Cyber Security News — Past 24 hours | 07.06.2021
FUJIFILM Shuts Down Operations Following Suspected Ransomware Attack
Another ransomware attack has surfaced online. The latest report comes from the photography giant FUJIFILM that temporarily shut down its operations following the attack. Reportedly, FUJIFILM has fallen prey to a possible ransomware attack. According to the notice placed on their US website, the firm suffered the attack on June 2, 2021. Following the incident, the company suffered network disruptions besides facing the effect on communications. In the late evening of June 1, 2021, we became aware of the possibility of a ransomware attack. As a result, we have taken measures to suspend all affected systems in coordination with our various global entities. FUJIFILM Corporation is currently carrying out an investigation into possible unauthorized access to its server from outside of the company. As part of this investigation, the network is partially shut down and disconnected from external correspondence. Despite explicitly disclosing the ransomware attack, FUJIFILM hasn’t shared any details about the attackers. However, Bleeping Computer reports that Vitali Kremez has observed the involvement of Qbot Trojan in this attack
Swedish Public Health Agency Disclosed Multiple Hacking Attempts
Another report of cyber-attack has surfaced online from the health sector. The recent victim is the Swedish Public Health Agency that has endured numerous hacking attempts. The agency pulled the nation’s infectious diseases database offline following these attempts. Reportedly, the Swedish Public Health Agency has taken offline its SmiNet database after observing multiple hacking attempts. These attempts also hindered the agency’s data reporting. Sharing the details via a press release, the agency stated [translated], SmiNet stores electronic case reports of infectious diseases that are subject to notification in accordance with the Swedish Communicable Diseases Act, for example, covid-19. The Swedish Public Health Agency can therefore not report complete data from Wednesday at 4 pm before the work of investigating the intrusion attempts has been completed
Upon noticing the attacks, the agency started investigations for possible access to the database. Also, they have informed the law enforcement authorities of the matter. While the agency pulled the database temporarily offline, it restored the database on May 28, 2021, after security enhancements. They further assured to share the next update on June 3, 2021, after completing the statistics in a subsequent update.
The Russian expert assessed the threat of the United States to launch “offensive cyber operations” against “Russian hackers”
«The US doctrinal documents say that in response to hacker attacks, they can use not only cyber weapons but also military means. However, I have little faith that the Americans, in response to an attack, would risk striking Russian territory with conventional weapons. Instead, they can carry out attacks on public networks and on local networks of Russian organizations,» said Viktor Murakhovsky, a member of the expert council of the board of the Military-Industrial Commission of the Russian Federation. The expert suggests that if the United States does carry out an «offensive operation», then Russia will be able to both prevent it and respond symmetrically.
In addition, as Murakhovsky noted, Russia has specially trained cyber-military specialists under the control of the General Staff of the Russian Armed Forces. On Friday, government sources told NBC that the President of the United States, Joe Biden, may instruct the US military to prepare «offensive cyber operations» against hackers based in Russia. As the TV company points out, the head of the White House will resort to such measures if he fails to reach an understanding on the issue of hacking activity at the upcoming meeting with Russian President Vladimir Putin in Geneva on June 16.
DOJ Charges Latvian National for Helping Develop the Trickbot Malware
The US Department of Justice has charged a Latvian woman for her alleged role in developing the Trickbot malware, which was responsible for infecting millions of computers, targeting schools, hospitals, public utilities, and governments. The DOJ said in a press release, Witte created the code used by Trickbot malware to control, launch, and manage ransomware payments. Trickbot is a malware variant that was first discovered in October 2016 as a modular banking trojan and has subsequently been updated with new modules and capabilities. Microsoft and many partners reported on October 12 that they had taken down certain Trickbot C2s.
Despite these concerted attacks on TrickBot’s infrastructure, the TrickBot gang’s botnet remains alive, and new malware builds are continually being released. The TrickBot gang is renowned for spreading the ransomware Ryuk and Conti onto the networks of valuable business targets. Monaco, Trickbot penetrated millions of victim computers throughout the world, harvesting banking information and delivering ransomware. “The Trickbot malware was designed to steal the personal and financial information of millions of people around the world, thereby causing extensive financial harm and inflicting significant damage to critical infrastructure within the United States and abroad,” Acting US Attorney Bridget M.
Stay Focused. Stay Vigilant.
Cyber Threat Incident Management Team — Cyber Security Community @ SLIIT