Palo Alto Networks’ Unit 42 this morning released a report describing how cybercriminals are taking advantage of the COVID-19 pandemic. Their reliance on hurrying the victims with a factitious sense of urgency has continued to shift: as vaccines are rolled out, the phishbait now tends to include vaccine availability and vaccination scheduling.
DearCry and Black Kingdom ransomware continue being deployed against vulnerable Microsoft Exchange servers. WIRED notes that DearCry’s relative lack of sophistication renders it a less dangerous threat. The Record reports that Black Kingdom’s kickoff of its own operations against Exchange Servers was sloppy (they’d failed to encrypt victims’ files) but that by yesterday they’d rectified their mistake.
Guardicore describes Purple Fox, an active malware campaign targeting Windows machines. It’s backed by an extensive infrastructure, and it includes a rootkit with worm capabilites.
In a Form 6-K filed yesterday with the Securities and Exchange Commission, Sierra Wireless disclosed that on March 20th it discovered a ransomware attack that led it to suspend manufacturing. The company believes only internal systems were hit, with “customer facing products and services” unaffected.
The US Cybersecurity and Infrastructure Security Agency (CISA) yesterday released six advisories on industrial control systems: Ovarro TBox, GE MU320E, Weintek EasyWeb cMT, Rockwell Automation MicroLogix 1400 (Update A), Rockwell Automation CompactLogix 5370 and ControlLogix 5570 Controllers (Update A), Ovarro TBox, and GE Reason DR60. Clartoy published its own research on one system’s vulnerabilities, Ovarro TBox, which the researchers believe illustrates the risks of connecting unprotected control systems to the Internet.