CyberCure Ep 74
Welcome to the Nucleon Cyber Intelligence podcast.
This podcast will give you a summary of the latest news related to cyber intelligence and proactive cyber security in only a few minutes.
The podcast is aimed at professionals who are short on time, or for anyone who would like to know a bit more about what is REALLY happening out there in the cyber world.
The focus of this podcast will be on the latest cyber events for non-technical people; anyone can listen and understand.
https://news.nucleon.sh/2021/09/23/intelligence-briefing-74/
If you have been following the adventures of the hackers group called Revil cyber gang then they have fully returned and are once again attacking new victims and publishing stolen files on a data leak site.
If you haven't heard about Revil gang, here is a short recap,
Since 2019, the REvil ransomware operation, also known as Sodinokibi, has been conducting attacks on organizations worldwide where they demand million-dollar ransoms to receive a decryption key and prevent the leaking of stolen files.
We covered some of their attacks right here on big cases such as JBS, Coop, Travelex and many others.
REvil shut down their infrastructure and completely disappeared after their biggest hack yet.
A massive attack on July 2nd that encrypted over 50 service providers and over 1,500 businesses using a zero-day vulnerability in the Kaseya VSA remote management platform which had no patch.
This attack had such wide-ranging consequences worldwide that it brought the full attention of international law enforcement to bear on the group.
Maybe because of the pressure, the REvil gang suddenly shut down all their servers and went offline, leaving many victims in a lurch with no way of decrypting their files.
Few days later, Kaseya (the company that have been hacked) received a universal decryptor that victims could use to decrypt files for free. It is unclear how Kaseya received the decryptor but stated it came from a "trusted third party."....
----
On a different subject, cybersecurity experts warned that cybercriminal forums had in recent months been selling access to login credentials for software that the United Nations uses to manage internal projects. The software could provide valuable access to intruders looking to extort the UN or steal data.
The cyber security firm Resecurity contacted UN officials after noticing the login credentials for sale on the dark web.
Another Security firm reported to observe one prominent cybercriminal gang claiming access to the UN software.
This caused the UN to release an official statement saying:
“Unidentified hackers breached computer systems at the United Nations in April and the multinational body has had to fend off related hacks in the months since.”
There are different rumors and stories about this incident, so we just thought to briefly mention it here in case this case evolves and we will pay more attention to it in the future.
-----
That’s it for this podcast, stay safe and see you in the next podcast.
Don’t forget to visit www.nucleoncyber.com for the latest podcasts on cyber intelligence.
This podcast will give you a summary of the latest news related to cyber intelligence and proactive cyber security in only a few minutes.
The podcast is aimed at professionals who are short on time, or for anyone who would like to know a bit more about what is REALLY happening out there in the cyber world.
The focus of this podcast will be on the latest cyber events for non-technical people; anyone can listen and understand.
https://news.nucleon.sh/2021/09/23/intelligence-briefing-74/
If you have been following the adventures of the hackers group called Revil cyber gang then they have fully returned and are once again attacking new victims and publishing stolen files on a data leak site.
If you haven't heard about Revil gang, here is a short recap,
Since 2019, the REvil ransomware operation, also known as Sodinokibi, has been conducting attacks on organizations worldwide where they demand million-dollar ransoms to receive a decryption key and prevent the leaking of stolen files.
We covered some of their attacks right here on big cases such as JBS, Coop, Travelex and many others.
REvil shut down their infrastructure and completely disappeared after their biggest hack yet.
A massive attack on July 2nd that encrypted over 50 service providers and over 1,500 businesses using a zero-day vulnerability in the Kaseya VSA remote management platform which had no patch.
This attack had such wide-ranging consequences worldwide that it brought the full attention of international law enforcement to bear on the group.
Maybe because of the pressure, the REvil gang suddenly shut down all their servers and went offline, leaving many victims in a lurch with no way of decrypting their files.
Few days later, Kaseya (the company that have been hacked) received a universal decryptor that victims could use to decrypt files for free. It is unclear how Kaseya received the decryptor but stated it came from a "trusted third party."....
----
On a different subject, cybersecurity experts warned that cybercriminal forums had in recent months been selling access to login credentials for software that the United Nations uses to manage internal projects. The software could provide valuable access to intruders looking to extort the UN or steal data.
The cyber security firm Resecurity contacted UN officials after noticing the login credentials for sale on the dark web.
Another Security firm reported to observe one prominent cybercriminal gang claiming access to the UN software.
This caused the UN to release an official statement saying:
“Unidentified hackers breached computer systems at the United Nations in April and the multinational body has had to fend off related hacks in the months since.”
There are different rumors and stories about this incident, so we just thought to briefly mention it here in case this case evolves and we will pay more attention to it in the future.
-----
That’s it for this podcast, stay safe and see you in the next podcast.
Don’t forget to visit www.nucleoncyber.com for the latest podcasts on cyber intelligence.
The podcast intelligence updates is embedded on this page from an open RSS feed. All files, descriptions, artwork and other metadata from the RSS-feed is the property of the podcast owner and not affiliated with or validated by Podplay.