Cybersecurity weekly: SolarWinds blames intern, AOL phishing scam, Kia ransomware attack

March 2, 2021 by Sam Fay

SolarWinds blames an intern for the weak password that led to a cyberattack. An AOL phishing email states your account will be closed. Kia Motors allegedly suffers a ransomware attack. All this, and more, in this week’s edition of Cybersecurity Weekly.

1. SolarWinds blames intern for weak password that led to cyberattack

As cybersecurity researchers continue to piece together the sprawling SolarWinds supply chain attack, top executives of the Texas-based software services firm blamed an intern for a critical password lapse that went unnoticed for several years. The password solarwinds123 was originally believed to have been publicly accessible via a GitHub repository since June 17, 2018.
Read more »

2. AOL phishing email states your account will be closed

An AOL mail phishing campaign is underway to steal users’ login name and password by warning recipients that their account is about to be closed. The email stated that the recipients need to login and verify their account within 72 hours, or AOL will deactivate their account.
Read more »

3. Kia Motors allegedly suffers a ransomware attack

Kia Motors America was hit by a $20 million ransom by the hackers behind the DoppelPaymer ransomware. The attack took the car manufacturer’s systems offline and the gang has threatened to leak sensitive information if the company didn’t pay up. So far, the attack has created a nationwide outage of internal websites used by dealers.
Read more »

4. MacBook users vulnerable to EvilQuest ransomware

Security researchers spotted a new ransomware variant that targets macOS devices in the wild. According to Varonis’s February 2021 Malware Trends Report, EvilQuest, also known as ThiefQuest and Mac.Ransom.K, is ransomware that aims to encrypt macOS devices, which are typically less affected by this type of threat.
Read more »

5. Hackers targeted India’s power grid amid geopolitical tensions

Cybersecurity researchers revealed a concerted campaign against India’s critical infrastructure, including the nation’s power grid, from Chinese state-sponsored groups. The attacks, which coincided with the standoff between the two nations in May 2020, targeted a total of 12 organizations, 10 of which are in the power generation and transmission sector.
Read more »

6. Hackers targeting defense firms with ThreatNeedle malware

A prolific North Korean state-sponsored hacking group is tied to a new ongoing espionage campaign aimed at exfiltrating sensitive information from organizations in the defense industry. Attributing the attacks with high confidence to the Lazarus Group, the new findings signal an expansion of the APT threat actor’s tactics.
Read more »

7. Cisco releases security patches for critical flaws in its products

Cisco addressed a maximum severity vulnerability in its Application Centric Infrastructure Multi-Site Orchestrator that could allow an unauthenticated, remote attacker to bypass authentication on vulnerable devices. A successful exploit could allow the attacker to receive a token with administrator-level privileges.
Read more »

8. Malicious Amazon Alexa skills can bypass vetting process

Researchers uncovered gaps in Amazon’s skill vetting process for the Alexa voice assistant ecosystem that could allow a malicious actor to publish a deceptive skill under any arbitrary developer name. The threat actor can then make backend code changes after approval to trick users into giving up sensitive information.
Read more »

9. NSA embraces the Zero Trust security model

The National Security Agency recently published a document to explain the benefits of adopting a zero-trust model, and advice to navigate the process. A Zero-Trust security model eliminates implicit trust in any entities inside or outside the perimeter of an organization. Instead, it recommends implementing authentication for any processes within the company.
Read more »

10. New Zealand-based cryptocurrency exchange Cryptopia hacked again

In 2019, the New Zealand-based cryptocurrency exchange disclosed a cyberattack that took place on January 14th. At the time of the first attack, the threat actors stole approximately $30 million worth of cryptocurrencies. The alleged theft happened several months after a former employee stole almost $250,000 worth of cryptocurrency.
Read more »

Posted: March 2, 2021
Sam Fay
View Profile