Industry Intel

Unexpected Side Effects: How COVID-19 Affected our Click Habits

Phishing has been around for ages and continues to be one of the most common threats that businesses and home users face today. But it’s not like we haven’t all been hearing about the dangers of phishing for years. So why do people still click? That’s what we wanted...

Key Considerations When Selecting a Web Classification Vendor

Since launching our web classification service in 2006, we’ve seen tremendous interest in our threat and web classification services, along with an evolution of the types and sizes of cybersecurity vendors and service providers looking to integrate this type of...

4 Ways MSPs Can Fine-Tune Their Cybersecurity Go-To-Market Strategy

Today’s work-from-home environment has created an abundance of opportunities for offering new cybersecurity services in addition to your existing business. With cyberattacks increasing in frequency and sophistication, business owners and managers need protection now...

Ransomware: The Bread and Butter of Cybercriminals

Imagine a thief walks into your home and rummages through your personal belongings. But instead of stealing them, he locks all your valuables into a safe and forces you to pay a ransom for the key to unlock the safe. What choice do you have? Substitute your digital...

Cyber News Rundown: REvil Ransomware Strikes

REvil Ransomware Strikes Hosting Provider

In recent days the web hosting provider Managed.com has been working to recover from a ransomware attack targeting many of their core systems. While the company was able to stop the spread of the attack by shutting down their systems and client websites, it remains unclear what information may have been encrypted and sent elsewhere. The demanded ransom is equal to $500,000 in Monero cryptocurrency and is set to double if not paid in the next week.

Cyberattack Shuts Down Americold Operations

Cold storage provider Americold revealed this week it was forced to shut down many of its systems after discovering evidence of a cyberattack. Some variant of ransomware is thought to be responsible for the attack, which has disabled several customer-facing services and could still be affecting Americold. Fortunately, the company responded quickly and was able to stop the attack from spreading across its network, which could have caused significantly more damage, especially if financial information was accessed.

Ticketmaster Receives Fine for 2018 Data Breach

More than two years after Ticketmaster announced a data breach had compromised a significant amount of customer information, the Information Commissioner’s Office (ICO) has settled on a fine of £1.25 million. The attack was significant because, while multiple organizations warned Ticketmaster of the breach, the company did nothing to resolve the security lapse. Officials also discovered that upwards of 60,000 customer payment cards were used for additional fraudulent activity after the Ticketmaster breach.

Healthcare Remains Easiest Target for Cyberattacks

A recent survey of healthcare organizations found that 73% had computer systems totally unprepared to repel a cyberattack. Attackers are improving their operations rapidly compared to security improvements being implemented by these organizations, even with the increasing year-over-year cybersecurity spending. To make matters worse, pressure put on the healthcare industry by the COVID-19 pandemic has forced many facilities to put security improvements on hold as they deal with increased patient numbers.

Severity of Capcom Breach Continues to Rise

A ransomware attack on Capcom that was initially suspected to not affect customer data has been found to be more severe than first thought. Upwards of 135,000 customers, employees and other individuals with ties to the company may have had sensitive personal information compromised. While Capcom has confirmed that payment data is processed through a third-party and isn’t stored on their systems, internal documents and statements seem to have been compromised by the attack.

Cyber News Rundown: Flood of Phony IRS Emails

Phony IRS Emails Flooding Inboxes

Upwards of 70,000 inboxes have been receiving spam claiming to be from the IRS threatening legal action for late or missing payments. Most recipients are Microsoft Office 365 users and have been receiving threats of lawsuits to, wage garnishment and even arrest. These spoofing scams have risen in popularity in recent years, but have mixed results since many users are familiar with the tactic.

Pakistani Airlines Network Access for Sale

Researchers found a listing for full admin access to the Pakistan International Airlines network on multiple dark web forums earlier this week. The current asking price is an incredibly low $4,000, considering the amount of information that could be used for malicious activities. The hackers claim to have 15 databases, each with many thousands of records, including passport data and other highly sensitive personal information on passengers and employees alike. It is believed that this group has been responsible for at least 38 other sales of network access in the past five months.

