Hackers sell over 85K SQL databases, Denmark charges Russian spy with espionage, and more

Originally published at: https://cloudsek.com/threatintel/hackers-sell-over-85k-sql-databases-denmark-charges-russian-spy-with-espionage-and-more/

Round Up of Major Breaches and Scams

Hackers are selling more than 85,000 SQL databases on a dark web portal

More than 85,000 SQL databases are currently on sale on a dark web portal for a price of only $550/database. The portal, brought to ZDNet’s attention earlier today by a security researcher, is part of a database ransom scheme that has been going on since the start of 2020. Hackers have been breaking into SQL databases, downloading tables, deleting the originals, and leaving ransom notes behind, telling server owners to contact the attackers to get their data back.

Cyberattack cost UVM Medical Center $1.5 million a day

The October cyberattack cost the University of Vermont Medical Center $1.5 million a day in increased expenses and lost revenue, hospital president Stephen Leffler said Tuesday. That “back of the envelope” calculation doesn’t include the cost of getting the system back up and running, he told reporters. Forty-two days have elapsed since the attack occurred on Oct. 28. The total cost, including lost revenue and expenses, could exceed $63 million.

Denmark Charges Russian Citizen With Spying for Russia

A Russian citizen living in Denmark has been charged with espionage for allegedly having provided information about Danish energy technology, among other things, to an unnamed Russian intelligence service, the Danish prosecution authority said Wednesday. The suspect, who was not identified, has been held in pre-trial custody since the beginning of July, Denmark’s Prosecution Authority said.

Hackers breach European agency to access BioNTech, Pfizer COVID-19 vaccine files

The European Medicines Agency, which is currently helping to roll out two coronavirus vaccines, has been hit by hackers, the agency announced Wednesday. Attackers successfully accessed “some documents relating to the regulatory submission for Pfizer and BioNTech’s COVID-19 vaccine candidate” that were stored on a European Medicines Agency (EMA) server, according to a statement BioNTech released on its investors’ website.

Hackers leverage Facebook, Dropbox to spy on Egypt, Palestinians

An Arabic-speaking hacking group that’s used phishing emails laden with sensational headlines focused on the Middle East to spy on government officials is leveraging recent diplomatic activity to conduct espionage. Operatives with the group, known as MoleRATs, used mainstream technology services like Facebook and Dropbox to obscure their malicious activity and exfiltrate data, according Cybereason, the security company that published details on the activity on Wednesday.

Round Up of Major Malware and Ransomware Incidents

Suspect in case of Mirai botnet, which knocked major sites offline in 2016, pleads guilty

The U.S. Department of Justice on Wednesday announced that an unnamed defendant has pleaded guilty in connection with a cyberattack that rocked the internet in 2016. The October 2016 distributed denial-of-service attack affected Dyn, an internet infrastructure company, before rippling out to cause outages for sites including Twitter, Netflix, Spotify, AirBnb and Reddit, among others. DDoS attacks typically occur when attackers access a network of hacked computers, then direct those connections to a single point on the web.

Ransomware Makes Up Half of All Major Incidents

Misconfigurations and lack of visibility allow attackers to compromise networks and monetize their intrusions, according to CrowdStrike’s analysis of about 200 incidents. Ransomware attacks made up the majority of serious cyber intrusions this year, accounting for 51% of all incidents investigated by CrowdStrike in 2020, according to the company’s yearly incident-analysis report.

SideWinder APT Targets Nepal, Afghanistan in Wide-Ranging Spy Campaign

Convincing email-credentials phishing, emailed backdoors and mobile apps are all part of the group’s latest effort against military and government targets. The SideWinder advanced persistent threat (APT) group has mounted a fresh phishing and malware initiative, using recent territory disputes between China, India, Nepal and Pakistan as lures. The goal is to gather sensitive information from its targets, mainly located in Nepal and Afghanistan.

COVID-19 Vaccine Cyberattacks Steal Credentials, Spread Zebrocy Malware

Cybercriminals are leveraging the recent rollout of the COVID-19 vaccines globally in various cyberattacks – from stealing email passwords to distributing the Zebrocy malware. Cybercriminals are tapping into the impending rollout of COVID-19 vaccines with everything from simple phishing scams all the way up to sophisticated Zebrocy malware campaigns. Security researchers with KnowBe4 said that the recent slew of vaccine-related cyberattacks leverage the widespread media attention around the development and distribution of COVID-19 vaccines.

Round Up of Major Vulnerabilities and Patches

Researcher Developed New Kernel-Level Exploits for Old Vulns in Windows

Problem has to do with a print driver component found in all versions of Windows going back to Windows 7, security researcher from Singular Security Lab says at Black Hat Europe 2020. A couple of vulnerabilities that a security researcher from China-based Singular Security Lab disclosed at this week’s Black Hat Europe 2020 virtual event has highlighted once again why it’s dangerous for organizations to underestimate the threat from old, overlooked bugs in commonly used software products.

Record Levels of Software Bugs Plague Short-Staffed IT Teams in 2020

As just one symptom, 83 percent of the Top 30 U.S. retailers have vulnerabilities which pose an “imminent” cyber-threat, including Amazon, Costco, Kroger and Walmart. 2020 is shaping up to be a banner year for software vulnerabilities, leaving security professionals drowning in a veritable sea of patching, reporting and looming attacks, many of which they can’t even see. A trio of recent reports tracking software vulnerabilities over the past year underscore the challenges of patch management and keeping attacks at bay.