Cyber News Rundown: July 2020

  • 4 August 2020
  • 0 replies
Cyber News Rundown: July 2020
Userlevel 7
Badge +48

UCSF Pays Hefty Ransom

Following a ransomware attack on the University of California San Francisco last month, officials have finally decided to pay the demanded ransom of $1.14 million, in order to decrypt several of their vital systems. The decided ransom amount came after negotiations between the University and the attackers that started around $3 million, but was worked down to under half, which was paid by the University the following day. UCSF is only one of three Universities that were targeted by ransomware attacks at the start of June from the Netwalker hacker group and concluded to simply pay the ransom to restore normalcy to their networks.


Magecart Group Surpasses 570 Victim Sites

In the 3 years since Magecart Group 8’s initial step onto the card-skimming scene, they have successfully compromised over 570 e-commerce sites around the world. Over 25% of the attacks targeted US domains and stemmed from 64 unique attack domains that were able to distribute the injected JavaScript software with relative ease, many of which were nearly identical to legitimate site domains. It is believed that the group has netted over $7 million from the sales of stolen payment card information since April of 2017.


Microsoft Fixes 17-yr Old DNS Flaw

After nearly 17 years, Microsoft has finally identified and resolved a major vulnerability that has been active and exploitable, with worm-like transmission that requires no human interaction. With the help of a third-party security firm, Microsoft was able to patch the vulnerability before it could cause any significant damage, though it would have been exceedingly simple for any malicious actors to use the flaw to execute any number of malicious executables onto an endless string of compromised machines.


ATM Jackpotting Attacks on the Rise

A new malicious campaign has been identified by ATM manufacturers, Diebold Nixdorf, that uses proprietary software to force “jackpotting” from the machines. The attack itself requires the malicious actors to breach the ATM manually and use the software to force the machine to dispense cash at a rapid rate. While these attacks don’t seem to have any effect on customer’s data or finances, the company still doesn’t know how the attackers have obtained the proprietary software being used.


Garmin Hit with WastedLocker Ransomware

Nearly a week after the company announced they had suffered a system outage, Garmin has finally revealed that they fell victim to a ransomware attack, likely from the WastedLocker variant that has risen in popularity. As is the norm for WastedLocker, the attack was very specific in its targeting of the company (even mentioning them by name in the ransom note) and took many of their services offline. Though Garmin has confirmed that no customer data was affected, they are still unsure when all their services will return to full functionality.


0 replies

Be the first to reply!