Zoom Enhances Security at Heed of FTC

Following a settlement with the FTC, the video communication service Zoom is being forced to upgrade its overall security after it was found that they weren’t implementing the end-to-end encryption the business touted. It was also discovered that encryption of recorded video calls often did not take place and regular security testing of security measures did not occur, endangering user privacy for personal video calls and chats.

Mashable Database Compromised

The online media outlet Mashable confirmed it had suffered a cyberattack on its systems, and that the attacker had already published some of the stolen data, this weekend. Fortunately, Mashable also confirmed the stolen data was from a system that was no longer in use. The company has also begun contacted affected customers and informing them to be wary of suspicious emails and to forward them to Mashable for further investigation.

Millions of RedDoorz Records for Sale

Roughly 5.8 million user records belonging to the hotel booking platform RedDoorz were found for sale on a hacker forum. These records were likely the the result of a cyberattack targeting RedDoorz in September, though the company firmly stated no financial information was compromised. After viewing a sample of the stolen data, however, it was discovered that a significant amount of extremely sensitive information belonging to customers who may have stayed at any of their 1,000 properties across Southeast Asia had been published.

Cyber News Rundown: Maze Ransomware Shuts Down

Maze Ransomware Group Ends Operations

A press release issued this week announced the end of the Maze ransomware group’s data theft operations. In the release, the Maze authors revealed their motives behind one of the most successful ransomware campaigns to date, and why they chose to finally shut down their massive project. It also stated the Maze team was working to expose the major security holes key industries fail to address, though their methods created many victims.  

Magecart Targets International Gold Retailer

Nearly three months after a data breach caused by a Magecart attack struck the international precious metals retailer, JM Bullion has finally released an official statement to customers. After identifying unauthorized activity on their systems in the mid-July, the company went on to find that their systems had been compromised since February by Magecart payment card-skimming software. The company has yet to acknowledge why took so long to discover the breach or why it failed to follow GDPR regulations by immediately contacting affected customers.

Ryuk Remains Top Player Throughout 2020

With ransomware continuing its stay at the top of the cyberthreat throne, Ryuk variants have been responsible for over a third of all ransomware attacks in 2020 alone or roughly 67 million attacks. Ryuk has been around for over two years, but found much greater success this year after being found responsible for only 5,100 attacks in 2019. Ransomware attacks grew 40 percent over last year, to nearly 200 million as of Q3.

Cannabis Site Leaves Database Exposed

An unsecured database belonging to cannabis website GrowDiaries and housing over 3.4 million user records was found to be accessible last month. The data included 1.4 million user passwords that were encrypted using MD5 hashing, which is known to be easily unlocked by cybercriminals. Nearly a week after being informed of the database GrowDiaries properly secured it from public access, though it remains unclear how long it was accessible or who accessed it during that time.

Mattel Reveals Ransomware Attack

Following a July ransomware attack, Mattel has finally issued an official statement regarding the overall damage. The company has confirmed that no data was stolen during the attack, which was quickly identified by their security, and many systems were taken offline to prevent any damage or theft occured. The ransomware attack was likely perpetrated by TrickBot, as it’s known for concentrating on large organizations and leaving them exposed for some encrypting variant to follow.

Cyber News Rundown: Flash Banned from Windows

Adobe Flash Being Uninstalled on Windows Systems

Following its September announcement, Microsoft has released an update that removes Adobe Flash from Windows 10 systems and prevents reinstallation. It should be noted that this update only removes the version of Adobe Flash that comes bundled with Windows 10. Internet browser extensions and stand-alone installs of the software will remain unaffected by this update. Should the user want to re-install Adobe Flash on an updated system, they must either revert to a point prior to the update or perform a fresh install of Windows 10.

Gunnebo Suffers Critical Data Breach

Officials for Gunnebo, a Swedish security firm, have revealed that they were victims of a data breach in August. Researchers also discovered an 18GB file confirmed to contain customer information stolen from Gunnebo. The compromised data was uploaded to a public server after Gunnebo refused to pay a ransom, exposing roughly 38,000 sensitive files.

