Cyberthreat update from Acronis CPOCs: Week of September 28, 2020

Cyberthreat update from Acronis CPOCs: Week of September 28, 2020

Here at Acronis, we’re always monitoring for dangers to your data, deploying updates to handle newly-discovered vulnerabilities, and issuing alerts and recommendations to help you stay protected. Our global network of Acronis Cyber Protection Operations Centers (CPOCs) continue to work around the clock to proactively detect and defend against the latest cyberthreats.

Part of this work includes video updates to inform you of modern hazards in the digital landscape — such as newly-emerging malware threats and successful attacks against government facilities. Here’s a look at some of the most recent breaking news and analyses:

Zerologon vulnerability exposes domain admin rights

Microsoft has recently patched the vulnerability known as Zerologon (CVE-2020-1472), one of the most dangerous bugs they’ve ever had to address.

Left unpatched, this vulnerability allows attackers to take advantage of a privilege flaw in one of Microsoft’s authentication systems and gain administrative rights across an entire organization. Microsoft themselves gave this flaw a severity rating of 10/10 per the Common Vulnerability Scoring System (CVSS).

While a fix has been created, Microsoft has needed to roll out this patch in multiple phases, due to the complexity of updating billions of enterprise devices — and unpatched devices remain vulnerable even now. The vulnerability assessment and patch management functionalities in Acronis Cyber Protect can ensure your systems are always running the latest secure versions of business-critical software.

Argentina border crossing halted by Netwalker ransomware

Netwalker ransomware was responsible for a roughly four-hour shutdown of border crossings in and out of Argentina earlier this month. Cybercriminals encrypted critical infrastructure at the Dirección Nacional de Migraciones (DNM) — Argentina’s immigration agency — who were forced to shut down their central server as a precautionary measure.

The Netwalker group managed to exfiltrate data from the DNM, and has threatened to publish it unless they’re paid the equivalent of $4 million in Bitcoin. The government of Argentina is refusing to negotiate with the attackers.

Generally, victims of ransomware attacks are left with only two options: lose their data, or lose their money. Acronis Cyber Protect's integrated, AI-driven antiransomware capabilities can halt attacks like this before your critical data is encrypted.

Analysis of 680 ransomware attacks shows prime targets

A study out of Temple University analyzed 680 ransomware attacks against infrastructure and the public sector over the last seven years. The researchers found that government facilities were the most frequently targeted segment in this group, followed by education and healthcare.

For 2020 specifically, this study found 241 cases (to date) of ransomware in critical infrastructure. If this rate continues for the remainder of the year, we’ll be looking at an increase in public sector ransomware attacks of 82% compared to 2019. Though not examined by this study, the private sector has also seen a jump in ransomware attacks this year.

The average ransom demand across these 680 attacks was $50,000 — though in 13 cases the demand was for over $5 million — and the most active ransomware group was Maze. Acronis Cyber Protect can block any ransomware attack without data loss through behavioral analysis. Since this capability works even without an internet connection, it’s a great fit for any IT environment.

Russian town shaken by 6.4 magnitude quake

An earthquake shook the Russian town of Esso, on the Kamchatka peninsula, on September 15th at about 3:40 PM local time.

This quake was measured at magnitude of 6.4, with the potential to cause extensive damage in populated areas. Earthquakes like this one commonly have aftershocks, which can cause additional chaos and damage in an area that is already trying to recover from the impact of the original event.

Major earthquakes often cause tremendous damage to buildings and knock out power regionally, threatening your physical systems and sensitive business data. Acronis Cyber Protect makes recovering data simple and quick, with easy cloud backups and integrated disaster recovery.

New Windows fileless attack enables data theft

In a recent discovery, the Windows finger command has been found to be the latest binary that can be misused to allow an attacker to bypass security and run malware without triggering security warnings on the system.

Finger is only the latest in the list of what are known as living-off-the-land binaries, or LoLBins. These are legitimate binaries that attackers can misuse to attack a system while avoiding detection. At present, there are nearly 100 known LoLBins being used by malicious actors — a significant increase over the 13 known LolBins one year ago.

In fileless attacks, cybercriminals exploit default system functionalities or features to gain access to the OS or to download additional malware. They can be tough to detect for most traditional defenses, which scan systems for malicious files — but the behavior-based detection included in Acronis Cyber Protect works around this limitation and effectively blocks fileless attacks.

# # #

October is National Cybersecurity Awareness Month — celebrate with us at the Acronis Cyber Summit 2020, which is being offered this year as a free virtual conference from October 19–21. And for the latest reports on emerging cyberthreats from Acronis’ cyber protection experts, subscribe to the Acronis YouTube channel to receive our CPOC updates as they’re posted.