July cyber news round-up
700 million LinkedIn records scraped; journalists, political dissidents, and human rights activists spied on; and more
It’s been another busy month in the world of cyber risk and security with big organisations like LinkedIn and the US defence industry still vulnerable to attacks. Here’s our July recap of recent news in the world of cyber.
REvil claims over a million devices infected in Kaseya supply chain attack
Kaseya’s platform was utilised to deliver a large-scale ransomware attack at the beginning of July, in which more than 1 million computers were compromised, and a $70 million ransom was demanded in order to decrypt affected devices.
Russia-linked REvil ransomware group were named responsible for deploying the malicious software update. One of the companies most noticeably impacted by the attack is Coop, a line of over 800 grocery stores in Sweden that closed Saturday as the attack shut down its cash registers. Experts have predicted that more victims are bound to be discovered.
The Dutch Institute for Vulnerability Disclosure (DIVD) revealed that it appears the exploit used for the breach was same one they discovered and were in the process of addressing with Kaseya when the attackers struck.
700 million LinkedIn user records offered for sale
A new posting with 700 million LinkedIn records has appeared on a popular hacker forum, according to researchers.
Analysts from Privacy Sharks discovered the data for sale on RaidForums by a hacker known as “GOD User TomLiner”. The advertisement, posted on 22 June, claims that 700 million records are available, including name, gender, email, phone number and industry information.
LinkedIn has confirmed that no breach of its networks has occurred in this instance. There are 200 million more records available than before, so it’s probable that new data has been scraped and that it’s more than a rehash of the previous group of records, researchers noted.
Microsoft attributes new SolarWinds attack to Chinese-based DEV-0322
Microsoft’s Threat Intelligence Center (MSTIC) reported on 13 July that SolarWinds software was attacked with a zero-day exploit by a group of hackers named “DEV-0322.”
The hackers were focused on SolarWinds’ Serv-U FTP software, with the presumed goal of accessing the company’s clients in the US defense industry. It seems the hackers were attempting to gain Serv-U administrative permissions and perform other suspicious activities.
SolarWinds reported the zero-day exploit, noting that all Serv-U releases from 5 May and earlier contained the vulnerability. A hotfix was released to address the issue and the exploit has been patched, but Microsoft writes that if Serv-U’s Secure Shell (SSH) protocol connected to the internet, the hackers could “remotely run arbitrary code with privileges”.
Israeli spyware used to surveil phones worldwide
More than 1,000 individuals in 50 countries were allegedly selected for potential surveillance - including 189 journalists and more than 600 politicians and government officials.
Agnès Callamard, secretary general of Amnesty International, said: "NSO's spyware is a weapon of choice for repressive governments seeking to silence journalists, attack activists and crush dissent, placing countless lives in peril ... Until this company and the industry as a whole can show it is capable of respecting human rights, there must be an immediate moratorium on the export, sale, transfer and use of surveillance technology."