Cyberthreat update from Acronis CPOCs: Week of November 9, 2020

Here at Acronis, we’re always monitoring for dangers to your data, deploying updates to handle newly-discovered vulnerabilities, and issuing alerts and recommendations to help you stay protected. Our global network of Acronis Cyber Protection Operations Centers (CPOCs) continue to work around the clock to proactively detect and defend against the latest cyberthreats.

Part of this work includes video updates to inform you of modern hazards in the digital landscape — such as new phishing campaigns that utilize trusted service providers, and current events that have impacted data access and business continuity. Here’s a look at some of the most recent breaking news and analyses:

A staffer responsible for handling technical services at an airport in Italy's Lamezia Terme has been caught mining the cryptocurrency Etherium on the airport’s computers.

Technical services for airports in Italy’s Calabria region are provided by a third party called Sacal Global Solutions. A staffer was able to tap into the network and install mining malware on multiple machines. According to investigators, these actions put the airport's backend computer systems at risk.

Cryptomining malware is common, with reports indicating that — at the peak of the last crypto bull market — over 55% of businesses had been affected worldwide by such programs. Acronis Cyber Protect detects and stops illicit cryptomining before it can slow down your computer, damage hardware, and increase utility bills.

Google recently released fixes for 10 vulnerabilities in their Chrome browser, including the remote code execution (RCE) zero-day vulnerability CVE-2020-16009 — which has already been exploited in the wild.

This comes about two weeks after five other Chrome vulnerabilities were addressed by Google. The company patched a flaw in the FreeType 2 library, which was used together with a Windows vulnerability in the cryptographic kernel driver to escape the browser sandbox and compromise the system. Users are advised to upgrade to, at minimum, Chrome version 86.0.4240.183 as soon as possible.

Acronis Cyber Protect is equipped with built-in vulnerability assessment capabilities, which can scan all your systems for unpatched vulnerabilities and deploy any corresponding updates. Furthermore, the agent can automatically capture backups, so that you can roll back to a fully-functional system should there be any issue with these updates.

A new wave of phishing emails abuses the Collaboration and Notification features in Google Drive.

Attackers are creating online documents in Google Drive with malicious text links, and inviting their targets to collaborate — thereby sending notification emails through the official service to their victims. Because these messages come from a trusted source, they’re very likely to make it past spam filters into the user’s inbox, and to be opened by the recipient.

Through social engineering tactics — such as claims of prizes, payment alerts, and important bank updates — the text in these documents entices users to click the malicious links within. Acronis Cyber Protect has URL filtering capabilities that can prevent users from accessing such sites, preventing any damage to the system.

The notorious Maze ransomware gang announced on November 1 that they are permanently shutting down their operations, effective immediately.

The Maze group was one of the first ransomware operations to threaten to leak victims’ data if they didn’t pay the ransom, a tactic used by many ransomware groups today. Maze is also known for its targeted attacks, rather than the typical dragnet approach of throwing as many lures out as possible and seeing what gets results. Victims of Maze include the likes of Xerox and Cognizant, as well as medical research facilities and major law firms.

Whether this shutdown is permanent, or just a break while they rebrand, Maze helped shape the future of ransomware — and their influence on other ransomware gangs will not quickly fade. Acronis Cyber Protect keeps your data safe with its included ransomware protection, which stops ransomware before it can spread, and restores encrypted files in as little as a few seconds.

“Super typhoon” Goni — or Rolly, as it was known locally — devastated parts of the Philippines, leaving 125 towns and cities without electricity. Fortunately, the worst of the storm missed the populous Manila region.

Goni was the strongest storm of the 2020 season, and came on the tail of two other typhoons. There were about 2 million people in Goni's path, many of whom now find themselves without a home or electricity, and around 20 were found dead in the wake of the storm. Around 389,000 people were evacuated and forced to shelter together in evacuation facilities during the worst coronavirus outbreak the region has seen.

The cloud backups and disaster recovery integrated into Acronis Cyber Protect keep your data safe when natural disasters strike, getting you back up and running as quickly and painlessly as possible.

# # #

For the latest reports on emerging cyberthreats from Acronis’ cyber protection experts, subscribe to the Acronis YouTube channel and receive our CPOC updates as they’re posted.