This Week in Security News June 25, 2021
Fake DarkSide campaign targets energy and food sectors and Tulsa police-citation data leaked by Conti Gang
Save to Folio
Welcome to our weekly roundup, where we share what you need to know about cybersecurity news and events that happened over the past few days. This week, learn about threat actors that posed as DarkSide in a bid to deceive targets into paying ransom. Also, read more about the Conti ransomware group leaking Tulsa police-citation data.
The city of Tulsa, OK is asking some of its residents to keep a close eye on their personal and financial accounts after the Conti ransomware group leaked 18,000 city files, mostly police citations, on the dark web. The leak stemmed from the May 6 ransomware attack that caused the city to shut down its network, disrupting its online bill payment systems, utility billing and email.
A ransomware attack by the DarkSide group on the Colonial Pipeline recently made news headlines. With this, it would not be surprising to find threat actors taking advantage of this incident for their own campaigns. In fact, several companies in the energy and food sectors have recently received threatening emails supposedly from DarkSide. However, the content used in the emails is believed to not come from said threat group, but from an opportunistic low-level attacker posing as DarkSide.
The conversation on cyber risk in the agricultural equipment industry is being pushed along by the U.S. Government. Agricultural equipment giant Deere was among several agricultural equipment makers approached by representatives from the U.S. Cybersecurity and Infrastructure Security Agency to discuss the cybersecurity of connected farm machinery such as tractors and combines. Deere and its competitors are starting bug bounty programs attracting white hats to look for vulnerabilities.
Trend Micro is helping customers natively deploy Infrastructure as Code (IaC) resources for security the same way as cloud native infrastructure in collaboration with AWS CloudFormation and is excited to announce that Trend Micro Cloud One Container Security is now available as a CloudFormation resource type.
The European Union (EU) plans to set up a new cybersecurity task force to respond to cyberattacks across the bloc. Called the Joint Cyber Unit, the task force will help member states who suffer cyberattacks seek help from countries within the EU. Rapid response teams will be deployed to deal with hackers in real-time.
While investigating samples of NukeSped, a remote access trojan (RAT), Trend Micro came across several Bundlore adware samples using the same fileless routine that was spotted in NukeSped. The backdoor has been attributed to the cybercriminal group Lazarus, which has been active since at least 2014. Recently, a more sophisticated form of this trojan called ThreatNeedle surfaced as part of a cyberespionage campaign by Lazarus.
Google announced the expansion of the Open Source Vulnerabilities (OSV) database to include information on bugs identified in Go, Rust, Python, and DWF open source projects. Launched in February 2021 with details on thousands of vulnerabilities from Google’s OSS-Fuzz project, the OSV database is meant to provide automated, improved vulnerability triage for both developers and users of open source software.
Rapid investments in cloud services, applications and infrastructure have been a lifeline for organizations during the pandemic. There must be a focus on building digital businesses on secure and stable foundations. This is where two new industry analyst reports shed some reassuring light on Trend Micro’s cybersecurity platform. Respected industry analyst firms agree that Trend Micro customers can drive significant ROI and cost savings by consolidating with Trend Micro.
The Health Service Executive (HSE) has warned Ireland's health service will face months of disruption as it continues to recover from the significant ransomware attack on May 14. The attack has been attributed to the Conti ransomware gang. The cyber criminals provided HSE with a decryption tool for free but have threatened to publish information stolen in the attack – potentially a violation of patient privacy – if they don't receive a ransom of a reported $20 million in bitcoin, something that HSE vowed not to pay.
What are your thoughts on the Conti gang’s continuous disruptive attacks? Share in the comments below or follow me on Twitter to continue the conversation: @JonLClay.