Every week, the Morphisec team works hard to bring you the top stories from around the security media-sphere to make your job and securing your critical infrastructure easier.
In today’s weekly edition of Security News in Review, you’ll find news from Microsoft about keeping your defenses up despite Emotet’s disruption, a new Google Chrome 0-day that affects Windows and Mac users, and reporting about a ransomware attack on utility company Electrobras.
Now on to the news:
Microsoft February 2021 Patch Tuesday fixes 56 bugs, including Windows zero-day -- Microsoft released its February Patch Tuesday yesterday, resolving 56 vulnerabilities. This includes a Windows 0-day, tracked as CVE-2021-1732, which was used in the wild before today. The Windows 0-day is an elevation of privilege bug in Win32k, a core component of the Windows operating system. Outside of the zero-day, six Microsoft bugs patched in this release had their details published prior to this patch.
Microsoft: Keep your guard up even after Emotet’s disruption -- Microsoft is warning organizations not to become complacent with the disruption of the Emotet botnet in late January. Although Emotet activity has declined, Microsoft said, the reach and role of the malware means that users would do well to keep their defenses high. This should come as little surprise since the Emotet infrastructure was only disrupted; the threat actors are likely to return.
Google: Proper patching would have prevented 25% of all zero-days found in 2020 -- Google’s Project Zero security team detected 24 zero days used by attackers in 2020. Of those zero days, they found that 25% of them were variations on previously patched vulnerabilities. This leads to the contention that a quarter of zero days found in the wild in 2020 could have been prevented if organizations improved their patch management. If anything, this revelation underscores the importance of patching vulnerabilities as soon as possible.
Google Chrome Zero-Day Afflicts Windows, Mac Users -- Google announced the existence of a zero-day in the V8 open-source web engine related to heap-buffer overflow. A patch has already been issued in version 88.0.4324.150 for Windows, Mac, and Linux for the zero-day, which is tracked as CVE-2021-21148. Heap-buffer overflow allows the affected program to behave incorrectly, but beyond identifying it Google did not specify the potential impact of the vulnerability being exploited.
Ransomware Attacks Hit Major Utilities -- Centrais Eletricas Brasileiras (Eletrobras) and Companhia Paranaense de Energia (Copel) both reported attacks last week. The Darkside threat group claimed responsibility for the Copel attack, but it’s unclear who is behind the Electrobras ransomware. At the moment, the administrative network of Electrobras’s nuclear subsidiary is experiencing interrupted operations while they work to recover.
Ransomware gangs are abusing VMWare ESXi exploits to encrypt virtual hard disks -- Two CVEs related to the VMWare ESXi service location protocol, or SLP, are currently in use by at least one ransomware gang. The SLP is a protocol used by devices on the same network to discover each other; it is also used in ESXi to allow multiple virtual machines to use the same hard drive. ESXi virtual disks are usually used to centralize data from other systems, and the RansomExx gang has been using CVE-2019-5544 and CVE-2020-3992 to attack and encrypt the local ESXi instances and encrypt their virtual hard disks. Sysadmins are advised to either apply the relevant patches or disable SLP.
Ransomware gangs made at least $350 million in 2020 -- Ransomware gangs earned at least $350 million through all their attacks in 2020, a 311% increase over 2019. This is according to data from blockchain analysis firm Chainalysis, who tracked transactions to blockchain wallets known to be attached to ransomware. The company was careful to note that the $350 million number was only a lower boundary of the ransomware payments made in 2020.