Cyberthreat update from Acronis CPOCs: Week of August 16, 2021

Here at Acronis, we’re always monitoring for dangers to your data, deploying updates to handle newly-discovered vulnerabilities, and issuing alerts and recommendations to help you stay protected. Our global network of Acronis Cyber Protection Operations Centers (CPOCs) continue to work around the clock to proactively detect and defend against the latest cyberthreats.

Part of this work includes video updates to inform you of modern hazards in the digital landscape — such as new ransomware strikes against major organizations and natural disasters that threaten business operations. Here’s a look at some of the most recent breaking news and analyses:

Hospitals are increasingly being targeted by ransomware gangs. The most recent example of this involved the Hive ransomware gang, who on Sunday of this week successfully attacked the non-profit provider Memorial Health System.

Memorial Health System represents 64 clinics in West Virginia and Ohio, and employs over 3,000 people. Early evidence indicates that over 200,000 patients' data was stolen.

Disruptions to hospital services have, in the past, caused deaths. This particular attack has disrupted clinical and financial operations, and lead to surgeries being canceled. With computer systems unavailable, employees were forced to work with paper charts.

Hive is a new ransomware gang, but they’ve already claimed several victims. No matter how new a cyberthreat operation may be, Acronis Cyber Protect stops both known and unknown ransomware variants with threat-agnostic, advanced behavioral detection.

Tropical Storm Fred made landfall in the Florida panhandle with 65 mph winds, and brought an estimated 8–12 inches of rain in some areas as it moved north into Georgia.

At only 9 mph below the threshold to be considered a hurricane, this storm has proven formidable and caused significant flooding in Florida, Georgia, and North Carolina. A number of Florida residents had to be rescued from their flooded homes, and in North Carolina alone almost 50,000 were left without power. Around 20 tornadoes were reported as the storm swept through the region, causing damage to multiple buildings.

Natural disasters can strike at any time, and we don't always know how bad they will be. It’s important to have a business continuity plan in place ahead of time. Acronis Cyber Protect includes a simple cloud backup solution to keep your data safe when local systems are damaged, while disaster recovery capabilities allow you to spin up a virtual machine from backups within the Acronis Cloud — keeping your organization operational even when local power is out.

Tokio Marine Holdings, a Japan-based multinational insurance holding company, just announced that they’ve fallen victim to a ransomware attack. With over $34 billion in net worth and more than 41 thousand employees, Tokio Marine is an undeniably high-value target for cybercriminals.

It’s not clear at this time which group was responsible for the attack, how much data was stolen, or the value of the ransom demanded. This is only the latest in a long string of cyberattacks against major insurers, with CNA Financial Corporation and AXA both victimized recently as well.

Regardless of where a cyberthreat originates, Acronis Cyber Protect's Active Protection detects the malicious behaviors that ransomware relies and stops threats before they can steal your data or damage your systems.

A recent study by the Ponemon Institute shows some alarming statistics about the cost of phishing attacks. The study explores all damages associated with such attacks, including those related to operational recovery and lost productivity — which actually cost more than payouts made to cybercriminals.

The cost of a phishing attack has nearly quadrupled over the past six years, now costing large U.S. companies a staggering $14.8 million annually — up from $3.8 million in 2015. This works out to about $1,500 per employee.

In 2020, more than $1.8 billion was stolen from organizations through business email compromise (BEC) attacks, of which phishing is a notable example. Common tactics include the impersonation of employees, partners, and vendors.

Acronis’ Advanced Email Security pack prevents BEC attacks by keeping malicious messages from reaching your inbox — denying phishing emails even the chance to trick you or your employees into opening harmful content.

A new botnet by the name of HolesWarm is actively exploiting more than 20 known vulnerabilities in Windows and Linux servers in order to spread. This includes well-known security flaws in Jenkins, Apache Tomcat, and Apache Struts 2.

The gang behind HolesWarm has already compromised over 1,000 servers, and the numbers are still increasing. Once access to the server is gained, HolesWarm deploys a Monero cryptocurrency miner to generate profits for the cybercriminals.

Acronis Cyber Protect’s patch management capabilities help you to ensure the latest security fixes are applied to all critical systems, preventing threat actors from taking advantage of known vulnerabilities — while threat-agnostic cryptojacker protection blocks threats like HolesWarm before they can overload system resources.

# # #

For the latest reports on emerging cyberthreats from Acronis’ cyber protection experts, subscribe to the Acronis YouTube channel and receive our CPOC updates as they’re posted.