Cyberthreat update from Acronis CPOCs: Week of October 5, 2020

Cyberthreat update from Acronis CPOCs: Week of October 5, 2020

Here at Acronis, we’re always monitoring for dangers to your data, deploying updates to handle newly-discovered vulnerabilities, and issuing alerts and recommendations to help you stay protected. Our global network of Acronis Cyber Protection Operations Centers (CPOCs) continue to work around the clock to proactively detect and defend against the latest cyberthreats.

Part of this work includes video updates to inform you of modern hazards in the digital landscape — such as new vulnerabilities in popular applications and shifting cyberthreat trends. Here’s a look at some of the most recent breaking news and analyses:

Patient dies after ransomware attack on hospital

A woman in Germany died during the aftermath of a ransomware attack on the Düsseldorf University Hospital, in what may be the first death directly linked to a cyberattack on a hospital.

The ransomware attack crippled the hospital’s computer systems, preventing them from taking in new emergency patients. This forced the woman to be redirected to another medical facility 20 miles away, with the delay in treatment ultimately leading to her death.

It doesn’t appear that the hospital was the intended target, as the ransom note was addressed to a nearby university. The cybercriminals stopped their attack once authorities informed them that the hospital had been impacted.

Cyberthreats against healthcare facilities pose an incredible risk to the physical safety of patients. The advanced behavior analytics and active protection capabilities in Acronis Cyber Protect can block even new and unknown ransomware variants from executing.

Google Chrome bugs open browsers to attack

Google has released an update to its Chrome browser for Windows, Mac, and Linux that addresses 10 major security flaws. Of these 10, five are considered by Google to be high severity.

These vulnerabilities could lead to an attacker executing arbitrary code in the browser, which can allow them to view, change, or even delete data. Simply visiting compromised websites or installing malicious Chrome extensions can put users at risk.

While a patch has been created, users aren’t protected until they’ve updated the browser across their systems — especially now that knowledge of these flaws is public. With vulnerability assessment and integrated patch management capabilities, Acronis Cyber Protect ensures that Chrome and other applications are updated with the latest vulnerability fixes, keeping you safe online.

New ransomware actor OldGremlin hits top organizations

Since March, a new cybercriminal group called OldGremlin has been targeting Russian companies — including banks, industrial enterprises, and medical firms — with new, customized ransomware.

OldGremlin uses tricky spear phishing emails that utilize constantly evolving lures — from false coronavirus pandemic recommendations to fake requests for media interviews. Using legitimate-looking sender addresses, the group sends targets a personalized message with an attached .zip archive. Once opened, the attachment installs a backdoor to gain a foothold on the target’s network.

While attacks attributed to this group have only been observed in Russia thus far, it’s quite possible that OldGremlin is fine-tuning their operations on a smaller scale before going global. Acronis Cyber Protect’s behavioral analysis and dynamic detection capabilities can automatically block .zip files from malicious sources, stopping both known and unknown ransomware variants in their tracks.

Fileless malware tops critical endpoint threats for first half of 2020

A recent report from Cisco shows that in the first six months of 2020, the most prevalent threat to users’ endpoints was fileless malware.

Fileless malware differs from standard malware in that it runs in memory after initial infection, rather than in files stored on the hard drive. This makes it very hard for most signature-based detection systems to identify. Most fileless malware variants also search for, and disable, antimalware applications on the victim’s system.

Some of the most notorious strains of fileless malware are Kovter, Poweliks, Divergent, and LemonDuck, all of which have highly advanced forms of obfuscation. Acronis Cyber Protect can not only detect fileless malware, but also has built-in protection to prevent itself from being disabled by malicious applications — keeping your systems safe from infection.

Phishing page targets AT&T’s multi-factor authentication

Communications giant AT&T were the recent victims of impersonation in an advanced phishing attack campaign.

The AT&T Global Login page was cloned and used by the threat actors to harvest users’ credentials — as well as their multi-factor authentication tokens — and send them to a Telegram Messenger bot. While these tokens have a limited lifespan, there’s still plenty of time for automated scripts to log in and generate a valid session for the attacker.

Getting privileged access to a company’s internal systems is often the first goal in a cyberattack, allowing threat actors to misuse that access and to spread laterally across systems. With its URL filtering capabilities, Acronis Cyber Protect can prevent users from ever accessing phishing sites, keeping their personal login information secure.

# # #

October is National Cybersecurity Awareness Month — celebrate with us at the Acronis Cyber Summit 2020, which is being offered this year as a free virtual conference from October 19–21. And for the latest reports on emerging cyberthreats from Acronis’ cyber protection experts, subscribe to the Acronis YouTube channel and receive our CPOC updates as they’re posted.