Reading Time: ~ 2 min.

WastedLocker Shuts Down US News Sites

Over 30 news sites were compromised in the latest WastedLocker
attack that affected many sites under a single parent company. Of the more than
30 companies targeted, eight belong to the Fortune 500 group and were in the
early stages of a experiencing a fully encrypting ransomware attack. Luckily, security
teams monitoring these sites acted quickly and were able to block attacks against
some sites while mitigating extensive damage to others. The infiltration of
these sites was caused by employees accessing previously injected websites and compromising
themselves in the process.

UCSF Pays Hefty Ransom

Following a ransomware attack on the University
of California San Francisco
(UCSF) last
month, officials have decided to pay a ransom of $1.14 million to decrypt several
vital systems. The ransom amount was decided upon after negotiations between
the university and the attackers. The original ask was around $3 million but
was cut to less than half and was paid the following day. UCSF is one of three universities
targeted with ransomware by the Netwalker hacker group in June that decided to
pay a ransom to restore normal network function.

EvilQuest Wiper Targets MacOS

A new malicious actor has taken aim at MacOS with an info-stealer
disguised as a ransomware attack that goes by the name of EvilQuest.
Upon execution of the malicious installer, the malware begins encrypting files
indiscriminately and displays a ransom note demanding only $50 in Bitcoin for
decryption. The notice of encryption, however, is merely a cover for the damage
occurring behind the scenes: sensitive files removed from the system with no
way to retrieve them.

Fake DNS Update Looks to Steal Login Credentials

Researchers have spotted a new malicious email campaign that
spoofs security companies and claims to offer a DNS update
if the domain admin enters their credentials. Using a surprisingly accurate
landing page, which mocks the real login sites convincingly, the site user is instructed
to log in to update. To make matters worse, the attackers can scan for the
site’s hosting service and customize the fake landing page to their specific
victim, thus ensuring a higher probability of gaining their login info.

Passports Compromised in COVID19 Scam

In the continuing saga of COVID19
HMRC scams
, attackers in Great Britain have begun focusing on the passport
details of self-employed individuals in hopes of attaining personal or banking
information. The scam itself originates as a text message with an urgent
warning for the recipient to access a legitimate looking Her Majesty’s Revenue
and Customs site to receive a tax refund. Dozens of victims have been identified
across London. With these login credentials alone, attackers could access much
of the victims’ data.

The post Cyber News Rundown: WastedLocker Shuts Down US News Sites appeared first on Webroot Blog.