Cyber Security Today, June 15, 2021 – BlackCat ransomware hits again, a huge DDoS attack and security updates issued

Share post:

BlackCat ransomware hits again, a huge DDoS attack and security updates issued. Welcome to Cyber Security Today. Wednesday June 15, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for
Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts
There’s lots of news today about the BlackCat ransomware strain, also called AlphV. First, in a background blog issued this week about the strain, Microsoft noted that one attack started by taking advantage of an unpatched Exchange server to compromise an organization. After getting inside the attacker collected operating system and network information to find domain computers, domain controllers and administrators. Then they found a password folder that gave access to account credentials. The attacker was able to steal and threaten the release of intellectual property in addition to encrypting data and demanding a ransom for decryption keys. This is another example of why IT and security teams have to patch critical applications as soon as security updates are available. The attacker was in the network for two weeks before the ransomware was deployed, which also shows why constant network monitoring for suspicious activity is vital. Separately, an Italian news site called CyberSecurity360 reported the AlphV gang is demanding the equivalent of $4.5 million from the University of Pisa after a ransomware attack there. The gang is already publishing what is says is stolen data as proof of the hack. Payment has to be made by this Friday or the ransom will be hiked. Meanwhile Canadian-based cyber threat analyst Brett Callow of Emsisoft has tweeted that the AlphV gang has added another pressure tactic: It’s created a site on the open internet where employees and customers of victim organizations can check if their personal information has been copied by the gang. Presumably the gang is using stolen email addresses to message people it thinks are impacted. The idea is they will pressure their employer or partner firm to give in to the crooks’ demands. Callow notes other criminal gangs are doing the same. For those who don’t recall, the BlackCat/AlphV gang is a re-branding of the Darkside and BlackMatter gangs. Data theft, encryption and erasure are only three of the worries of IT security teams. A distributed denial of service attack that knocks websites offline is also a weapon of some threat actors. The latest example is a huge attack described this week on a customer of Cloudflare, which provides technology to blunt such attacks. The attacker’s network of compromised devices fired 26 million requests per second at the unnamed organization. That’s a record. DDoS attacks can be used for harassment or to divert IT teams from a hacking attack going on elsewhere on their network. Depending on your organization’s risk profile it may need to subscribe to a DDoS mitigation service. Certainly every IT department and security team needs to keep all corporate-managed computers and devices secure with patches and multifactor authentication so they can’t be leveraged by threat actors to launch denial of service attacks. Finally, Microsoft has issued a security update for a Windows vulnerability called Follina that affects a number of versions of the operating system and Microsoft Office. The update was issued yesterday as part of the monthly Patch Tuesday fixes. It is estimated some 50 vulnerabilities were fixed. In addition, Adobe released patches for Animate, Bridge, Illustrator, InCopy, InDesign and RoboHelp Server. Google issued updates for the Chrome browser. So did industrial equipment makers Siemens and Schneider Electric. Although some of these patches may be installed automatically corporate and personal users of these applications should ensure their systems are up to date. Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. The post Cyber Security Today, June 15, 2021 – BlackCat ransomware hits again, a huge DDoS attack and security updates issued first appeared on IT World Canada.
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.


Related articles

Cyber Security Today, Week in Review for week ending Friday, June 21, 2024

Welcome to Cyber Security Today. This is the Week in Review edition for the week ending Friday June...

Cyber Security Today, June 21, 2024 – US to ban Kaspersky for businesses, consumers

U.S. to ban the sale of Kaspersky products to consumers and businesses. Welcome to Cyber Security Today. It's Friday...

Why Jensen Huang in the Taylor Swift of tech. Hashtag Trending for Friday, June 21, 2024

Hashtag Trending is brought you with the generous sponsorship of Zoho Canada. We thank them for making it...

Biden administration to ban US sales of Kaspersky software over ties to Russia

The Biden administration is set to announce a ban on the sale of Kaspersky Lab's antivirus software in...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways