Security News: U.S. Offers DarkSide Bounty, Nobelium Campaigns Continue, and International Ransomware Attacks
- U.S. Cracks Down on Ransomware, Offers $10 Million Bounty for DarkSide Info
- Nobelium, The Hackers Behind SolarWinds Attack, Targets IT Supply Chains Again
- U.S. Defense Contractor Electronic Warfare Associates Discloses Breach
- Canadian Provinces Suffer Cyberattack Leading to Health System Disruptions
- BlackShadow Breach Israeli Hosting Company, Extorts Provider and Customers for $1 Million
Here are the top security stories from recent weeks:
The federal government has offered a $10 million reward for information leading to the identification or location of DarkSide ransomware group leaders. The announcement came after BlackMatter, a DarkSide derivative group, announced they will shut down after increased pressure from authorities. DarkSide is best known for its attack on U.S. critical infrastructure and the Colonial Pipeline, affecting fuel supplies on the east coast. The high bounty shows the U.S. government is serious about cracking down on ransomware and may encourage criminals to turn against each other.
Nobelium, the Russian advanced persistent threat (APT) group behind the SolarWinds supply chain attacks, has pivoted to target software and cloud service resellers in hopes of gaining direct access to customers’ IT systems. Microsoft warns that the group has targeted at least 140 resellers and technology service providers in its latest campaign in May. There have been 14 confirmed cases of compromise. Nobelium did not appear to target any specific vulnerabilities in its last campaign, using credential stuffing, phishing, API abuse, and token theft instead to gain access to victim systems. Microsoft has notified all affected vendors.
Electronic Warfare Associates (EWA), a high-tech defense, electronics, and cyber security company, has disclosed a data breach. EWA confirmed attackers gained access to an email account and attempted wire fraud, which the company says was the attacker’s main objective. The threat actor also exfiltrated files with personal information including names, social security numbers (SSNs), and driver’s licenses. However, the attempted fraud could have been a distraction. EWA is a high-profile target with customers including the U.S. Department of Defense, Department of Justice, and Homeland Security; a data breach could also compromise sensitive information including military technology.
A cyberattack taking place October 30 has disrupted healthcare services and hospitals in the Canadian provinces of Newfoundland and Labrador. Regional health systems shut down networks and cancelled appointments. The shut down also affected communications; residents reported inability to reach healthcare centers or emergency services via phone. Sources indicate the attack may have been a ransomware attack, although healthcare systems and the Canadian government have not confirmed this.
Iranian state-sponsored hacking group, BlackShadow, has attacked Israeli hosting provider CyberServe, threatening to leak stolen data if an extortion demand of $1 million is not paid. The extortion deadline was set for 48 hours, but the group immediately leaked a sample of 1,000 records to prove their point. Many websites hosted by CyberServe are affected and inaccessible, including LGBT site Atraf, Kavim public transportation firm, Kan public broadcaster, Pegasus travel agency, and the Holon Children’s Museum. Unlike most ransomware attacks, BlackShadow is not believed to be financially motivated.
This post was first first published on Forcepoint website by Jeff Birnbaum. You can view it by clicking here