Finnish Health Center Hacked

It was recently revealed that the Finnish psychotherapy center Vastaamo suffered a ransomware attack that compromised highly sensitive patient data belonging to thousands of individuals. After refusing to pay a 40 Bitcoin ransom, the attackers began publishing the stolen data on the dark web. While officials have yet to determine when the breach occurred, they have been contacting victims about the stolen data since October 21.

Customer Accounts at UK Restaurant Chain Breached

Recent technology changes at restaurants and other public establishments like touchless methods of interaction have left UK restaurants open major security flaws. One such flaw has been exploited at UK restaurant chain Nando’s, with several customer accounts affected. By accessing previous account logins and using credentials that were stolen in prior cyberattacks, hackers have been able to create fraudulent orders. The company has since confirmed that, though they themselves weren’t the target of the breach, they will compensate any customers who are fraudulently charged.

Ryuk Suspected in Major Steelcase Attack

International furniture maker Steelcase was forced to take its systems offline following a ransomware attack that began late last week. It is believed that the attack used the highly active ransomware variant, Ryuk, though this has yet to be confirmed by Steelcase. By shutting down the remaining unaffected systems, Steelcase hopes it was able to stop the spread of encryption before irreparable damage was caused.

Cyber News Rundown: Child Smartwatch Backdoored

Backdoor Found in Children’s Smartwatch

Researchers have discovered that the X4, made by Norwegian smartwatch seller Xplora, contains a backdoor that could allow for information to be stolen. The X4 watch is designed specifically for children with a limited number of capabilities, mostly for children’s security. The backdoor, however, could allow attackers to take snapshots, view messages, call records, and access geolocational data from the wearer. The watches are designed and built in China and it remains unclear who has access to data created and stored on the devices.

Ransomware Strikes London Borough

The London borough of Hackney recently fell victim to a ransomware attack, taking several of the council’s primary services offline. While still little is known about the attack, it’s likely that encrypted files were also stolen for auctioning to the highest bidder. Council officials are working with law enforcement to determine the initial attack vector and information that may have been targeted.

Carnival Reveals Updates to Recent Cyberattack

Nearly two months after a ransomware attack compromised a third-party vendor for the Carnival Corporation, the company announced sensitive passenger information has indeed been exposed. An undetermined number of customers and employees may be affected across three Carnival cruise lines. With 150,000 employees worldwide, and upwards of 13 million customers, this data breach could be affect millions of individuals.

Ransomware Takes Aim at International Law Firm

International law firm Seyfarth Shaw has confirmed a ransomware attack targeted their systems over the weekend. While the extent of the attack remains unclear, several systems were forced offline after encryption was executed to stop additional spreading. Firm officials stated that no client information was stolen or illicitly accessed, but they are still operating without email or a live website. Some systems were saved from the attack but officials have yet to confirm if customers were affected by the breach.

Software AG Suffers Major Data Breach

German IoT specialist Software AG suffered a ransomware attack that was able to exfiltrate significant amounts of data. Officials have confirmed that, while they have been able to maintain online services throughout the attack, the malicious downloading of an unknown amount of sensitive data did take place. The attacking group has not yet been identified, but other attacks of similar scale have cost companies anywhere from $20 to $70 million in ransoms for the return of their data.

Cyber News Rundown: COVID-related Attacks Target Canadian Companies

New Jersey Hospital Pays Massive Ransom

Officials have decided to pay roughly $670,000 in ransom following a ransomware attack on the University Hospital in New Jersey. The hospital was likely forced into this decision after being unable to restore from backups the 240GB of data stolen in the attack on their systems. It’s not entirely clear what information was stolen, but given the haste of payment it was likely highly sensitive patient data.

COVID-Related Cyberattacks Target Canadian Companies

A recent survey revealed that over 25% of all Canadian business organizations had been targeted by a COVID-19-themed cyberattack since the beginning of the year. Most of the organizations surveyed also reported seeing a significant rise in overall cyberattacks since the pandemic began. Worrisome findings also revealed that 38% of organizations surveyed were unsure if they had fallen victim to any type of cyberattack, which could mean the amount of customer information for sale on black markets could be significantly higher.

