Cybersecurity Tech Investment Planning: Use annual loss expectancy to build a business case
arrow-white arrow-white Download now

Security News in Review: Google’s Project Zero Shuts Down Counterterrorist Hacking Team; Enterprises See Rise in Firmware Attacks

Posted by Nuni Snowden on April 3, 2021
Find me on:

firmware attacks against global enterprises

This weekend on security news in review, we have some new data on firmware attacks against global enterprises, insights into how much damage ransomware has caused the healthcare industry, and the Department of Homeland Security laying out a new cybersecurity strategy. 

Read on for the news, and let us know if we missed anything. 

2020 offered a 'perfect storm' for cybercriminals with ransomware attacks costing the industry $21B -- Ransomware attacks cost the healthcare industry $21 billion in 2020, according to a new report. This is more than double the impact of ransomware on the healthcare industry in 2019, the report states, and shows how the risk of ransomware to hospitals and other healthcare organizations continue to rise. 

80% of Global Enterprises Report Firmware Cyberattacks -- A new report from Microsoft details the rising tide of firmware attacks, which is outstripping current cyber defenses. Accordng to Threatpost, “The report showed that more than 80 percent of enterprises have experienced at least one firmware attack in the past two years – but only 29 percent of security budgets goes to firmware security.” 

Google’s Project Zero shuts down Western counter-terrorist hacker team -- Project Zero, the Google team charged with finding and shutting down zero day attacks in software, closed out 2020 by sealing 11 zero-day holes. Those 11 zero days were in use by a U.S.-allied nation’s counter-terrorism hacker team and featured the use of “watering-hole websites” targeting specific IP addresses. What’s interesting here is that Project Zero was able to tell where the attacks originated and where they were targeting; Maddie Stone and the Project Zero team closed them down regardless. 

Double-Extortion Ransomware Attacks Surged in 2020 -- One of the most damaging ransomware methodologies is the double-extortion attack, where threat actors steal data prior to encrypting files and then demand ransoms both for unencrypting the files and for not releasing the stolen data. According to new research, these attacks surged in 2020 with 15 ransomware families using them as compared to only one ransomware family in 2019. This marks double-extortion attack as one of the fastest growing categories in ransomware.  

Suspected North Korean hackers set up fake company to target researchers, Google says -- Google is warning about North Korea targeting security professionals with fake LinkedIn job ads and a Twitter account for a fake company. One LinkedIn profile, named Carter Edwards, acts as a recruiter for a company called “Trend Macro,” which is easy to mistake for security vendor Trend Micro if someone is quickly skimming job ads. This is not the first time that North Korean hackers have targeted security researchers. 

DHS chief lays out a cybersecurity vision with a focus on ransomware and infrastructure -- Alejandro Mayorkas, who was sworn in as DHS Secretary last month, said during a virtual talk hosted by the RSA Conference that his department is working on a proposal for a “Cyber Response and Recovery Fund.” The department’s focus, according to Mayorkas, is on ransomware and improving cyber infrastructure. This is a timely focus, as DHS is confronting the fallout from the SolarWinds attack in December and the recent Microsoft Exchange server vulnerabilities. 

Recent Attacks

Hackers Hit Italian Menswear Brand Boggi Milano With Ransomware -- The hacking group Ragnarok has claimed responsibility for a cyberattack on the Italian menswear brand Boggi Milano. Boggi Milano confirmed the attack and said an investigation was underway. 

Oil And Gas Giant Shell The Latest Victim Of The Accellion Hack -- Shell Oil & Gas experienced a recent cyberattack because of the Accellion File Transfer Appliance, a file sharing server. Shell said in a statement that only the Accellion FTA server was impacted in the hack. 

Cyber attack takes Channel Nine off-air -- Australian broadcaster Channel Nine was taken off the air on Sunday as the result of a ransomware attack. Its Sydney facility, which has been fully automated, was taken off the air and shows transmitted from the Melbourne location that hadn’t yet been fully automated.