January 6, 2020 By David Bisson 2 min read


Last week in security news, the U.S. Coast Guard revealed that a maritime facility suffered an infection at the hands of the Ryuk ransomware family. Speaking of ransomware, researchers spotted ransomware attackers offering discounts and season’s greetings to convince victims to pay their ransom demands. Finally, researchers spotted a new malware family targeting Portugal, a new zero-day vulnerability in the Windows platform and more than 100 malicious Android apps using the same code package to perform ad fraud.

Top Story of the Week: Ryuk Sets Sail on a Maritime Facility’s Systems

The U.S. Coast Guard revealed that Ryuk struck a maritime facility regulated by the Maritime Transportation Security Act (MTSA). The threat’s entry point remained unclear at the time of publication, however, officials reasoned that the ransomware likely made its way onto the maritime facility’s computers via a phishing attack.

The facility shut down its primary operations for a period of 30 hours following its discovery of the attack. It made this decision after learning that Ryuk had disrupted its entire corporate IT environment, interfered with its physical access control systems and taken its critical process control monitoring systems offline.

Source: iStock

Also in Security News

  • Attack Emails Utilize Portugal Government Template to Spread Lampion Malware: At the end of 2019, Security Affairs reported on a phishing campaign that used email templates based on those used by Portuguese Government Finance & Tax employees. Those emails delivered Lampion, a member of the Trojan-Banker.Win32.ChePro family that came with its own improvements designed to foil detection and analysis.
  • Soraka Code Package Leveraged by 100+ Android Apps to Perform Ad Fraud: In December, the White Ops Threat Intelligence Team observed more than 100 malicious Android apps using a common code package called Soraka to perform ad fraud. Soraka displayed a total of three out-of-context (OOC) ads in sequence once a victim unlocked their Android device.
  • Discounts, Season’s Greetings Used to Entice Ransomware Victims Into Paying: As reported by Bleeping Computer, a security researcher spotted a sample of Sodinokibi ransomware (REvil) urging users to pay the ransom so that they would not be stressed and not waste time that they could otherwise be spending with their family during the holidays. Along a similar vein, the attackers behind a Maze ransomware campaign offered their victims a 25 percent discount on their ransom demands at the very end of 2019.
  • Windows Zero-Day Vulnerability Reported to and Patched by Microsoft: On December 10, Microsoft patched a zero-day vulnerability reported to it by Kaspersky Lab researchers. This flaw enabled digital attackers to execute arbitrary code on a victim’s machine, reported Deccan Chronicle in the new year.

Security Tip of the Week: Elevate Your Defenses Against a Ransomware Attack

Security professionals can help defend their organizations against a ransomware attack by embracing a layered defense strategy that combines antivirus solutions, anti-data encryptors and other security tools. A crucial part of this strategy should be keeping — and periodically testing — multiple data backups both offline and in the cloud.

More from

What cybersecurity pros can learn from first responders

4 min read - Though they may initially seem very different, there are some compelling similarities between cybersecurity professionals and traditional first responders like police and EMTs. After all, in a world where a cyberattack on critical infrastructure could cause untold damage and harm, cyber responders must be ready for anything.But are they actually prepared? Compared to the readiness of traditional first responders, how do cybersecurity professionals in incident response stand up? Let’s dig deeper into whether the same sense of urgency exists in…

Unified endpoint management for purpose-based devices

4 min read - As purpose-built devices become increasingly common, the challenges associated with their unique management and security needs are becoming clear. What are purpose-built devices? Most fall under the category of rugged IoT devices typically used outside of an office environment and which often run on a different operating system than typical office devices. Examples include ruggedized tablets and smartphones, handheld scanners and kiosks. Many different industries are utilizing purpose-built devices, including travel and transportation, retail, warehouse and distribution, manufacturing (including automotive)…

Stealthy WailingCrab Malware misuses MQTT Messaging Protocol

14 min read - This article was made possible thanks to the hard work of writer Charlotte Hammond and contributions from Ole Villadsen and Kat Metrick. IBM X-Force researchers have been tracking developments to the WailingCrab malware family, in particular, those relating to its C2 communication mechanisms, which include misusing the Internet-of-Things (IoT) messaging protocol MQTT. WailingCrab, also known as WikiLoader, is a sophisticated, multi-component malware delivered almost exclusively by an initial access broker that X-Force tracks as Hive0133, which overlaps with TA544. WailingCrab…

Operationalize cyber risk quantification for smart security

4 min read - Organizations constantly face new tactics from cyber criminals who aim to compromise their most valuable assets. Yet despite evolving techniques, many security leaders still rely on subjective terms, such as low, medium and high, to communicate and manage cyber risk. These vague terms do not convey the necessary detail or insight to produce actionable outcomes that accurately identify, measure, manage and communicate cyber risks. As a result, executives and board members remain uninformed and ill-prepared to manage organizational risk effectively.…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today