Boom! Mobile Website Compromised

Customer data has been compromised for users of the Boom! Mobile website, which was infiltrated by malicious JavaScript. It’s still unclear how the unauthorized code got onto the site or how long was active. Officials for the mobile company have confirmed they do not store payment card data and that no Boom! Mobile accounts were compromised.

Major Ransomware Attacks Increase Through Q3

Researchers have reported a massive increase in ransomware attacks in Q3 of 2020, with the Maze group being responsible for 12% of all attacks. They also reported that Ryuk ransomware variants were responsible for an average of 20 attacks per week. With the ongoing neglect of cybersecurity in major corporations, ransomware attacks will likely continue as long as their authors find them profitable.

Chicago Food Delivery Service Stricken with Data Breach

Nearly 800,000 customer records were compromised following a data breach at ChowBus, a Chicago-based food delivery service. With roughly 440,000 unique email addresses exposed, many individuals are now more susceptible to additional phishing attacks or identity theft. Fortunately, however, ChowBus does not store payment card information on its site.

Cyber News Rundown: Ryuk Wreaks Healthcare Havoc

Ryuk Shuts Down Universal Health Services

Computer systems for all 400 Universal Health Services facilities around the globe have reportedly been shut down following an attack by the Ryuk ransomware group. Ryuk is known for targeting large organizations, but the healthcare industry has been gaining popularity among these groups due to high volumes of sensitive information and typically low levels of security. It’s unknown if the healthcare firm has paid ransoms for the encrypted data or if they are restoring systems from available backups.

Global Insurance Firm Targeted by Ransomware

The Fortune 500 insurance firm AJG was forced to take several computer systems offline over the weekend after identifying a cyber-attack. It’s still unclear which ransomware variant was responsible for the attack and officials with the firm haven’t revealed if customer or employee information was stolen. Third-party researchers confirmed multiple AJG servers, unpatched for a serious vulnerability, could have been the entry point for the attack.

French Shipping Company Knocked Offline by Ransomware

All computer systems and websites belonging to CMA CGM, a French shipping giant, were knocked offline by a crippling ransomware attack. This attack on CMA CGM makes them the fourth international shipping company to fall victim to a cyberattack, which have proven profitable, in as many years. The company has verified that the Ragnar Locker ransomware group was behind the attack, though they have not revealed the ransom asked.

Cyber Attack Forces Swatch to Disconnect Online Services

Though not confirmed by Swatch, the Swiss watchmaker was reportedly forced to take many of their systems offline after likely falling victim to a ransomware attack. While the company did not verify the type of attack, ransomware’s prevalence this year makes it a likely culprit. Swatch has announced they plan to seek legal action against the attackers.

DDoS Attacks See Substantial Rise in 2020

There were over 4.8 million DDoS attacks during the first half of 2020, a 15% rise over the same period last year. May alone saw more than 900,000 DDoS attacks, a record for most in a single month. Ninety percent of these attacks lasted for under an hour, marking another shift from previous years’ attacks. They have also increased in complexity, leaving victims and researchers with little time to defend themselves.

False Confidence is the Opposite of Cyber Resilience

Have you ever met a person who thinks they know it all? Or maybe you’ve occasionally been that person in your own life? No shame and no shade intended – it’s great (and important) to be confident about your skills. And in cases where you know your stuff, we encourage you to keep using your knowledge to help enhance the lives and experiences of the people around you.

But there’s a big difference between being reasonably confident and having false confidence, as we saw in our recent global survey. Featured in the report COVID-19 Clicks: How Phishing Capitalized on a Global Crisis, the survey data shows that, all over the world, people are pretty confident about their ability to keep themselves and their data safe online. Unfortunately, people are also still getting phished and social engineering tactics aimed at employees are still a major way that cybercriminals successfully breach businesses. These data points strongly suggest that we aren’t all being quite as cyber-safe as we think.

Overconfidence by the Numbers

Approximately 3 in 5 people (59%) worldwide think they know enough to stay safe online.

