Bitglass Security Spotlight: Ransomware Developments, Additional SolarWinds Victims, and More Data Breaches

Here are the top security stories from recent weeks: 

Kaseya Obtains Master Decryption Key for REvil Ransomware
DarkSide Ransomware Gang Rebrands as BlackMatter
DOJ Says Email Accounts of 27 U.S. Attorneys’ Offices Were Breached During SolarWinds Ha… Continue reading Bitglass Security Spotlight: Ransomware Developments, Additional SolarWinds Victims, and More Data Breaches

SolarWinds CEO reveals much earlier hack timeline, regrets company blaming intern

SolarWinds saw signs of hackers invading their networks as early as January of 2019, about eight months earlier than the previously publicly disclosed timeline for the sweeping cyber-espionage campaign, and nearly two years before anyone discovered the breach. SolarWinds CEO Sudhakar Ramakrishna said in an appearance at the 2021 RSA Conference that while the federal contractor had once estimated the hackers’ first suspicious activity at around September or October of 2019, the company has “recently” learned that the attackers may have in fact “been in our environment” much earlier. “As we look back, they were doing very early [reconnaissance] activities in January of 2019,” he said. Ramakrishna’s revelation provides a deeper understanding yet of the stealthy nature of what U.S. government officials and cybersecurity firms have labeled an incredibly sophisticated attack, even by the standards of the alleged Russian government-connected hackers behind the effort. By leveraging seemingly trustworthy updates of SolarWinds […]

The post SolarWinds CEO reveals much earlier hack timeline, regrets company blaming intern appeared first on CyberScoop.

Continue reading SolarWinds CEO reveals much earlier hack timeline, regrets company blaming intern

Cybersecurity Executive Order: Can automation fix the nation’s misconfiguration problem?

President Joe Biden signed and released an Executive Order (EO) from the White House on May 12th, addressing his plan to improve the nation’s cybersecurity and protect federal government networks. This order comes on the heels of the Colonial Pipeline … Continue reading Cybersecurity Executive Order: Can automation fix the nation’s misconfiguration problem?

Wine scams spiked during COVID-19 lockdown

Absolute monsters. Wine-themed domain registrations rose once COVID-19 lockdowns took hold, some of them malicious and used in phishing campaigns, Recorded Future and Area 1 Security said in a joint report out Wednesday. “As the interest in virtual happy hours and get-togethers increased so did the increase in wine-themed domain registrations,” the report states. Amid the COVID outbreak, alcohol has proven itself a target for hackers — but it hasn’t been clear before that scammers were trying to exploit people who were staying home and imbibing more. Alcohol delivery service Drizly, for instance, suffered a breach in July, while ransomware hit liquor and wine maker Brown-Forman around the same time. Recorded Future observed a mild jump in wine domain registrations in March of 2020, from the usual 3,000 to 4,000 per month up to nearly 5,500. April saw a bigger leap, to almost 7,200, and the numbers took off in […]

The post Wine scams spiked during COVID-19 lockdown appeared first on CyberScoop.

Continue reading Wine scams spiked during COVID-19 lockdown

Top insurer CNA disconnects systems after cyberattack

CNA, one of the U.S.’s top providers of cybersecurity insurance, is struggling with a cyberattack that prompted it to disconnect its systems from its network. Its website hasn’t been working for the last couple days, and at press time displayed the message, “The attack caused a network disruption and impacted certain CNA systems, including corporate email.” The Chicago-based firm reported more than $10 billion in revenue in 2020, and is in the top 15 U.S. property and casualty insurers and top 10 U.S. providers of cyber insurance, according to recent measurements. If the attack proves to include policyholder data, a cyber insurance industry expert warned, it could enable particularly devastating further incidents that hackers could use as leverage in extortion attempts. If that’s the case, CNA said, it will keep customers updated. The company said it discovered the intrusion on March 21, adding that it is working with forensics experts […]

The post Top insurer CNA disconnects systems after cyberattack appeared first on CyberScoop.

Continue reading Top insurer CNA disconnects systems after cyberattack

Twitter hacker pleads guilty, sentenced to 3 years

A Florida teenager has admitted to orchestrating the hijacking of celebrity Twitter accounts last year as part of a plea deal that will see him serve three years in a juvenile facility, prosecutors said Tuesday. Graham Ivan Clark, 18, admitted to being behind a scheme that saw him steal more than $117,000 by taking over the Twitter accounts of numerous public figures and then blasted out tweets promoting cryptocurrency, according to prosecutors in Hillsborough County, Fla. More than 100 high profile people, from Microsoft founder Bill Gates to former president Barack Obama, had their accounts targeted in an incident that exposed glaring vulnerabilities in Twitter’s security protocols. Clark was 17 when he was arrested, and prosecutors touted the plea deal as a chance for him to mend his ways. The agreement includes three years of supervised release. Clark pleaded guilty to obtaining unauthorized access to a computer, and to numerous counts […]

The post Twitter hacker pleads guilty, sentenced to 3 years appeared first on CyberScoop.

Continue reading Twitter hacker pleads guilty, sentenced to 3 years

Molson Coors says cyberattack disrupted beer brewing

Molson Coors confirmed in a regulatory filing on Thursday that it suffered a cyberattack that disrupted its beer production, and it may not be out of the woods yet. “Although the Company is actively managing this cybersecurity incident, it has caused and may continue to cause a delay or disruption to parts of the Company’s business, including its brewery operations, production, and shipments,” the company said in a Securities and Exchange Commission disclosure. The SEC filing also said that Molson Coors had contacted “leading forensic information technology firms and legal counsel” and was “working around the clock” to restore full operations. The company reported net sales of nearly $12 billion in 2020, and is one of the largest beer brewers in the U.S. The company was remarkably vague. It didn’t say what kind of attack, where it happened, which systems were affected or when it began. Local media near a […]

The post Molson Coors says cyberattack disrupted beer brewing appeared first on CyberScoop.

Continue reading Molson Coors says cyberattack disrupted beer brewing

Social Engineering Attacks Hacking Humans Today

Earlier this year, SlashNext debuted “Phish Stories,” a videocast and podcast series during which cybersecurity experts discuss new zero-hour phishing attacks before a live audience of CISOs, CSOs and cybersecurity professionals. In Episode Two, Zero-H… Continue reading Social Engineering Attacks Hacking Humans Today