In addition to protecting your data directly, we at Acronis also monitor threats, develop fixes for new vulnerabilities, and prepare recommendations for ensuring protection for various systems. To this end, the global network of Acronis Cyber Protection Operations Centers (CPOCs) was recently created. These centers are constantly analyzing traffic in order to detect new types of malware, viruses and cryptojacking.
Today we want to talk about the results of the CPOCs, which are now regularly posted on the Acronis YouTube channel. And here are the 5 hottest news about incidents that could have been avoided with at least basic protection against Ransomware and phishing.
Black Kingdom ransomware has learned to compromise Pulse VPN users
VPN provider Pulse Secure, which 80% of Fortune 500 companies rely on, has been the victim of Black Kingdom ransomware attacks. They exploit a system vulnerability that allows them to read the file and extract account information from it. After that, the stolen username and password are used to access the compromised network.
Although Pulse Secure has already released a patch to address this vulnerability, companies that have not yet installed the update are at increased risk.
However, tests have shown that solutions that use artificial intelligence to identify threats, such as Acronis Active Protection, prevent Black Kingdom from infecting end-user computers. So if the company has such protection or a system with a built-in update control mechanism (for example, Acronis Cyber Protect), you don't have to worry about Black Kingdom.
Ransomware attack on Knoxville resulted in network disconnection
On June 12, 2020, a massive Ransomware attack was carried out on the city of Knoxville (USA, Tennessee), which led to the shutdown of computer networks. Including law enforcement officers have lost the ability to respond to incidents with the exception of emergencies and threats to people's lives. And even days after the end of the attack, an announcement was still posted on the city's website that online services were not available.
Initial investigation revealed that the attack was the result of a massive phishing attack that sent fake emails to city service workers. They used ransomware such as Maze, DoppelPaymer or NetWalker. As in the previous example, if the city authorities used the means of countering Ransomware, such an attack would not be possible to carry out, because the AI protection systems instantly detect the variants of the used ransomware.
MaxLinear reported Maze attack and data breach
Integrated systems-on-a-chip manufacturer MaxLinear has confirmed that the company's networks have been attacked by the Maze ransomware. approximately 1TB of data was stolen, including personal data as well as employee financial information. The organizers of the attack have already published 10 GB of this data.
As a result, MaxLinear had to take all the company's networks offline, and also hire consultants to conduct an investigation. Let us repeat it once again using this attack as an example: Maze is a fairly well-known and well-recognized version of a ransomware program. In the case of using protection systems against Ransomware MaxLinear, it would be possible to save a lot of money, as well as avoid damage to the company's reputation.
Malware Leaked Through Fake Google Alerts
Attackers have begun using Google Alerts to send fake notifications about data breaches. As a result, when receiving alarming messages, frightened users went to fake sites and downloaded malware in the hope of "fixing the problem."
Malicious notifications work in Chrome and Firefox. However, URL filtering services, including the Acronis Cyber Protect service, prevented users on protected networks from clicking on infected links.
US Department of Health Reports 393 HIPAA Security Violations Last Year
The Department of Health and Human Services (HHS) reported 393 leaks of confidential patient health information that led to violations of the Health Insurance Portability and Accountability Act (HIPAA) requirements between June 2019 and June 2020. Including 142 incidents were the results of phishing attacks on District Medical Group and Marinette Wisconsin, of which 10190 and 27137 electronic medical records were leaked, respectively.
Unfortunately, practice has shown that even specially trained and trained users who have been repeatedly told about the inadmissibility of clicking on links or opening attachments from suspicious letters can become victims. And without automated systems for blocking suspicious activity and URL filtering to prevent navigating to fake sites, it is very difficult to defend against sophisticated attacks that use very good excuses, believable mailboxes and a high level of social engineering.
If you are interested in news about the latest threats, you can subscribe to the Acronis YouTube channel, where we share the latest CPOC monitoring results in near real time. You can also subscribe to our blog at Habr.com because we will be broadcasting the most interesting updates and research results here.