You may think 59% doesn’t sound high enough to earn the label of “false confidence”. But there were two outliers in our survey who dragged the average down significantly (France and Japan, with only 44% and 26% confidence, respectively). If you only take the average of the five other countries surveyed (the US, UK, Australia/New Zealand, Germany and Italy), it’s a full ten percentage points higher at 69%. UK respondents had the highest level of confidence out of all seven regions surveyed with 75%.

8 in 10 people say they take steps to determine if an email message is malicious.

Yet 3 in 4 open emails and click links from unknown senders.

When so many of us claim to know what to do to stay safe online (and even say we take steps to determine the potential sketchiness of our emails), why are we still getting phished? We asked Dr. Prashanth Rajivan, assistant professor at the University of Washington and expert in human behavior and technology, for his take on the matter. He had two important points to make.

Individualism

According to Dr. Rajivan, it’s important to note that Japan had the lowest level of confidence about their cybersecurity know-how (only 26%), but the survey showed they also had the lowest rate of falling victim to phishing (16%). He pointed out that countries with more individualistic cultures seem to align with countries who ranked themselves highly on their ability to keep themselves and their data safe.

“When people adopt a less individualistic mindset and, instead, perceive themselves to have a greater responsibility to others, their average level of willingness to take risks decreases. This is especially important to note for businesses that want to have a cyber-aware culture.”

– Prashanth Rajivan, Ph.D.

The Dunning-Kruger Effect

Another factor Dr. Rajivan says may contribute to overconfidence in one’s ability to spot phishing attacks might be a psychological phenomenon called the “Dunning-Kruger Effect”. The Dunning-Kruger Effect refers to a cognitive bias in which people who are less skilled at a given task tend to be overconfident in their ability, i.e. we tend to overestimate our capabilities in areas where we are actually less capable.

How These Numbers Affect Businesses

Only 14% of workers feel that a company’s cyber resilience is a responsibility all employees share.

The correlations between overconfidence and individualism may also translate into a mentality that workers are not responsible for their own cybersecurity during work hours. While 63% of workers surveyed agree that a cyber resilience strategy that includes both security tools and employee education should be a top priority for any business, only 14% felt that cyber resilience was a shared responsibility for all employees.

How to Create a Cyber Aware Culture

The short answer: a strong combination of employee training and tools.

The long answer: when asked what would help them feel better prepared to avoid phishing and prevent cyberattacks, workers worldwide agreed that their employers need to invest more heavily in training and education, in addition to strong cybersecurity tools. Dr. Rajivan also agrees, stating that, if employers want to build cybersecurity awareness into their business culture, then they need to invest heavily in their people.

“By creating a feeling of personal investment in the individuals who make up a company, you encourage the employees to return that feeling of investment toward their workplace. That’s a huge part of ensuring that cybersecurity is part of the culture. Additionally, if we want to enable employees to assess risk properly, we need to cut down on uncertainty and blurring of context lines. That means both educating employees and ensuring we take steps to minimize the ways in which work and personal life get intertwined.”

– Prashanth Rajivan, Ph.D.

Additionally, he tells us, “Human behavior is shaped by past experiences, consequences and reinforcement. To see a real change in human behavior related to phishing and online risk-taking habits in general, people need frequent and varied experiences PLUS appropriate feedback that incentivizes good behavior.”

Ultimately, the importance of training can’t be emphasized enough. According to real-world data from customers using Webroot® Security Awareness Training, which provides both training courses and easy-to-run, customizable phishing simulations, consistent training can reduce click rates on phishing scams by up to 86.5%.

It’s clear a little training can go a long way. If you want to increase cyber resilience, you have to minimize dangerous false confidence. And to do that, you need to empower your workforce with the tools and training they need to confidently (and correctly) make strong, secure decisions about what they do and don’t click online.

Learn more about Security Awareness Training programs.

Cyber News Rundown: LokiBot Attacks Increase

DHS Announces Massive Increase in LokiBot Attacks

By monitoring and tracking of cyberattacks over 2020, U.S. Department of Homeland Security (DHS) officials have uncovered a significant increase in cyberattacks being carried out by LokiBot, a malicious info-stealer of stored passwords and cryptocurrency information. The increase in LokiBot attacks can likely be attributed to its ability to steal credentials from hundreds of applications, and its range of other features that make it appealing to a wide variety of cyber criminals.

