January 6, 2020 By David Bisson 2 min read

Last week in security news, the U.S. Coast Guard revealed that a maritime facility suffered an infection at the hands of the Ryuk ransomware family. Speaking of ransomware, researchers spotted ransomware attackers offering discounts and season’s greetings to convince victims to pay their ransom demands. Finally, researchers spotted a new malware family targeting Portugal, a new zero-day vulnerability in the Windows platform and more than 100 malicious Android apps using the same code package to perform ad fraud.

Top Story of the Week: Ryuk Sets Sail on a Maritime Facility’s Systems

The U.S. Coast Guard revealed that Ryuk struck a maritime facility regulated by the Maritime Transportation Security Act (MTSA). The threat’s entry point remained unclear at the time of publication, however, officials reasoned that the ransomware likely made its way onto the maritime facility’s computers via a phishing attack.

The facility shut down its primary operations for a period of 30 hours following its discovery of the attack. It made this decision after learning that Ryuk had disrupted its entire corporate IT environment, interfered with its physical access control systems and taken its critical process control monitoring systems offline.

Source: iStock

Also in Security News

  • Attack Emails Utilize Portugal Government Template to Spread Lampion Malware: At the end of 2019, Security Affairs reported on a phishing campaign that used email templates based on those used by Portuguese Government Finance & Tax employees. Those emails delivered Lampion, a member of the Trojan-Banker.Win32.ChePro family that came with its own improvements designed to foil detection and analysis.
  • Soraka Code Package Leveraged by 100+ Android Apps to Perform Ad Fraud: In December, the White Ops Threat Intelligence Team observed more than 100 malicious Android apps using a common code package called Soraka to perform ad fraud. Soraka displayed a total of three out-of-context (OOC) ads in sequence once a victim unlocked their Android device.
  • Discounts, Season’s Greetings Used to Entice Ransomware Victims Into Paying: As reported by Bleeping Computer, a security researcher spotted a sample of Sodinokibi ransomware (REvil) urging users to pay the ransom so that they would not be stressed and not waste time that they could otherwise be spending with their family during the holidays. Along a similar vein, the attackers behind a Maze ransomware campaign offered their victims a 25 percent discount on their ransom demands at the very end of 2019.
  • Windows Zero-Day Vulnerability Reported to and Patched by Microsoft: On December 10, Microsoft patched a zero-day vulnerability reported to it by Kaspersky Lab researchers. This flaw enabled digital attackers to execute arbitrary code on a victim’s machine, reported Deccan Chronicle in the new year.

Security Tip of the Week: Elevate Your Defenses Against a Ransomware Attack

Security professionals can help defend their organizations against a ransomware attack by embracing a layered defense strategy that combines antivirus solutions, anti-data encryptors and other security tools. A crucial part of this strategy should be keeping — and periodically testing — multiple data backups both offline and in the cloud.

More from

Airplane cybersecurity: Past, present, future

4 min read - With most aviation processes now digitized, airlines and the aviation industry as a whole must prioritize cybersecurity. If a cyber criminal launches an attack that affects a system involved in aviation — either an airline’s system or a third-party vendor — the entire process, from safety to passenger comfort, may be impacted.To improve security in the aviation industry, the FAA recently proposed new rules to tighten cybersecurity on airplanes. These rules would “protect the equipment, systems and networks of transport…

Protecting your digital assets from non-human identity attacks

4 min read - Untethered data accessibility and workflow automation are now foundational elements of most digital infrastructures. With the right applications and protocols in place, businesses no longer need to feel restricted by their lack of manpower or technical capabilities — machines are now filling those gaps.The use of non-human identities (NHIs) to power business-critical applications — especially those used in cloud computing environments or when facilitating service-to-service connections — has opened the doors for seamless operational efficiency. Unfortunately, these doors aren’t the…

Communication platforms play a major role in data breach risks

4 min read - Every online activity or task brings at least some level of cybersecurity risk, but some have more risk than others. Kiteworks Sensitive Content Communications Report found that this is especially true when it comes to using communication tools.When it comes to cybersecurity, communicating means more than just talking to another person; it includes any activity where you are transferring data from one point online to another. Companies use a wide range of different types of tools to communicate, including email,…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today