Hello, Habr! Today we want to talk about new cyber attacks that have recently been discovered by our cyber defense think tanks. Under the cut, there’s a story about a major data loss by a silicon chip manufacturer, a story about disconnecting networks in the whole city, a little about the dangers of Google notifications, statistics on hacking of the US medical system and a link to the Acronis channel on YouTube.


In addition to protecting your data directly, we at Acronis also monitor threats, develop patches for new vulnerabilities, and prepare recommendations for providing security for various systems. For this, the Acronis Cyber ​​Protection Operations Centers (CPOCs), a global network of security centers, have recently been created. These centers constantly analyze traffic to detect new types of malware, viruses, and crypto jacking.

Today we want to talk about the results of CPOCs, which are now regularly published on the Acronis YouTube channel. Here are the 5 hottest news about incidents that could have been avoided if there was at least basic protection against Ransomware and phishing.

Black Kingdom ransomware learned to compromise Pulse VPN users

Pulse Secure VPN provider, which relies on 80% of Fortune 500 companies, has been the victim of ransomware attacks from the Black Kingdom family. They exploit a system vulnerability that allows you to read a file and extract account information from it. After that, the stolen username and password are used to access the compromised network.
Despite the fact that Pulse Secure has already released a patch that addresses this vulnerability, those companies that have not yet installed the update are at high risk.
However, tests have shown that solutions that use artificial intelligence to identify threats, such as Acronis Active Protection, do not allow Black Kingdom to infect end-user computers. So if the company has such protection or a system with a built-in update control mechanism (for example, Acronis Cyber ​​Protect), you can not worry about Black Kingdom.

Ransomware attack on Knoxville disconnects network

On June 12, 2020, a massive Ransomware attack was carried out on the city of Knoxville (USA, Tennessee), which led to the disconnection of computer networks. Including law enforcement officers lost the ability to respond to incidents except in emergency cases and a threat to people's lives. And even a few days after the attack was completed, an announcement was still posted on the city site stating that online services were unavailable.

The initial investigation revealed that the attack was the result of a large-scale phishing attack with the sending of fake letters to urban service workers. They used ransomware such as Maze, DoppelPaymer, or NetWalker. As in the previous example, if the city authorities used the Ransomware countermeasures, such an attack would not have been possible to do, because AI protection systems instantly detect the options used by the encryptors.

MaxLinear reports a Maze attack and data leak

A manufacturer of integrated systems-on-a-chip, MaxLinear has confirmed that the company's networks have been attacked by the Maze cryptographer. approximately 1TB of data was stolen, including personal data, as well as financial information of employees. The attack organizers have already published 10 GB of this data.

As a result, MaxLinear had to take offline all the company’s networks, as well as hire consultants to conduct an investigation. Using the example of this attack, let us repeat once again: Maze is a fairly well-known and well-recognized version of the encryption program. If Ransomware MaxLinear protection systems were used, it would be possible to save a lot of money and also avoid damage to the company's reputation.

Malicious software leaked through fake Google Alerts

Attackers started using Google Alerts to send fake data leak notifications. As a result, when they received disturbing messages, frightened users switched to fake sites and downloaded malware in the hope of "solving the problem."
Malicious notifications work in Chrome and Firefox. However, URL filtering services, including the Acronis Cyber ​​Protect service, did not allow users on protected networks to click on infected links.

US Department of Health Reported 393 HIPAA Security Requirements Over the Last Year

The U.S. Department of Health and Human Services (HHS) reported 393 leaks of confidential patient health information that led to violations of the Health Insurance Portability and Accountability Act (HIPAA) between June 2019 and June 2020. Including 142 incidents were the result of phishing attacks on the District Medical Group and Marinette Wisconsin, of which 10,190 and 27,137 electronic medical records leaked, respectively.

Unfortunately, practice has shown that even specially trained and trained users who have been repeatedly explained about the inadmissibility of clicking on links or opening attachments from suspicious emails can become victims. And without automated systems for blocking suspicious activity and URL filtering to prevent the passage to fake sites, it turns out to be very difficult to defend against sophisticated attacks that use very good reasons, plausible mailboxes for mailing, and a high level of social engineering.

If you are interested in news about the latest threats, you can subscribe to the Acronis YouTube channel, where we talk about the latest CPOC monitoring results in almost real time. You can also subscribe to our blog on Habr.com, because we will be broadcasting the most interesting updates and research results here.