2021 – Hackers start to value quality over quantity | #computerhacking | #hacking

We could be forgiven for thinking that 2021 was the year of the ransom note. However, subtle exfiltration of data and the further industrialisation of exploitation and revenue-generating software worryingly continued apace. The last year has not seen a reduction of security incidents but attack techniques are changing; targets are shifting but, as ever, money is at the root of all (cyber) evil. The more things change, the more they stay the same.

The Microsoft hack

Microsoft reported eight separate suspected ‘nation state’ hacking operations against its software in the past 12 months. It became a victim itself in March. The state-sponsored Chinese group Hafnium is credited with compromising Microsoft Exchange.

It is thought that up to 30,000 businesses were affected through this popular corporate email system. The attackers gained access to onsite servers via stolen credentials and some undetected vulnerabilities. They then erected web shells around the infected servers and were able to harvest email communications.

The Colonial Pipeline hack

Ransomware was front and centre this year. The Colonial Pipeline Company operates the largest fuel pipeline in the US. It was breached through compromise of a single machine in April, using an employee’s credentials found on the dark web. This implies that the employee may have used the same password on multiple sites, not just at work. Once in, the DarkSide ransomware operators moved laterally across the corporate network installing their ransomware.

Finally, around 5am local time on 7 May, administrators began to see the ransomware demand light up their screens. By 6:10am local time, the pipeline had been shut down for the first time in the company’s 57 year history. This rapidly caused a fuel shortage on the US East Coast. The pipeline transports 2.5 million barrels of fuel daily to the US East Coast and, as news of the problems spread, panic buying began. It was five days before service was restored.

Security company Mandiant was called in to triage and understand the manner and extent of the breach. The ransom of $4.4 million was paid by Colonial shortly after the attack. The perpetrators also exfiltrated more than 100GB of data which they threatened to publish if not paid.

REvil/Sodinokibi ransomware

Another notable ransomware attack involved the infamous REvil/Sodinokibi ransomware. Just before the Fourth of July holiday weekend in America, users of Kaseya’s virtual system administrator (VSA) software began to be infected.

Kaseya is a cloud-based managed service provider (MSP) platform that allows service providers to perform patch management, backups and client monitoring for its customers. Most customers who used the cloud version of the service were unaffected but those using on-premise Kaseya software were hit.

Although a small number were directly affected, it is thought that around 1,000 organisations downstream were affected as a result. This is a supply chain attack, as the affected systems are not independently infected but rather compromised through the trusted software of a third party (Kaseya in this case).

Current estimates are that between 800 and 1,500 small and medium sized businesses were infected with the REvil ransomware as a result of this compromise of Kaseya’s software. It certainly resulted in 800 Co-op supermarkets in Sweden closing. Mandiant was also called in to investigate this incident.

2021: it’s not all bad news

Headlines and statistics are not universally bad to this point in 2021. Risk Based Security, a US-based cyber risk analytics firm claims that publicly reported breaches fell by 24% in the first half of 2021, compared to the same period a year ago. This decline seems to mostly be for incidents outside the US, as the same report shows declared breaches are up 1.5% within the US.

The sheer number of records exposed has also fallen, according to the data. 18.8 billion records exposed in the first half of 2021 – representing a 32% decline – compared to 27.8 billion records exposed in the first half of 2020.

This does point to a possible shift in focus for certain highly sophisticated groups. In the ransomware field particularly, crime groups are carefully selecting targets based on an ability to pay higher ransoms. In many cases, this will involve compromise of less (but more valuable) data.

With the addition of a threat to expose sensitive data as well as the ransomware having encrypted it, the victim company has a difficult tightrope to walk. This unwelcome trend has spawned companies on the whitehat side specialising in ransomware negotiation, triage and recovery. On the blackhat side, ransomware-as-a-service is a booming growth industry.

The problem with LinkedIn

Before the celebrations begin over less personal data being exposed, there was a problem at LinkedIn. Data associated with 700 million LinkedIn users was posted for sale in a dark web forum on June 2021. This exposure impacted 92% of the total LinkedIn user base of 756 million users.

The data was dumped in two waves, initially exposing 500 million users – and then a second dump where the hacker ‘God User’ boasted that they were selling a database of 700 million LinkedIn users. It is well known that Chinese hackers place particular value on such data as it can be used to select targets for exploitation in industrial espionage.

Enter the government agencies

The publicity that ransomware attracts can be a problem. It provides superb advertising of the dangers of ransomware, highlighting the crippling effect it has on business. Also, reports of ransoms being paid help to persuade the next victim of the wisest choice of action.

layout: "SLIDEOUT", consentCookieExpiry: 90,

text : title: 'This site uses cookies', intro: 'Some of these cookies are essential to make the site work, while others help us to improve your experience by providing insights into how the site is being used.', necessaryTitle : 'Necessary Cookies', necessaryDescription : 'Necessary cookies enable core functionality. The website cannot function properly without these cookies, and can only be disabled by changing your browser preferences.', thirdPartyTitle : 'Warning: Some cookies require your attention', thirdPartyDescription : 'Consent for the following cookies could not be automatically revoked. Please follow the link(s) below to opt out manually.', on : 'On', off : 'Off', accept : 'Accept cookies', settings : 'My Cookie Preferences', acceptRecommended : 'Accept Recommended Settings', notifyTitle : 'Your choice regarding cookies on this site', notifyDescription : 'We use cookies to optimise site functionality and analyse our traffic. We also share information about your use of our site with social media platforms to provide personalised content and ads.', ,

branding : toggleColor: '#669900', removeIcon: true, ,

necessaryCookies: ['UMB-XSRF-TOKEN', 'UMB-XSRF-V', 'UMB_UCONTEXT_C', 'HACIVICLB','UMB_UPDCHK'], optionalCookies: [

name : 'analytics', label: 'Analytical Cookies', description: 'Analytical cookies help us to improve our website by collecting and reporting information on its usage.', cookies: ['_ga', '_gid', '_gat', '_hjClosedSurveyInvites', '_hjDonePolls', '_hjMinimizedPollsr', '_hjDoneTestersWidgets', '_hjMinimizedTestersWidgets', '_hjIncludedInSample'], onAccept : function() // Add Google Analytics (function(w,d,s,l,i)[];w[l].push('gtm.start': new Date().getTime(),event:'gtm.js');var f=d.getElementsByTagName(s)[0], j=d.createElement(s),dl=l!='dataLayer'?'&l="+l:"';j.async=true;j.src="https://www.googletagmanager.com/gtm.js?id="+i+dl;f.parentNode.insertBefore(j,f); )(window,document,'script','dataLayer','GTM-M676B7N'); // End Google Analytics

// Add Hot Jar

(function(h,o,t,j,a,r) h.hj=h.hj)(window,document,'https://static.hotjar.com/c/hotjar-','.js?sv=');

// End Hot Jar

, onRevoke: function()

, thirdPartyCookies: ["name": "Removing cookies", "optOutLink": "https://www.bcs.org/legal-and-privacy-notices/use-of-cookies/"]


name : 'marketing', label: 'Marketing Cookies', description: 'We use marketing cookies to help us improve the relevancy of advertising campaigns you receive.', cookies: ['fr'], onAccept : function(), onRevoke: function()

, thirdPartyCookies: ["name": "Removing cookies", "optOutLink": "https://www.bcs.org/legal-and-privacy-notices/use-of-cookies/"]


] };

CookieControl.load( config );

Original Source link

Posted in Uncategorized

Leave a Reply

Your email address will not be published. Required fields are marked *

seventy four − 73 =