Long Island Hospital Suffers Data Breach

Blackbaud, a third-party vendor for a Long Island hospital, may have exposed sensitive patient information after it suffered a data breach this summer. In a July statement, Blackbaud revealed personally identifiable information for a number of patients was stolen but claimed it was destroyed shortly afterwards. Affected patients have been contacted regarding the breach and stolen information.

Thousands of Customers Exposed in Town Sports Breach

A database containing highly sensitive information belonging to over 600,000 customers and employees of Town Sports International was found publicly exposed on the internet. Town Sports recently filed for bankruptcy and was notified of this breach roughly a week later. While the company did not publically respond to the findings, the information secured the following day included everything from physical addresses to payment card info and other billing data. Past clients of the fitness chain should be wary of any emails they receive regarding their Town Sports memberships.

Global Operation Takes Down Major Dark Web Drug Network

In a major collaboration between Europol and other global intelligence organizations, 179 individuals across six countries have been arrested in relation to drug trafficking through Dark Web markets. Officials also revealed that this bust allowed them to seize $6.5 million in cash and hundreds of kilograms of illicit drugs. The operation is another setback for anonymous marketplaces allowing for the buying and selling of illegal goods and services as law enforcement continues to target rogue online bazaars.

Data from Over 200 Merchants Leaked in Shopify Breach

Data from at least 200 merchants was compromised after an internal support employee for Shopify was found to be stealing data. While the data included only basic contact information on customers and no payment card or social security info was taken, officials for Shopify are still working to determine the extent of the theft and if it has further changed hands. The employees involved with this breach have since been fired and all access to Shopify systems has been revoked to prevent further incident.

Cyber News Rundown: Magecart Massive Attack

Magecart Launches Largest E-commerce Attack to Date

Roughly 2000 e-commerce sites were compromised in the latest Magecart campaign targeting an out-of-date version of Magento software. It’s believed an additional 95,000 sites that haven’t patched to the latest Magento version could also be targeted by the payment skimming malware. The campaign began last Friday and by Monday had stolen data from over 1,900 stores serving tens of thousands of customers.

Staples Delivery System Responsible for Data Breach

Nearly two weeks after being contacted by a cybersecurity firm regarding their use of unsecured VPN servers, Staples has released a statement about a data breach that stemmed from a flaw in their delivery systems. Because Staples’ delivery tracking system required only an order number to pull up the entire order summary, customers were able to enter any number around their own order and access payment and other sensitive information belonging to other Staples customers. While the company has since resolved the flaw, it seems they have not yet contacted victims whose information was exposed.

Staffing Firm Suffers Second Ransomware Attack in 2020

Artech Information Systems, a global IT staffing firm, has recently fallen victim to their second ransomware attack of the year. Following a January attack by the REvil ransomware group, which released a small portion of company data after not receiving a ransom payment, Artech has now been infiltrated by the MAZE group, likely using a prior backdoor to the systems. Secondary ransomware attacks typically stem from improper resolution of the initial attack that leaves a system an easy target for another group.

Misconfigured Elasticsearch Exposes Over 100,000 Razer Customers

A security researcher found an unsecured Elasticsearch cluster late last month containing highly sensitive information for over 100,000 Razer customers. The exposed data contained personally identifiable information and order details with everything but the actual payment card data. Fortunately, Razer was quick to resolve the issue after being notified and set up an email worried customers could contact for more information.

SunCrypt Ransomware Targets University Hospital New Jersey (UHNJ)

Over 240GB of data was allegedly stolen from the University Hospital New Jersey after a SunCrypt ransomware attack. The attack was likely initiated against university systems shortly after a TrickBot infection last month compromised systems. The owners of SunCrypt have already released 1.7GB of the stolen data, which equates to roughly 48,000 documents containing highly sensitive personal information on patients and employees.

