Here are the top security stories from the past few weeks:
- Kaseya patches zero-day vulnerabilities that are used in ransomware attacks in the supply chain
- Attackers use Kaseya ransomware attack to distribute Cobalt Strike Backdoor in fake security updates
- Morgan Stanley reports data breach after a vendor was hit by the Accellion hack
- US insurance company CNA notifies customers of data breaches following ransomware attack
- US fashion retailer Guess notifies customers of data breaches following ransomware attack
On July 11th, Kaseya, a provider of IT solutions for MSPs and companies, patched the three zero-day vulnerabilities was used in a widespread ransomware attack on the supply chain on July 2nd. The attack took advantage of vulnerabilities in Kaseya’s Virtual System / Server Administrator (VSA) remote monitoring and management platform to spread REvil ransomware. 50 direct customers of Kaseya and around 1,500 smaller downstream companies were affected by the ransomware attack, which is compared to the attack on the SolarWinds supply chain.
Attackers used the latest Kaseya VSA ransomware attack as a lure to launch a campaign spreading Cobalt Strike via fake Microsoft security update emails. Victims who fall for the fake update and install the malicious executable file end up giving the attackers permanent remote access. Cobalt Strike is a legitimate tool used by network penetration testers, but threat actors use it to bypass security controls, spread malware, and exfiltrate data.
Investment bank Morgan Stanley has reported a data breach after being affected by the attack on the Accellion FTA server supply chain. Guidehouse, a third party account maintenance service provider, notified Morgan Stanley in May 2021 that attackers had hacked its Accellion FTA server and stole stock plan documents. While the stolen files were being encrypted, the attackers also stole the decryption key. The files stolen include personal information, including names, addresses, dates of birth, social security numbers, and company names of stock plan participants.
CNA Financial Corporation, the seventh largest commercial insurer in the US, notifies customers of a data breach after being hit by the Phoenix CryptoLocker ransomware in March. According to the company, more than 75,000 people were affected by the data breach, including customers, contractors, and current and former employees. Files stolen from the data breach contained personal information such as names and social security numbers. Over 15,000 CNA devices were encrypted during the first ransomware attack on March 21.
Guess notifies customers of a data breach after falling victim to a ransomware attack in February. Customer personally identifiable information including social security numbers, driver’s license numbers, passport numbers, financial account numbers, and credit / debit card numbers has been accessed. Over 1,300 people were affected, and the DarkSide ransomware group is believed to have been behind the first ransomware attack on Guess.
#Bitglass #Security #Spotlight #Aftermath #Kaseya #ransomware #attacks #data #breaches #ransomware