Cyberthreat update from Acronis CPOCs: Week of February 1, 2021

Cyberthreat update from Acronis CPOCs: Week of February 1, 2021

Here at Acronis, we’re always monitoring for dangers to your data, deploying updates to handle newly-discovered vulnerabilities, and issuing alerts and recommendations to help you stay protected. Our global network of Acronis Cyber Protection Operations Centers (CPOCs) continue to work around the clock to proactively detect and defend against the latest cyberthreats.

Part of this work includes video updates to inform you of modern hazards in the digital landscape — such as active cyberthreat campaigns and changes to the biggest botnet threats. Here’s a look at some of the most recent breaking news and analyses:

Global takedown operation brings Emotet botnet to a halt

By the end of 2020, Emotet was established as one of the world’s largest cyberthreats — having impacted an estimated 7% of all global businesses and secured ransoms as high as $50 million. Now, a worldwide effort has crippled its infrastructure.

Emotet was first spotted as a banking trojan in 2014, but has since evolved into a massive botnet. Cybersecurity specialists working together across eight countries recently managed to compromise hundreds of malicious servers within the Emotet botnet, and to redirect these systems to infrastructure controlled by law enforcement agencies.

This development is certainly good news for individuals and businesses alike, but the fight against cybercrime never rests. In October 2020, Microsoft managed to take down 94% of Trickbot’s servers, but the Trickbot group has already made a comeback with additional functionality to avoid detection. It’s likely that Emotet will either return under a new name, or a new type of malware will take over the space they inhabited.

Acronis Cyber Protect detects and blocks both known and unknown cyberthreats with its AI-powered behavioral heuristics, which recognize the malicious behavior found in Emotet and other malware variants.

UK Ministry of Defence indicates 18% rise in data loss events

With Europe having just celebrated Data Protection Day, a new report on data loss incidents by the UK’s Ministry of Defence couldn't be timelier.

They’ve recorded an 18% rise in personal data loss incidents, with 546 incidents in the 12 months leading up to the 31st of March, 2020. Seven of these events were critical enough to warrant disclosure to the Information Commissioner’s Office (ICO).

Analysis reveals that as many as 454 of these incidents are related to the unauthorized disclosure of data, with 49 being attributed to the loss of electronic equipment, devices, or documents from government premises, and 19 to similar losses from outside of government premises. Of the seven incidents that required disclosure to the ICO, data lost or inappropriately accessed includes mental health information, a whistleblowing report that was incorrectly redacted, and other highly personal and confidential files.

A multi-faceted approach to cybersecurity is critical in today's world, and that's exactly what Acronis Cyber Protect provides. Integrated anti-malware and data protection capabilities — in combination with URL filtering, disaster recovery, and more — can safeguard your data against malicious cyberattacks and accidental loss or leakage.

Packaging company WestRock hit by ransomware attack, impacting production

WestRock, the second-largest American packaging company, has fallen victim to a ransomware attack. The company’s automation processes were affected, forcing a switch to manual production and resulting in delays.

With around $18 billion in annual revenue and over 50,000 employees, WestRock is a tempting target for cybercriminals engaged in “big game hunting” — the tactic of going after companies that can afford to pay large ransoms and are highly-motivated to restore data and services quickly. While the value of the demanded ransom is unknown at this time, the attack itself likely contributed to a recent 10% drop in the value of WestRock’s stock.

It’s not yet clear which ransomware group might be responsible for the attack, but at least seven likely contenders — including Snake and CLOP — have a history of attacking manufacturers and OT/ICS systems. The integrated, threat-agnostic ransomware detection capabilities in Acronis Cyber Protect can block all forms of malware before they’re able to damage your systems.

Phishing campaign uses COVID-19 vaccination offer as lure

COVID-19 themes were some of the most common lures for phishing campaigns in 2020, and that doesn't seem likely to change anytime soon. A new and highly-active phishing campaign is sending out emails that purport to be from the UK's National Health Services, telling victims that they are eligible for the COVID-19 vaccine.

The emails come from cnoreply@nhs.gov.uk, while the NHS’s actual website is simply nhs.uk. These messages vary, but are generally related to eligibility for vaccination. Two links exist in the email — one to accept the invitation, and one to decline. Both links direct the victim to a fake NHS website that requests personal information, including names, addresses, banking information, and other details. It should be noted that the real NHS does not require such documentation or other financial details in determining vaccine eligibility.

Over the last year, COVID-19-related phishing campaigns have targeted a number of health organizations, and these have been successful enough that the WHO created a cybersecurity page to help individuals identify and avoid such attacks. Acronis Cyber Protect safeguards users and their critical data against phishing and other cyberthreats.

Banking trojan DanaBot resurfaces with new targets, capabilities

The banking trojan DanaBot appeared to be dormant towards the end of 2020, but has recently resurfaced with some new variants. Two of these are targeting specific countries — Australia and the U.S. — while others have new technical features, like enhanced command-and-control functionality.

Around the world, banking trojans are responsible for billions of dollars in financial damage each year. DanaBot specifically is known for stealing network requests, data, and user credentials. It may also take covert screenshots and spread ransomware and other malware, such as cryptominers.

Regardless of how malware evolves, the AI-powered detection and prevention capabilities in Acronis Cyber Protect can recognize and stop malicious behaviors such as those present in DanaBot and other banking trojans.

# # #

For the latest reports on emerging cyberthreats from Acronis’ cyber protection experts, subscribe to the Acronis YouTube channel and receive our CPOC updates as they’re posted.