Cymulate’s March 2021 Cyberattacks Wrap-up Threat actors were busy during March 2021, breaching major companies such as SITA, a global IT company supporting 90% of the world’s airlines. In this case, the PII belonging to airline passengers was stolen, including their names, card numbers, and status level. In the Netherlands, the stolen personal data of an estimated 7.3 million residents were offered online for sale. The data was stolen from RDC, a company that provides car garages with IT.
The Attack in Plain English Last Tuesday March 2nd Microsoft announced that a Chinese Nation-State actor they called HAFNIUM had been utilizing four zero-day vulnerabilities on premises version of Microsoft Exchange. Microsoft and other researchers say that the Chinese government had successfully penetrated and expanded into what was initially thought to be around 30,000 US companies and organizations. Since then, the number has been expanded to 60,000 companies and includes companies.
Compromising a Domain With the Help of a Spooler My job in the Cymulate Research Lab is to craft and implement attack scenarios for Cymulate customers to launch in their environment and increase their cyber-resilience. In this tech-blog post I will show how an attacker can gain access to corporate assets from an initial foothold by combining multiple techniques. The scenario is performed in two stages. In the first stage we will abuse unconstrained delegation and use techniques to enumerate.
Strategic Value: Proven by Customer Data As a veteran cybersecurity professional, I get excited when I find a solution that is both strategic and disruptive. Things that simplify, accelerate and optimize my customer’s ability to adapt to changing threats is paramount to me. These elements lead to enterprises minimizing risks, enabling business and building skills. It leads to happier and more confident individuals, teams and companies. Continuous Security Validation through breach attack.
February 2021 remained active by threat actors, launching cyberattacks and new malware strains. We saw that organizations working on COVID-19 vaccines remained popular targets. During the month, threat actors attacked an Oxford University lab, which is researching and producing COVID-19 vaccines. They were able to gain access to its internal systems, including machines used to prepare biochemical samples. In addition to Oxford University, due to the COVID-19 pandemic, overworked hospitals.
*This blog has been updated as of February 21,2021 with relevant content. A Watering Hole attack is a method in which the attacker seeks to compromise a specific group of end users either by creating new sites that would attract them or by infecting existing websites that members of that group are known to visit. The attacks have been adopted by criminals, APT groups and nation states alike and we see the amounts rising. The goal is to swipe username and password combinations hoping the victim.
It is not uncommon for organisations to hear the term “Lateral Movement” after an audit or to be told they have a problem with it after a penetration test. But in most cases, there is no insight into what this means for them; and how they can begin to tackle it. In this post we are going to attempt to make Lateral Movement relatable, and highlight how Cymulate can make it achievable, to understand what Lateral Movement looks like in your environment. Lateral Movement refers to the techniques.
Ransomware is a constant threat to both businesses and individuals. The potential for all critical data necessary to run an organization or a family to be locked is terrifying; and the global malware situation doesn't show any signs of slowing down in the future. Added to the threat of data loss to encryption is the recent surge in so-called "double-extortion attacks" where the data is not only encrypted but also stolen. Let's take a look at the anatomy of these types of ransomware attacks.
In January 2021, cybercrime kept thriving, also exploiting the current COVID-19 pandemic for personal gain with hackers leaking stolen Pfizer COVID-19 vaccine data online. Stolen Data from Pfizer/BioNTech Servers The threat actors breached the European Medicines Agency (EMA) and stole part of its Pfizer/BioNTech COVID-19 vaccine data from its servers. The stolen data included email screenshots, EMA peer review comments, Word documents, PDFs, and PowerPoint presentations. Some of the stolen.
How to Optimize your SOC If you’re here, you are looking for the “3 step magic process” that will instantly optimize your Security Operations Center (SOC) to be a premier Cybersecurity SOC right? Ok let us do that together. Though to do that let us make sure we all are on the same page about what the SOC should be doing vs what the SOC is doing to protect your organization from today’s cybersecurity threats. For that we have to turn to Lebron James. He is the best basketball player in the.
Read More >
Subscribe to Our Blog
Stay up to date with the latest cybersecurity news and tips