Here are the top stories of recent weeks:
- Russian Hackers Gained Emails from Top DHS Officials Through SolarWinds Attack
- Black Kingdom Ransomware Found on 1.5K Unpatched Microsoft Exchange Servers
- Shell Discloses Data Breach Due to Accellion’s File Transfer Appliance Hack
- Indian Mobile Payments Platform MobiKwik Loses 8TB of Data but Denies Breach
Alleged Russian hackers behind the SolarWinds attack obtained access to then-acting Department of Homeland Security Secretary Chad Wolf’s email accounts. The hackers obtained non-confidential schedules of officials at the Energy Department. At least one other Cabinet member was also affected. The Energy Department stated there has been no evidence that their networks were compromised. As part of ongoing investigation into the attacks, the SolarWinds attackers were discovered to have used US-based infrastructure, including the hosting services of Amazon Web Services and GoDaddy, to evade detection by U.S. intelligence agencies.
Microsoft says web shells deployed by Black Kingdom ransomware operators were discovered on 1,500 unpatched on-premises Exchange servers. The Black Kingdom ransom demands $10,000 in bitcoins in exchange for a decryption key. Microsoft has issued a one-click migration tool as well as security updates to patch ProxyLogon attack vulnerabilities in Exchange. Microsoft disclosed that as of March 22, 92% of on-premises Exchange servers have been patched or mitigated.
Energy giant Shell joins the list of companies who have experienced data breaches due to attacks targeting zero-day vulnerabilities in Accellion’s legacy File Transfer Appliance (FTA). According to Shell, the attack did not affect Shell’s network and IT system, and the company has addressed the vulnerabilities. However, personal data of stakeholders and data from Shell subsidiaries were accessed. The attack is linked to the FIN11 cybercrime group and Clop ransomware gang.
In the biggest breach thus far in India, 8.2TB of personal and financial data was stolen from fintech firm MobiKwik and put up for sale. MobiKwik denied a breach occurred, suggesting data from customers visible on the dark web were from other breaches. The alleged seller of the stolen data later withdrew the sale listing and claims to have deleted the stolen data because of the risk to the public, calling MobiKwik’s handling of the alleged breach “incompetent” and stating, “we just don’t want to see a company dig themselves deeper.” Security researchers have warned MobiKwik of misconfigured Amazon S3 buckets exposing sensitive data since January 2021.
To learn about secure access service edge (SASE) and how it can protect organizations from exposure of sensitive information, malware, and web-based attacks, download our SASE with Bitglass technical brief below.