In the spotlight this week:
Hacker nearly stole AUD $9M from Australian hedge fund via fake Zoom link
GoDaddy employees used in attack on multiple cryptocurrency services
Manchester United hit by sophisticated cyber attack
Novel malicious malware installs ransomware requiring rapid user removal
Study shows 28% of ransomware-hit firms in Singapore paid ransom
A fake Zoom invite opened by one of Levitas Capital’s founders resulted in hackers gaining access to the email system where they installed a malicious software program used to send off fake invoices. The malware created fraudulent invoices amounting to AUD $8.7 Million. The hedge fund was forced to close after its major client Australian Catholic Super withdrew its funds in the wake of the September cyber attack.
GoDaddy employees were targeted in an attack that redirected email and web traffic destined for several cryptocurrency trading platforms over the past week. The incident is the latest incursion at GoDaddy that relied on tricking employees into transferring ownership and/or control over targeted domains to fraudsters. Earlier this year, GoDaddy was involved in two separate incidents that resulted in attackers compromising more than 28,000 accounts.
Football club Manchester United was hit by a cyber attack on their systems last Friday. According to the club, no personal data associated with fans and customers were leaked and their statement asserts that the ‘sophisticated’ attack was carried out by organized cyber criminals. With that said, the club says extensive protocols and procedures were in place for such an event and had been rehearsed for this eventuality which allowed the team to shut down affected systems and contain further damage while protecting data in a timely manner. Breached firms with a well-rehearsed IR plan and team in place save USD 2 million on average. Blackpanda recommends all organizations consider obtaining a zero-cost retainer to at least pre-establish response terms and hourly rates prior to activation—saving both time and money in a crisis. Learn more here.
Ransomware groups no longer operate by launching mass email spam campaigns in the hopes of infecting random users across the internet. Today, ransomware operators have evolved into a series of complex cybercrime cartels with the skills, tools, and budgets of government-sponsored hacking groups. Ransomware gangs today rely on multi-level partnerships with other cybercrime operations. Called "initial access brokers," these groups operate as the supply chain of the criminal underground, providing ransomware gangs (and others) with access to large collections of compromised systems. Three types of brokers stand out as the source of most ransomware attacks: sellers of compromised RDP endpoints, sellers of hacked networking devices, and sellers of computers already infected with malware. These brokers have the capability to install the biggest malware botnets like Emotet, Trickbot, BazarLoader. Having a top-tier, experienced incident response team with trained ransomware negotiators can save you time and money in the event of an attack. To find out more about building an effective incident response team, read here.
A recent survey conducted by CrowdStrike has found that more than a quarter of ransomware-hit organizations in Singapore opted to pay the ransom, costing firms an average of SGD$1.97M (US$1.47M). Furthermore, 46% of the companies surveyed had suffered from ransomware assaults in the past 12 months. This finding is in line with statistics put forth by the Cyber Security Agency of Singapore (CSA) that reported 61 cases of ransomware attacks between January and October of 2020, but only 35 ransomware cases reported in all of 2019.
Subscribe Here to receive Blackpanda thought leadership, webinar invitations, and cyber intelligence direct to your inbox.