Bitglass Security Spotlight: Ransomware Developments, Additional SolarWinds Victims, and More Data Breaches
Here are the top security stories from recent weeks:
- Kaseya Obtains Master Decryption Key for REvil Ransomware
- DarkSide Ransomware Gang Rebrands as BlackMatter
- DOJ Says Email Accounts of 27 U.S. Attorneys’ Offices Were Breached During SolarWinds Hack
- Hacked Chipotle Marketing Account Used to Send Phishing Emails
- UC San Diego Health Suffers Data Breach After Phishing Attack
Kaseya Obtains Master Decryption Key for REvil Ransomware
Kaseya has obtained the master decryption key for REvil ransomware that resulted in a supply chain ransomware attack affecting 60 of its customers on July 2. The REvil ransomware group had previously demanded a $70 million ransom for the universal public decryption key. It is unclear whether the ransom was paid. REvil has gone dark as of July 13, but experts warn the attack should not be considered over even with the decryption key as the group is known for double-extortion attacks using stolen company data.
DarkSide Ransomware Gang Rebrands as BlackMatter
The DarkSide ransomware group, which went dark in May after their attack on the Colonial Pipeline, has returned after rebranding themselves as BlackMatter. The new group has been actively targeting corporate entities with ransom demands ranging from $3 to $4 million. Ransomware export Fabian Wosar has confirmed that BlackMatter uses the same unique encryption methods that DarkSide previously used.
DOJ Says Email Accounts of 27 U.S. Attorneys’ Offices Were Breached During SolarWinds Hack
According to the U.S. Department of Justice, Microsoft Office 365 email accounts at 27 U.S. Attorneys’ offices were breached during the SolarWinds attack. The Russian Foreign Intelligence Service (SVR) has been attributed to the campaign. The DOJ states the SVR had access to compromised email accounts from May 7 to December 27, 2020. Compromised data includes “all sent, received, and stored emails and attachments found within those accounts during that time.”
Hacked Chipotle Marketing Account Used to Send Phishing Emails
Hackers have compromised a Chipotle marketing email account, using it to send phishing emails to credential harvesting sites. Most of the credential phishing sites impersonated Microsoft or the United States Automobile Association (USAA), a financial services group. Some phishing emails also included malware attachments. The phishing campaign used a hacked Chipotle-owned Mailgun account. Attackers use legitimate accounts to try to increase their chances of a successful phish.
UC San Diego Health Suffers Data Breach After Phishing Attack
UC San Diego Health, the academic health systems of the University of California, San Diego, disclosed a data breach after a phishing attack compromised some employee email accounts. After being alerted to suspicious activity in mid-March, UC San Diego Health discovered unauthorized access to some employee email accounts on April 8. The unauthorized access has since been terminated. Personal information of patients, students, and employees may have been exposed including full names, address, date of birth, email, claims information, medical information including treatment information and lab results, payment card information, Social Security number, username, password, and other sensitive information.
To learn about cloud access security brokers (CASBs) and how they can protect your enterprise from data leakage, malware, and more, download the Top CASB Use Cases below.
*** This is a Security Bloggers Network syndicated blog from Bitglass Blog authored by Jeff Birnbaum. Read the original post at: https://www.bitglass.com/blog/bitglass-security-spotlight-domains-used-to-target-microsoft-users-0