Much like open mic night at the local Giggle Barn, the hacks just keep on coming. In the last four weeks alone, there have been many developments. Here are some of the most publicized cases.
Equinix ransomware
Equinix is a large data center based in Redwood City, California. Obviously, data centers are prime targets for threat actors. They’re equivalent to banks for bank robbers. Over the U.S. Labor Day holiday weekend, hackers from the group “NetWalker” gained access to Equinix’s systems and unleashed their ransomware.
NetWalker’s payload operates similarly to other ransomware. Once it has infected a network, sensitive files are encrypted, and the hackers demand a hefty ransom to unlock them. NetWalker is interesting because there seems to be a connection to Russia in at least a semi-official capacity. One of their core tenets is not attacking entities located in Russia or the Commonwealth of Independent States. Whatever their affiliations, it’s undeniable that they have been successful recently. Since March this year, they have collected $25 million[1] in ransom.
They have demanded $4.5 million alone for the Equinix incident. It is unknown if Equinix has paid at the moment, but NetWalker has a history of dumping the affected files on black marketplaces once the deadline expires. So, it should be known soon whether they reached a deal.
$5.4 million crypto heist
On September 8th, thieves stole $5.4 million in various cryptocurrencies from the Slovakian exchange, Eterbase. The cyber bandits got away with undisclosed amounts of Bitcoin, Ethereum, Ripple, Tezos, Algorand, and TRON. They moved the stolen crypto into wallets housed on major exchanges such as Binance and Huobi.
Eterbase claims they have the capital necessary to take the hit and will reimburse any affected investor. They have already notified the proper authorities and are working with the other exchanges to track the culprits. Heists such as this have caused other small exchanges to close in the past, so it’s good to see Eterbase holding firm.
300K WordPress sites exploited
On September 1st, those in the cybersecurity community found a critical vulnerability in specific versions (6.0-6.8) of the File Manager plugin for WordPress. When exploited, it allows malicious actors to run unauthorized code. While the exploit was closed quickly with the release of version 6.9, analysts conclude that up to 300,000 websites are still susceptible.
Since finding the exploit, hackers have been probing WordPress sites non-stop. In a strange twist, many hackers have found themselves fighting off other hackers after gaining illicit access to a site. Hackers hacking hackers.
If you run a WordPress website with the File Manager plugin, please check to ensure you’re running version 6.9 (or higher if you’re reading this in the future). If not, update immediately.
Argentinian government attacked
NetWalker sure is busy! Less than two weeks before the Equinix attack, the hacker gang disrupted operations of Argentina’s national immigration agency. On the morning of August 27th, workers for the agency noticed that certain Windows files and shared folders were inaccessible. It resulted in a momentary closure of border stations throughout the country while they contained the breach.
NetWalker demanded $2 million to restore access, then upped it to $4 million when the deadline passed. Argentinian officials aren’t worried, however. They say they will refuse to negotiate with the group and don’t intend to recover the compromised information.
Russian arrested for trying to bribe Tesla employee
This story isn’t about a successful attack, but the attempt is so fascinating it needed a mention. On August 22nd, FBI authorities arrested a Russian man for attempting to bribe a Tesla employee. Egor Igorevich Kriuchkiv offered the worker $1 million to install ransomware on the electric car manufacturer’s internal servers.
Luckily, the Russian-speaking employee did not take up Egor’s offer, instead opting to notify law enforcement. A sting operation led by the FBI eventually resulted in the would-be hacker’s arrest.
It’s nice to see a foiled plot instead of a multimillion-dollar ransom every once in a while.
Iranian hacker group sells admission to compromised networks
This month, intelligence experts revealed that a hacker gang supporting Iran’s Ministry of Intelligence is selling access to international corporate networks on the Dark Web. The group is known as Pioneer Kitten, aka Fox Kitten, aka PARISITE, and is notorious in the global cyber intelligence community. First identified in 2017, Pioneer Kitten typically attacks VPN exploits to gain access to sensitive information deemed as useful intelligence by Tehran.
Starting in late July, the group began selling access to corporate and government networks throughout the world. This included compromised systems in countries such as the United States, Israel, Australia, France, Germany, the United Arab Emirates, and more. The attacks centered around tech, defense, and healthcare organizations, all of which store vast amounts of confidential data.
Analysts believe the sale of this high-value intelligence information would not be permitted by the Iranian government, leading to speculation that the group is not an official state entity, and only contracted by Tehran.
The University of Utah suffers a ransomware attack
On August 19th, The University of Utah admitted hackers carried out a successful ransomware attack in late July. The malicious agents encrypted student information on the College of Social and Behavioral Science’s servers. In the end, the university paid out over $450K to prevent the data from leaking to a Dark Web marketplace.
A representative for the university confirmed that a cybersecurity insurance policy paid the sum and that no taxpayers were on the hook. The rep also claimed the hack did not affect any central servers.
While it did not end up being a multimillion-dollar incident like other high-profile attacks, the use of cybercrime insurance is noteworthy. The trend of commonplace insurance is likely to continue as more attacks occur. Ironically, organizations known to have policies may become higher-priority targets, since hackers assume they will receive a payout.
1TB data stolen from liquor manufacturer
Brown-Forman, a United States spirits and wine conglomerate, announced in mid-August that they experienced a 1TB data breach. The parent company of brands such as Jack Daniels, Korbel wine, and Finlandia vodka fell victim to infamous hacker group REvil. Also known as Sodinokibi, REvil has many well-known incidents under their digital belts, including attacks against pop-star Lady Gaga and U.S. President Donald Trump.
The hackers gained access to many confidential documents, including business contracts, financial statements, and employee information. It could have been worse for the beverage giant; however, as the criminal syndicate was not able to encrypt any data. Nonetheless, REvil threatened to sell the information online if they did not receive a hefty ransom. Brown-Forman does not appear to be cooperating. At AXEL, we believe this hardball approach is the right one. Do not negotiate with terrorists.
Canon’s stolen files leaked
In early August, the camera and photo-equipment manufacturer, Canon, underwent a Maze ransomware attack. It was so bad, their image.canon website was down for six days. Canon refused to pay and was evidently able to unlock a portion of the infected files.
Then, on August 14th, the Maze gang released 5% of their ill-gotten data treasure to the internet. Their website claims it was only 5% of the files they have. It’s been a month since the leak, and there hasn’t been any further news on the subject. This leads some to believe Canon acquiesced and paid not to have more information revealed.
Data security
As you probably noticed, hacking is big business these days. With the recent proliferation of remote desktops, sophisticated phishing attacks, and cybercrime insurance policies, it doesn’t appear that it will end any time soon.
That’s why individuals and businesses alike need robust, secure data storage and sharing solutions. AXEL Go is the best application to fit these needs. AXEL Go allows for private, secure storage and sharing. Based on IPFS and blockchain technology, users receive high performance and protection not seen in other platforms. Optional AES-256 bit password encryption locks things down even further to prevent any unauthorized access. Try out our full-featured Basic service for free.
[1] Catalin Cimpanu, “NetWalker ransomware gang has made $25 million since March 2020”, ZDNet, Aug. 3, 2020, https://www.zdnet.com/article/netwalker-ransomware-gang-has-made-25-million-since-march-2020/#:~:text=The%20NetWalker%20gang%20has%20established,dangerous%20ransomware%20groups%20out%20there.&text=The%20operators%20of%20the%20NetWalker,security%20firm%20McAfee%20said%20today.