Cyber News Rundown: Ransomware Targets Major Cruise Line | Webroot

Ransomware Attack Targets Major Cruise Line

Officials for Carnival
Cruises have confirmed that a portion of their IT systems were encrypted
following a cyberattack identified over the weekend. The company also revealed
that sensitive information for both employees and customers was illicitly
accessed, though they did not admit to what extent.

Millions of Social Media Profiles Exposed

More than 235 million social media profiles belonging to
several major platforms, which contained personally identifiable information
including names, locations and contact data, were publicly exposed due to a
misconfigured database. Social
Data, an online data marketing broker, seems to be the owner of the data,
though it is unclear how they obtained it since data scraping for profit is
generally not tolerated by Facebook or other platforms. According to Social
Data, the database was exposed for up to three hours after initially spotted. It
remains unknown how long the data was accessible without authentication.

Wine and Spirits Conglomerate Suffers Ransomware Attack

Brown-Forman,
the parent company of many major liquor brands, recently fell victim to a
ransomware attack that appears to be the work of the REvil ransomware authors.
While the company was able to detect and thwart the attack before encryption, upwards
of 1TB of highly sensitive internal information on employees, clients, and
financial statements was stolen. Though no formal ransom was delivered, the
attackers are likely to auction the data imminently.

File-less Worms Creates Linux Crypto-mining Botnet

Linux
systems are on the lookout for a new infection that has been silently
creating a botnet to employ ­­target machines as crypto miners. Since the start
of the year, over 500 SSH servers have been infected around the world by a worm
creating additional backdoors to allow attackers to return to the systems
later. Due to the file-less nature of this infection, a simple reboot of the
system can temporarily remove the malicious processes, but because the login
credentials have already been exported the system can be quickly re-infected.

Canadian COVID-19 Relief Sites Breached

Several Canadian
government websites connected to healthcare relief funds were breached with
the intent to steal COVID-19 relief fund payments. Though only a small portion
of the 12 million total accounts, 9,000 GCKey accounts were directly affected
after being breached via credential-stuffing. Credential-stuffing uses brute
force attacks with employs previously leaked credentials in the hopes victims use
the same login info for multiple sites. Since the websites affected don’t use
multi-factor authentication, the odds of a successful credential-related attack
were increased.