Cyber News Rundown: Android Giveaway Fraud

Thousands of Android Users fall Victim to Giveaway Fraud

Upwards of 65,000 Android users were potentially compromised after installing a malicious app promising free giveaways. Over the year the scam was in effect, roughly 5,000 apps were spoofed to lure victims into downloading in exchange for a phony giveaway. In reality, the infection pushes silent background ads which generate ad revenue for the scammers and decrease device performance.

North American Real Estate Firm Hit by Ransomware

A new ransomware variant known as DarkSide claimed its first victim, Brookfield Residential,  after operating for nearly two weeks. The North American real estate developer recently noticed unauthorized access to several systems and was left a ransom note stating that over 200GB of data had been stolen. The data has since been published to DarkSide’s leak site, which has prompted many to speculate the ransom was not paid by Brookfield Residential.

Cryptominers Caught Using AI

Researchers have been at work creating an AI algorithm to detect malicious cryptocurrency miners while avoiding legitimate ones. The detection method compares currently running miners to graphs of both legitimate and illegitimate miners and monitors changes between the processes being used and the scheduling of mining activity. This type of detection may be put to use to decrease the overall use of malicious code that can often tax the system’s CPU usage to max capacity.

Los Angeles School District Suffers Cyber Attack

Just weeks after the FBI issued a warning about the threat of cyberattacks against school districts, the Rialto School District in California has fallen victim to just such an attack. These setbacks have made the return to online schooling particularly difficult. The extent of the attack remains unclear and officials are still working to determine the effects on the 25,000 enrolled students.

Maze Ransomware Cartel Adds New Variant Team

The authors of the lesser-known ransomware variant SunCrypt have recently joined forces with the Maze ransomware cartel. It’s believed the new cartel members were brought in to assist with the high volume of attacks that the Maze Group is handling and are being paid with a portion of its profits. In addition to new revenue streams from its partnership with the organization, cartel members also benefit from access to the Maze Group’s resources including obfuscation techniques and posting cartel member’s stolen data to their dedicated leak site.

Cyber News Rundown: Ransomware Targets Major Cruise Line

Ransomware Attack Targets Major Cruise Line

Officials for Carnival Cruises have confirmed that a portion of their IT systems were encrypted following a cyberattack identified over the weekend. The company also revealed that sensitive information for both employees and customers was illicitly accessed, though they did not admit to what extent.

Millions of Social Media Profiles Exposed

More than 235 million social media profiles belonging to several major platforms, which contained personally identifiable information including names, locations and contact data, were publicly exposed due to a misconfigured database. Social Data, an online data marketing broker, seems to be the owner of the data, though it is unclear how they obtained it since data scraping for profit is generally not tolerated by Facebook or other platforms. According to Social Data, the database was exposed for up to three hours after initially spotted. It remains unknown how long the data was accessible without authentication.

Wine and Spirits Conglomerate Suffers Ransomware Attack

Brown-Forman, the parent company of many major liquor brands, recently fell victim to a ransomware attack that appears to be the work of the REvil ransomware authors. While the company was able to detect and thwart the attack before encryption, upwards of 1TB of highly sensitive internal information on employees, clients, and financial statements was stolen. Though no formal ransom was delivered, the attackers are likely to auction the data imminently.

File-less Worms Creates Linux Crypto-mining Botnet

Linux systems are on the lookout for a new infection that has been silently creating a botnet to employ ­­target machines as crypto miners. Since the start of the year, over 500 SSH servers have been infected around the world by a worm creating additional backdoors to allow attackers to return to the systems later. Due to the file-less nature of this infection, a simple reboot of the system can temporarily remove the malicious processes, but because the login credentials have already been exported the system can be quickly re-infected.

Canadian COVID-19 Relief Sites Breached

Several Canadian government websites connected to healthcare relief funds were breached with the intent to steal COVID-19 relief fund payments. Though only a small portion of the 12 million total accounts, 9,000 GCKey accounts were directly affected after being breached via credential-stuffing. Credential-stuffing uses brute force attacks with employs previously leaked credentials in the hopes victims use the same login info for multiple sites. Since the websites affected don’t use multi-factor authentication, the odds of a successful credential-related attack were increased.