German energy providers attacked successfully through common service provider

Hot News from Cyber Protection Operation Center

CPOC News Playlist with all the most actual news from Cyber Protection Operation Center. Spend just 10 minutes to get equipped for the next partner’s call!

1.

The BlackCat extortion gang has created a website where individuals can check if their data was included in data stolen from a ransomware incident. The first company to have their stolen data included was a hotel and spa in Oregon, and includes personal data of guests and more than 1,500 employees. Acronis Cyber Protect keeps your data from being stolen with the included Active Protection that stops ransomware attacks before they can start.

2. A recent surge in eCh0raix ransomware, also known as QNAPCrypt, shows that Linux systems are an increasing target for ransomware operators. The ransomware specifically targets QNAP devices, and a ransom of USD 1,200 to USD 3,000 is typically demanded. Acronis Cyber Protect for Linux includes Active Protection to protect your Linux computers and data from ransomware attacks. 

3. July’s Microsoft Patch Tuesday included fixes for 60 vulnerabilities, including three critical bugs. Among these three was the fix for the heavily exploited Follina vulnerability in the Microsoft Support Diagnostics Tool (MSDT). Google also fixed seven bugs in Chrome, including four high risk vulnerabilities that could allow attackers to manipulate programs and access sensitive data. Acronis Cyber Protect makes patching simple with the included Patch Management solution.

4. Two German energy providers attacked successfully through common service provider. Acronis Cyber Protect detects and blocks malware used in such attacks, with the included multi layered Behavioral and AI-Powered Detection Engines.

5. A Linux rootkit is using magic packets to allow attackers to remotely provide commands. The rootkit, known as Syslogk, inspects TCP packets and ultimately installs and launches Rekoobe malware to open a reverse shell and execute commands. Acronis Cyber Protect includes multi-layered detection engines in Acronis Cyber Protect for Linux to stop Syslogk and Rekoobe, as well as other malware, before your systems are put at risk.

Video Link to Cyber Protection Operation’s Center update on this topic

  • The BlackCat extortion gang, also known as ALPHV, has taken the data leak site to a whole new level, providing a way for individuals to check if their information was included in stolen data.
  • BlackCat launched the site with information they claim was part of 112GB stolen from a hotel and spa in the U.S. state of Oregon, including the personal information of employee and guests.
  • The data the group claims to have stolen includes names, dates, and stay costs of guests, while the names, Social Security Numbers, dates of birth, and other personal information of 1,534 employees are included.
  • Acronis Cyber Protect keeps your data safe from ransomware like BlackCat, with the included Active Protection that detects and blocks ransomware by the behaviors it exhibits.

Video link to Cyber Protection Operation’s Center update on this topic

• Microsoft has released their monthly list of patches which includes patches for Microsoft Exchange and Microsoft Excel.

• In total, there were six zero-days being patched and 55 total flaws. Twenty of these vulnerabilities allow for the elevation of privilege.

• Products affected by these patches include Azure, Office, Exchange Server, Windows Defender, and Chromium-based Edge browser.

• Do you need to apply large amounts of patches quickly and safely? Acronis Cyber Protect’s built-in patch management allows you to keep your Microsoft software up to date with ease.

Video link to Cyber Protection Operation’s Center update on this topic

• July’s Patch Tuesday covered 60 vulnerabilities, of which three were considered critical. A critical vulnerability is one that is able to be remotely exploited to gain full control of the vulnerable machine.

• Of the three vulnerabilities, one was the previously reported Follina vulnerability in the Microsoft Support Diagnostics Tool (MSDT), which has already been heavily exploited.

• On top of Microsoft’s Patch Tuesday, Google has also issued patches for seven vulnerabilities in its Chrome browser, including four high risk bugs. While some details have not yet been disclosed, the vulnerabilities allow an attacker to manipulate programs and access information that should not be accessible.

• The simple Patch Management solution in Acronis Cyber Protect helps keep all of your protected systems up to date by letting you select the systems to update and the patches to apply, all from a single web console.

Video link to Cyber Protection Operation’s Center update on this topic

• The German energy provider Entega reported a cyber attack on the weekend. The attack affected the Internet services and the email accounts of the 2,000 employees. The critical infrastructure of the energy network was not compromised.

• Stadtwerke Mainz and a regional waste disposal company both reported issues as well. Reports indicated that they all use the same service provider which might have been the source of the cyber attack.

• According to a recent study by N-able 90% of MSPs suffered a successful cyber attack in the last 18 month.

Acronis Cyber Protect detects and blocks malware used in such attacks, with the included multi layered Behavioral and AI-Powered Detection Engines.

• A new Linux kernel rootkit known as Syslogk is currently being developed, and has been observed in the wild.

• Syslogk is based on the Adore-Ng rootkit that has been around since 2004, but with updated functionality, including its core function of inspecting TCP packets that contain port number 59318, which allows it to launch the Rekoobe malware.

• The rootkit also takes steps to hide its network traffic, making it more difficult to detect the malware. Once the rootkit runs Rekoobe, the attacker has a reverse shell opened to be able to execute commands that could lead to additional malware or ransomware payloads being downloaded and executed on the victim system.

• The multi-layered detection included in Acronis Cyber Protect for Linux detect and blocks even new malware like Syslogk, protecting your systems from further attacks.

Leave a Reply

Your email address will not be published.