienced a cyber-attack on our systems. The club has taken swift action to contain the attack and is currently working with expert advisers to investigate the incident and minimize the ongoing it disruption.

Paul Pogba 'significant for us' says Solskjær after Deschamps comments, “Although this is a sophisticated operation by organized cybercriminals, the club has extensive protocols and procedures in place for such an event and had rehearsed for this eventuality.

Our cyber defenses identified the attack and shut down affected systems to contain the damage and protect data. Club media channels, including our website and app, are unaffected and we are not currently aware of any breach of personal data associated with our fans and customers. 

We are confident that all critical systems required for matches to take place at Old Trafford remain secure and operational and that tomorrow’s game against West Bromwich Albion will go ahead.”




The club told the British authorities about the incident, including the information commissioner's office. 

The united likewise dispatched a forensic investigation into the incident. 

A spokesperson for the club added: “These types of attacks are becoming more and more common and are something you have to rehearse for.” 

United have informed the information commissioner's office and added that forensic tracing is being completed by carrying out an attempt to set up additional insight regarding the attack.


A quick look into malwares that installs ransomware : Remove them form your system immediately

 

We recently looked into ways phishing mails are evolving, attackers getting creative by the day. But a new trend has taken up the dark web, and soon phishing campaigns for ransomware and malware will be a thing of the past. With the sources equable of a small government, malware gangs have started collaborating within themselves and have come up with "initial access brokers," what these groups do is provide ransomware and other groups with already infected systems.
Compromised systems through RDP endpoints, backdoored networking devices, and malware-infected computers install ransomware into the network, this makes the ransomware attacker work as swiftly as cutting into the cake. 

 There are currently three types of bookers that serve ransomware : 

Selling compromised RDP endpoints: These bookers carry a brute remote desktop protocol (RDP) into corporate systems, sold as "RDP Shops". Ransom groups often choose systems that are integrated well within the network.

Selling hacked networking devices: Hackers sell pre hacked devices exploiting publically known vulnerabilities or weak spots like firewalls, VPN servers or others. Access to these devices is auctioned off on dark web forums.

Selling computers pre-infected with malware: This is the most popular way ransomware is spread. Hacking gangs spread their malware bots into well-established systems and sell them to the highest bidder who further injects ransomware into the system. 

The best protection against these attacks is to prevent them from happening. The first two infiltrations can be fended off using strong passwords, security measures, and regular updates. The third means (malware) is a bit complicated as it uses human blunder and tricks to invade the device.

Following is a list of malware that if you find in your system, drop everything and fix them out for they are sure to inject ransomware in your network:

  •  Emotet (Emotet-Trickbot-Ryuk) 
  •  Trickbot (Ryuk - Conti)
  •  BazarLoader (Ryuk) 
  • QakBot (MegaCortex-ProLock-Egregor) 
  •  SDBBot (Clop)
  •  Dridex (BitPaymer-DoppelPaymer) 
  • Zloader (Egregor-Ryuk)
  •  Buer Loader (Ryuk)

Managed.com Hosting Provider Hit by REvil Ransomware, $500K Ransom Demand


Managed hosting provider Managed.com has temporarily taken down all its servers and web hosting systems offline including clients' websites in response to a REvil ransomware attack that compromised public-facing web hosting systems. 
 
The threat actors behind the security incident that took place on Monday, 16th November are not known yet, however, the company said that it is involved with law enforcement agencies to investigate the matter and restore the services as securely as possible. As of now, it remains unclear if the attackers have stolen any data before the encryption of devices. 
 
Initially, the web hosting service refrained from revealing any details about the incident and posted an update claiming 'unscheduled maintenance' as the reason for the service interruption. However, later on, the company disclosed that it had encountered a ransomware attack that affected their systems and files containing critical data. 
 
In a status update, Managed.com said, "November 17, 2020 – On Nov.16, the Managed.com environment was attacked by a coordinated ransomware campaign. To ensure the integrity of our customers’ data, the limited number of impacted sites were immediately taken offline. Upon further investigation and out of an abundance of caution, we took down our entire system to ensure further customer sites were not compromised. Our Technology and Information Security teams are working diligently to eliminate the threat and restore our customers to full capacity. Our first priority is the safety and security of your data. We are working directly with law enforcement agencies to identify the entities involved in this attack. As more information is available, we will communicate directly with you." 
 
"Upon further investigation and out of an abundance of caution, we took down our entire system to ensure further customer sites were not compromised. Our Technology and Information Security teams are working diligently to eliminate the threat and restore our customers to full capacity. Our first priority is the safety and security of your data. We are working directly with law enforcement agencies to identify the entities involved in this attack,” the service further told in a statement. 
 
According to multiple sources, REvil, a ransomware-as-a-service infamously known for carrying out large attacks previously has demanded a $500,000 ransom in Monero to receive a decryption key. REvil has attacked big names like Kenneth Cole, Travelex, Brown-Forman, GSMLaw and SeaChange in the past.

Also known as Sodinokibi ransomware, REvil was first spotted in April 2019, it attacks Windows PCs to encrypt all the files on local drives (besides those enlisted in their configuration file) and leaves a ransom note on affected systems with instructions to get the files decrypted in turn of the demanded ransom.

Ransomware Attack Takes Down Massive Food-Supply Chain Providing Distribution of Temperature-Sensitive COVID-19 Vaccines

 

A company whose cold-storage capacities are extremely integral to the U.S. food-supply chain and the Coronavirus vaccine distribution affirmed an operation affecting cyberattack, as per a filing with the Securities and Exchange Commission (SEC). 

Americold is by far the largest cold-storage provider in the U.S. what's more, it operates 183 temperature-controlled warehouses globally, incorporating Argentina, Australia, Canada, and New Zealand; and just got hold of a similar company in Europe. 

For 'an idea of scale’, it holds the agreement for linking the ConAgra food-producing giant to supermarkets and customers. 

The attack appears all the earmarks of being a ransomware episode that began on Nov. 16 and even influenced the organization's phone systems, email, inventory management, and request satisfaction, as indicated by reports on Twitter. 

The filing with the SEC was brief and read that: “As a precautionary measure, the company took immediate steps to help contain the incident and implemented business continuity plans, where appropriate, to continue ongoing operations… Security, in all its forms, remains a top priority at Americold, and the company will continue to seek to take all appropriate measures to further safeguard the integrity of its information technology infrastructure, data and customer information.” 

The attack is probably going to be 'highly targeted' and 'very thought of', as per researchers. 

Chloé Messdaghi, Vice President of strategy at Point3 Security, said by means of email, “Human-operated ransomware attacks begin with trojans or other exploits against unsophisticated vectors. Once a way in is found, malware is planted and privileges are elevated. These attacks often exfiltrate data before encrypting files and the attacks are drawn out, with months of potential compromise adding to the potential harms that can result.” 

She added, “That’s why these types of attacks4 pose a greater threat than automated attacks such as WannaCry or NotPetya – they’re intentional and secretive.” 

Fundamentally, Americold has likewise been in conversion with providing storage and transport to the distribution of temperature-sensitive Coronavirus vaccines, as indicated by reports. 

Andrea Carcano, a fellow benefactor of Nozomi Networks, said through email, “The attack against Americold highlights a concerning trend of attackers targeting larger and more critical organizations, these threats should be a wake-up call for security professionals responsible for keeping not only IT, but operational technology (OT) and internet of things (IoT) networks safe. In the manufacturing business, time is money, so the disruption of IT services as well as manufacturing downtime and shipment delays, translates to lost revenue.”