Cyber Security News — Past 24 hours | 10.06.2021

Beef Supplier JBS Paid Hackers $11 Million Ransom After Cyberattack

Meat processing company JBS on Wednesday confirmed it paid extortionists $11 million in bitcoins to regain access to its systems following a destructive ransomware attack late last month.

“In consultation with internal IT professionals and third-party cybersecurity experts, the company made the decision to mitigate any unforeseen issues related to the attack and ensure no data was exfiltrated,” JBS USA said in a statement, with CEO Andre Nogueira adding the firm made the “very difficult decision” to prevent any potential risk for its customers.

Run as a ransomware-as-a-service business, REvil was also one of the early adopters of the so-called “double extortion” model that has since been emulated by other groups to exert further pressure on the victim company to meet ransom demands within the designated timeframe and maximize their chances of making a profit.

The technique involves stealing sensitive data prior to encrypting them, thus opening the door to new threats wherein refusal to engage can result in the stolen data being published on its website on the dark web.

“Being extorted by criminals is not a position any company wants to be in,” Colonial Pipeline CEO Joseph Blount said in a hearing before the U.S. Senate Committee on June 8. “As I have stated publicly, I made the decision that Colonial Pipeline would pay the ransom to have every tool available to us to swiftly get the pipeline back up and running. It was one of the toughest decisions I have had to make in my life”.

Source — https://thehackernews.com/2021/06/beef-supplier-jbs-paid-hackers-11.html

RockYou2021: The Largest Data Leak with 8.4 Billion Passwords

According to Cybernews, what appears to be the world’s largest password collection, called RockYou 2021, has been leaked on a famous hacker site. A forum user uploaded a 100GB TXT file containing 8.4 billion password entries.

The forum member has named the compilation ‘RockYou2021,’ probably in allusion to the historic RockYou data breach that occurred in 2009 when threat actors hacked into the social app website’s servers and obtained over 32 million user passwords stored in plain text.

This leak is equivalent to the Compilation of Many Breaches , the greatest data breach compilation ever, with a collection that exceeds its 12-year-old namesake by more than 262 times. “Since most people reuse their passwords across multiple apps and websites, the number of accounts affected by credential stuffing and password spraying attacks in the wake of this leak can potentially reach millions, if you feel one or more of your passwords may have been exposed as a result of the RockYou2021 incident, you should change your passwords for all of your online accounts right away.

Source — https://www.ehackingnews.com/2021/06/rockyou2021-largest-data-leak-with-84.html

Researchers Uncover Hacking Operations Targeting Government Entities in South Korea

A North Korean threat actor active since 2012 has been behind a new espionage campaign targeting high-profile government officials associated with its southern counterpart to install an Android and Windows backdoor for collecting sensitive information.
The development is only the latest in a series of surveillance efforts aimed at South Korea.

In using social engineering as a core component of its operations, the goal is to distribute a malware dropper that takes the form of a ZIP archive file attached to the emails, which ultimately leads to the deployment of an encoded DLL payload called AppleSeed, a backdoor that’s been put to use by Kimsuky as early as 2019. «Besides using the AppleSeed backdoor to target Windows users, the actor also has used an Android backdoor to target Android users,» Jazi noted. «The Android backdoor can be considered as the mobile variant of the AppleSeed backdoor. » AppleSeed has all the hallmarks of a typical backdoor, with myriad capabilities to record keystrokes, capture screenshots, collect documents with specific extensions , and gather data from removable media devices connected to the machine, all of which are then uploaded to a remote command-and-control server.

Source — Researchers Uncover Hacking Operations Targeting Government Entities in South Korea (thehackernews.com)

Experts Uncover Yet Another Chinese Spying Campaign Aimed at Southeast Asia

An ongoing cyber-espionage operation with suspected ties to China has been found targeting a Southeast Asian government to deploy spyware on Windows systems while staying under the radar for more than three years.The long-running campaign has been linked with «medium to high confidence» to a Chinese advanced persistent threat group it calls «SharpPanda» based on test versions of the backdoor dating back to 2018 that were uploaded to VirusTotal from China and the actor’s use of Royal Road RTF weaponizer, a tool that been used in campaigns attributed to well-known Chinese threat groups since late 2018. The development is yet another indication that multiple cyberthreat groups believed to be working in support of China’s long-term economic interests are continuing to hammer away at networks belonging to governments and organizations, while simultaneously spending a great deal of time refining the tools in their arsenal in order to hide their intrusions. «All in all, the attackers, who we believe to be a Chinese threat group, were very systematic in their approach». «The attackers are not only interested in cold data, but also what is happening on a target’s personal computer at any moment, resulting in live espionage

Source — Experts Uncover Yet Another Chinese Spying Campaign Aimed at Southeast Asia (thehackernews.com)

Stay Focused. Stay Vigilant.

Cyber Threat Incident Management Team — Cyber Security Community @ SLIIT

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store