A cyberattack shutdown US Colonial Pipeline
The Colonial Pipeline facility in Pelham, Alabama was hit by a cybersecurity attack, its operators were forced to shut down its systems. The pipeline allows carrying 2.5 million barrels of refined gasoline and jet fuel each day up the East Coast from Texas to New York, it covers 45 percent of the East Coast’s fuel supplies.
«The operator of the system, Colonial Pipeline, said in a statement late Friday that it had shut down its 5,500 miles of pipeline, which it says carries 45 percent of the East Coast’s fuel supplies, in an effort to contain the breach on its computer networks. Earlier Friday, there were disruptions along the pipeline, but it was unclear whether that was a direct result of the attack.» reported The New York Times.
Experts speculate the involvement of malware, likely ransomware, that infected its systems making them unavailable.
«In response, we proactively took certain systems offline to contain the threat, which has temporarily halted all pipeline operations, and affected some of our I.T. operations,» reads a statement issued by the company
Source — https://securityaffairs.co/wordpress/117680/hacking/colonial-pipeline-facility-cyberattack.html
Microsoft warns of a large-scale BEC campaign to make gift card scam
Business email compromise attacks represent a serious threat for organizations worldwide, according to the annual report released by FBI’s Internet Crime Complaint Center, the 2020 Internet Crime Report, in 2020, the IC3 received 19,369 Business Email Compromise /Email Account Compromise complaints. The attackers targeted organizations in multiple industries, including the consumer goods, process manufacturing and agriculture, real estate, discrete manufacturing, and professional services sectors. The threat actors leverage typo-squatted domains to trick the recipients into believing that the emails were originating from valid senders.
«In the middle of the workday, you get an email appearing to come from your boss, requesting that you purchase gift cards to give to the team as an incentive for their hard work during the pandemic. The request seems a little strange, you think. Maybe it was a spur-of-the-moment initiative. But you’re a rock star assistant and decide to go ahead and purchase the gift cards using department funds.» states a blog post published by Microsoft.
Source — https://securityaffairs.co/wordpress/117672/cyber-crime/bec-gift-card-scam.html
Ransomware Hits US Defense Contractor BlueForce
A ransomware attack hit U. S defense contractor Blueforce, says Hatching Triage sample, and a Conti ransomware chat. Ransomware in the Hatching Triage page consisted of a ransom threat likely to be from an attacker who hit the victim with Conti Ransomware strain. The note said that all the victim’s files were encoded by CONTI ransomware, attacker told the victim to google about if he weren’t aware of what the strain is, and said that all information has been encrypted with the software and couldn’t be restored by any method unless the victims contact the team directly. «Conti ransomware was first reported in mid-2020, and like many other modern ransomware families, it extorts victims by not only encrypting data but threatening to publish it, too.
Recent Conti victims include several London schools, as well as fashion retailer FatFace. It was also a member of the Maze ransomware cartel when it was active,» said SearchSecurity. « In addition, the response included a list and data pack of files to verify that Conti had breached the company and exfiltrated data. » .
Source — https://www.ehackingnews.com/2021/05/ransomware-hits-us-defense-contractor.html
hreat Actors’ Dwell Time Reduced to 24 Days, FireEye Reports
FireEye, the intelligence-led security company, published the FireEye Mandiant M-Trends 2021 report. « We have learned a great deal about UNC2452 in recent months, and we believe that intelligence will be our advantage in future encounters,» said Sandra Joyce, Executive Vice President, Global Threat Intelligence, Mandiant. Over the past decade, Mandiant has noticed a trending reduction in global median dwell time . This is in stark contrast to the 416 days it took firms when the report was first published in 2011.
In America, dwell time dropped from 60 days in 2019 to just 17 days last year, while in APAC and EMEA the figure increased slightly. This increased focus by threat actors can most likely be explained by the vital role the healthcare sector played during the global pandemic. However, a major contributing factor to the global reduction in dwell time may be the escalation of ransomware attacks, which usually take place over a shorter time frame than traditional cyber-espionage or data theft operations.
Source — https://www.ehackingnews.com/2021/05/threat-actors-dwell-time-reduced-to-24.html
Stay Focused. Stay Vigilant.
Cyber Threat Incident Management Team — Cyber Security Community @ SLIIT