Attacks

MegaCortex was first discovered in 2019 and was observed targeting corporate network with attacks that included adjustable ransom demands based on the companies that were attacked and the amount of data stolen. In October 2021, officials arrested 12 individuals related to thousands of MegaCortex and LockerGoga ransomware attacks. Along with the arrests, authorities discovered the private keys used in attacks, which lead to Bitdefender releasing the decryptor for the LockerGoga ransomware. Bitdefender did not release…

Read More

Since discovering the attack on December 2 and confirming the resulting outage was caused by a ransomware attack, Rackspace has been offering affected customers free licenses to migrate their email from its Hosted Exchange platform to Microsoft 365. The cloud computing provider also provided affected customers with download links to recovered historic mailbox data (containing email messages before December 2) through its customer portal via an automated queue. Rackspace added that its Hosted Exchange environment…

Read More

Although Toyota does not believe data was accessed by an unauthorized party, it is still recommended that those customers remain vigilant for the time being. Since email addresses were included with other exposed data, affected individuals are more vulnerable to scams and phishing attempts. If emails from unknown senders are received, they should not be interacted with. Unusual emails, emails involving payments, or emails involving sign-in links to high value accounts from trusted counterparties should…

Read More

It is highly recommended to implement and maintain email security controls, including the ability to block certain file attachments. ISO files have become extremely popular among threat actors as a way to initially get malware on to the system while also evading defenses. In this campaign, the threat actors attach the ISO directly to a phishing email received by the end user. By being able to block incoming emails that contain ISO (or IMG) attachments,…

Read More

To protect against similar cyber-attacks, organizations should: • Regularly back up data, air gap, and password protect backup copies offline.• Ensure copies of critical data are not accessible for modification or deletion from the system where the data resides.• Implement network segmentation.• Implement a recovery plan• Install updates/patch operating systems, software, and firmware as soon as practical after they are released.• Implement monitoring of security events on employee workstations and servers, with a 24/7 Security…

Read More

Microsoft released patches for ProxyNotShell on Tuesday, November 8th, 2022. Due to the high severity nature of these vulnerabilities, it is strongly recommended to update all Microsoft Exchange servers as soon as possible. https://www.bleepingcomputer.com/news/security/over-60-000-exchange-servers-vulnerable-to-proxynotshell-attacks/

Read More