Cyberthreat update from Acronis CPOCs: Week of January 18, 2021

Cyberthreat update from Acronis CPOCs: Week of January 18, 2021

Here at Acronis, we’re always monitoring for dangers to your data, deploying updates to handle newly-discovered vulnerabilities, and issuing alerts and recommendations to help you stay protected. Our global network of Acronis Cyber Protection Operations Centers (CPOCs) continue to work around the clock to proactively detect and defend against the latest cyberthreats.

Part of this work includes video updates to inform you of modern hazards in the digital landscape — such as new tactics seen in phishing and ransomware campaigns. Here’s a look at some of the most recent breaking news and analyses:

Windows 10 vulnerability leads to hard drive corruption

A zero-day vulnerability in Microsoft Windows 10 allows would-be attackers to delete all data on a NTFS-formatted drive, which is the format Windows uses by default. This can be done with a simple, one-line command.

The malicious command can be hidden in a number of file types, including Windows shortcut files, ZIP archives, and batch files. If hidden in a shortcut file, simply opening the directory that the file is in is enough to activate the attack. Once executed, the hard drive is immediately corrupted, and the user is prompted to restart their computer to repair the problem. Data can be permanently lost if the repair utility fails to fix the corrupted files.

Ever-popular in homes and businesses alike, Windows maintains a market share of over 75%, with more than 900 million computers running Windows 10. Countless volumes of sensitive data — from personally-identifiable information to trade secrets — are at risk from this exploit. The best-in-class backup capabilities within Acronis Cyber Protect keep your business-critical data safe, and make recovery quick and painless.

“Trump sex tape” latest lure in QRAT phishing campaign

Gossip surrounding outgoing U.S. President Trump has aided phishers in creating unique and effective lures for the spread of malware.

Since its creation in 2016, QRAT malware has targeted hundreds of corporations primarily through phishing. The group behind QRAT is constantly pivoting their methods and — according to security researchers — are now using a “significantly-enhanced” version of their trojan, often hidden within a salaciously-named file or presented as an investment opportunity.

Over 135 million phishing attacks are attempted each day, and the technique continues to be a highly-effective way of spreading malware and stealing credentials. Over a third of all data breaches can be attributed to phishing. Acronis Cyber Protect stops QRAT malware and the malicious domains it uses with an advanced heuristic engine and built-in URL filtering.

Dassault Falcon suffers data breach after Ragnar Locker attack

Dassault Falcon Jet Corp, the U.S. subsidiary of French aerospace firm Dassault Aviation, has been successfully targeted by a ransomware attack. The infamous Ragnar Locker group appears to be behind this strike.

The attackers were able to infiltrate their target as well as several partner networks. They have stolen, and partially leaked, at least 18 GB of sensitive data — including personally-identifiable employee information such as Social Security numbers and salary figures. While the demanded ransom value is currently unknown, the Ragnar Locker group previously demanded $15 million from Campari in a similar attack.

Thanks to its advanced anti-malware engine and behavioral heuristics, Acronis Cyber Protect blocks both known and unknown ransomware variants before they can cause financial and reputational damage to your company.

Ransomware gangs target executives for extortion

Over the past three years, more than 20 ransomware gangs have shifted from consumer to corporate targets, taking advantage of their deeper pockets and increasingly valuable data. Now, ZDNet reports that the CLOP and REvil ransomware groups are specifically targeting managers and executives at major companies.

Data exfiltration is not a new ransomware tactic — though it is a rapidly-increasing one. But attackers are no longer simply threatening to release trade secrets or databases of customer information. Cybercriminals have been combing through files and inboxes for compromising details, such as emails about ongoing litigation. In some cases, the attackers are even contacting executives directly by email or phone to add pressure to the extortion.

In 2020, more than 1,300 companies had their data publicly leaked due to ransomware attacks by the top 20 groups alone. Acronis Cyber Protect not only blocks ransomware through its multi-layered AI-powered defenses, but can also block other types of malware — such as fileless backdoors — which are often used by attackers to deploy their payloads.

Heavy snowfall in southern U.S. leaves many without power

Heavy snow is very uncommon in the southern United States, but that’s exactly what they got last week when up to 12 inches covered parts of Texas and Louisiana. For some areas in the region, it was the most snowfall in over 50 years.

A large storm began dumping snow in Colorado, then moved across the south, leaving an icy blanket in its wake as far away as the east coast states of North Carolina and Virginia. More than 150,000 people were left without power when the blizzard took down trees and damaged power lines across the region.

When unexpected disasters take down your infrastructure, the disaster recovery capabilities in Acronis Cyber Cloud allow you to fail over to the Acronis Cloud — getting your systems back up and running in mere minutes rather than hours or days.

# # #

For the latest reports on emerging cyberthreats from Acronis’ cyber protection experts, subscribe to the Acronis YouTube channel and receive our CPOC updates as they’re posted.