Cyberthreat update from Acronis CPOCs: Week of August 10, 2020

Cyberthreat update from Acronis CPOCs: Week of August 10, 2020

Here at Acronis, we’re always monitoring for dangers to your data, deploying updates to handle newly-discovered vulnerabilities, and issuing alerts and recommendations to help you stay protected. Our global network of Acronis Cyber Protection Operations Centers (CPOCs) continue to work around the clock to proactively detect and defend against the latest cyberthreats.

Part of this work includes video updates to inform you of new hazards in the digital landscape. Here’s a look at some of the most recent breaking news and analyses:

Canon hit by Maze ransomware, 10TB of data allegedly stolen

Canon, the multinational corporation specializing in optical and imaging products, fell victim to a Maze ransomware attack that impacted their email system, Microsoft Teams, their US website, and other internal applications.

The Maze ransomware operators stated that they’ve stolen over 10TB of data from Canon, including private databases. Canon acknowledged the attack in an internal message sent to employees.

As is typical for ransomware, Maze exfiltrates data from the victim’s systems and the victim is threatened with the release of their sensitive data online if they don’t pay for its return. The antiransomware and data protection capabilities in Acronis Cyber Protect effectively stop Maze as well as other known and unknown ransomwares, and can restore data in a matter of minutes — reducing costly downtime to nearly nothing.

Travel giant CWT pays $4.5 million ransom to cybercriminals

CWT, one of the world’s largest travel and event management companies, has been compromised by the Ragnar Locker ransomware. The attackers allegedly stole 2TB of sensitive corporate data and claim to have compromised more than 30,000 systems.

While the attackers initially demanded $10 million for the safe return of stolen data, CWT entered negotiations and eventually agreed to pay a ransom of 414 bitcoin — equal to over $4.5 million at the time of writing.

Empowered by successful attacks like this, it’s a safe bet that cybercriminals will continue to threaten your company’s sensitive info. The AI-based behavioral heuristics in Acronis Cyber Protect can identify and block Ragnar Locker and other ransomware variants — before you have to pay millions to recover critical data.

US defense contractors targeted by North Korean phishing attacks

Employees of US defense and aerospace contractors were targeted in a large-scale spear phishing campaign by North Korean APT group HIDDEN COBRA.

Using fake job offer emails and social media messages, purportedly from high-profile defense contractors, the attackers sent employees malicious Word documents. When opened, these reach out to a remote server and retrieve another file used to inject malicious code into legitimate Windows DLLs, giving the attackers remote access to sensitive data on the victim’s machine.

With the active protection capabilities in Acronis Cyber Protect, malicious attachments like these are detected and quarantined to protect users against accidentally opening up their system to unwanted remote access. URL filtering can also block access to remote servers such as the one used in this attack campaign.

Malspam campaign caught using GuLoader on service relaunch

A new malspam campaign has been caught using the GuLoader malware, which was responsible for 25% of all malicious email attachments in June.

The GuLoader malware uses legitimate file-sharing websites, like Google Drive or Pastebin, to store its encrypted payloads. Since these services aren’t generally filtered in corporate environments, this helps it to avoid network-based detection. And by encrypting its payloads, GuLoader makes it hard for file-sharing service providers to identify its content as malicious.

While GuLoader poses challenges for traditional threat detection methods, the machine learning-based file analysis and dynamic behavior analysis in Acronis Cyber Protect can identify and block these payloads before they can do any harm to your system.

Hurricane Isaias leaves 1.9 million without power

Early this month, Hurricane Isaias hit much of the eastern coast of the United States, causing widespread damage, spawning tornadoes, and knocking out power for 3.5 million people across several states. Two days later, 1.9 million were still without power.

It remains to be seen exactly what impact this storm will have on most affected companies, but power outages, flooding, and other damage can lead to permanent data loss and crippling disruptions of business continuity.

As we continue through hurricane season, remember that disaster readiness is simply not optional for any business. A solid disaster recovery plan should include cloud data backups and image-based system restoration — both of which are enabled by Acronis Cyber Protect.

# # #

For the latest reports on emerging cyberthreats from Acronis’ cyber protection experts, subscribe to the Acronis YouTube channel and receive our CPOC updates as they’re posted.