CYBERSECURITY NEWS V. 05.22 – UK supercomputer, EU Parliament, Trump & Madonna hit by hackers
New espionage toolkit targets air-gapped networks
A newly discovered cyber-espionage framework dubbed Ramsay can collect and exfiltrate sensitive data from systems protected by an air gap. Ramsay is believed to be on an early stage of development, and few victims have been identified so far. The framework is capable of collecting different types of documents (MS Word, PDF, and archived files) and storing them in a hidden folder for further exfiltration. Ramsay is not the first toolkit capable of attacking air-gapped networks; the Trend Micro cybersecurity blog has recently reported on USBFerry.
Supercomputers across Europe infected with crypto miners
One of the UK's most powerful supercomputers, which is hosted by the University of Edinburgh, fell victim to a massive cyber attack. As a result, the administrators were forced to rewrite all user passwords and SSH keys. Since May 19 till May 21 ARCHER's high-performance computing (HPC) network was unavailable for researchers using it. ARCHER is the first academic supercomputer to be compromised among the wide range of attacks on European systems. It is believed that the attackers' aim was to use the supercomputer for crypto mining. Security audit checklists are absolutely necessary for academic institutions.
Microsoft won’t release new 32-bit builds of Windows 10 for OEM distribution
The new OEM computers will not get new versions of Windows 10 as 32-bit builds. The current version of the WIndows 10 Minimal hardware requirements document states that starting with version 2004 the operating system will require 64-bit builds. However, the versions of Windows running on 32-bit systems will still get the necessary security updates.
British Ministry of Defence contractor hacked
Interserve, one of the UK government’s strategic suppliers, suffered from cyber attacks resulting in a leak of up to 100,000 employees’ personal records. The data include names, addresses, bank details, payroll information, next of kin details, personnel, and disciplinary records. The company will need some time to recover from the incident. This case shows that it’s necessary for enterprises to make security a priority and that the demand for cybersecurity services will continue to grow.
UK power grid middleman suffers from cyber attack
Elexon, the company responsible for the UK's Balancing and Settlement Code (BSC), was affected by a cyber attack. It impacted only the internal IT systems and laptops. The company was unable to send or receive any emails, but its BSC Central Systems and EMR remained intact, and there were no disruptions to electricity supplies. Security experts think that the incident has all the hallmarks of a ransomware attack. Analysts state that vulnerabilities in critical infrastructure are a serious cybersecurity risk for oil and gas companies, electrical grids, ICS, and smart cities. Given that, penetration testing services will be in high demand.
Ransomware operators blackmail Donald Trump
A hacker group known as REvil (or Sodinokibi) has threatened to publish damaging information about Donald Trump, which they stole from a New York law firm. Earlier, the group has already published legal documents concerning Lady Gaga. The hackers demand a payment of $42 million, which is the most significant ransom in history. After the FBI declared this an act of terrorism, REvil published the first part of data with a total of 169 emails mentioning Trump. Later, they claimed they had found buyers for the documents and were preparing to auction information about Madonna.
European Parliament suffered from major data breach
Personal data of more than a thousand staff and members of the European Parliament was exposed online on a portal that is part of the Parliament's domain used by the officials. It was taken down after it had been reported by a third-party cybersecurity provider. This incident raises concerns about the security of political parties and institutions.
Node.js malware spreads through fake US Department of Treasury emails
A new spam campaign distributes remote access trojan and password-stealing malware. The operators impersonate the US Department of the Treasury and offer users to download a zip archive pretending to contain payment approval documents. The archive has only one file – a new Node.js malware called QNodeService discovered earlier by cybersecurity experts. The data and passwords of victims are compromised. It is possible that the malware could gain access to other devices in the affected network. Thus, it is recommended that network and system administrators perform an immediate IT security audit to check if any of the systems were compromised.