The Industry’s Only SaaS-Delivered Enterprise DLP

Our unique approach to DLP allows for quick deployment and on-demand scalability, while providing full data visibility and no-compromise protection.

No-Compromise Data Protection is:

  • Cloud-Delivered
  • Cross Platform
  • Flexible Controls
DATAINSIDER

Digital Guardian's Blog

Friday Five: 4/24

by Amanda Brown on Friday April 24, 2020

Contact Us
Free Demo
Chat

267 million Facebook profiles found being sold on the dark web, the virtual NFL draft raises cybersecurity concerns, and email phishing campaigns target US healthcare providers - catch up on the week's news with the Friday Five.

1. IT Services Giant Cognizant Suffers Maze Ransomware Cyber Attack by Lawrence Abrams

One of the largest IT managed services company in the world, Cognizant, suffered a cyber-attack last Friday night that was allegedly perpetrated by the operators of the Maze strain of ransomware. With close to 300,00 employees and over $15 billion in revenue, Cognizant remotely manages its clients through endpoint agents that are installed on a customer’s workstations to push out patches, software updates, and perform remote support services. Clients were notified on Friday that the IT services giant had been comprised and were given a list of indicators of compromise that they could use to monitor their systems and further secure them. Through their investigation, Cognizant found IP addresses of servers and file hashes for the kepstl32.dll, memes.tmp, and maze.dll files on their network that have been used in previous attacks by the Maze Ransomware group. The attackers were likely present in Cognizant's network for weeks, slowly and stealthily spreading laterally throughout the system in order to steal files and credentials. Although Maze operators deny being responsible for the attack, Cognizant posted a statement to their website confirming the attack involved Maze and that their security teams are actively working to contain the incident and protect their clients.

Read more

2. 2,000 Coronavirus Scammers Taken offline in Major Phishing Crackdown by Danny Palmer

With a record number of people working from home, the UK's National Cyber Security Centre (NCSC) has kicked off a new effort to crack down on fraudsters and phishing scams in order to combat the growing number of attacks on remote workers. Cybercriminals have taken advantage of the fact that many employees have no previous experience of working remotely and are likely unaware of potential security risks. Their attacks are designed to exploit that confusion and to steal passwords, login details, and sensitive corporate information. The NCSC, along with the Home Office, the Cabinet Office, the Department for Digital, Culture, Media and Sport and the City of London Police, is encouraging people to report suspicious emails to report@phishing.gov.uk. If the reported message does contain suspicious links or addresses, then it will be taken down and the data will be analyzed in order to identify patterns that will help the NCSC to quickly take down new scam websites. In addition to the email-reporting service, the campaign also provided tips and tricks for people to stay cyber aware and make it as difficult as possible for criminals to steal and use personal or corporate information.

Read more

3. Facebook Dark Web Deal: Hackers Just Sold 267 Million User Profiles for $540 by Zak Doffman

The vast array of information traded on black data markets is already worrysome enough – now security researchers have found a threat actor selling the identities of 267 million Facebook users for only $540. The set of data includes email addresses, names, Facebook IDs, dates of birth, and phone numbers. Although no passwords were available, the given data provides the perfect opportunity for threat actors to create phishing campaigns that would appear to be on the behalf of Facebook. More valuable data could then be stolen if users were to click on the malicious link and enter their details. The information was likely obtained from a past breach before Facebook made security changes, so it does not suggest any current weaknesses with Facebook’s systems, but all users are encouraged to change their passwords and to enable two-factor authentication.

Read more

4. NFL Voices Cybersecurity Fears Over Online Draft by Sarah Coble

The NFL draft will look a bit different this year as the organization adheres to social distancing measures amid the COVID-19 pandemic, and the league has expressed their concerns over the security of the virtual draft on Thursday night. The selection process will be carried out online, and NFL commissioner Roger Goodell will be announcing each pick from the basement of his New York home while the players expected to be chosen in the first two rounds will live-stream from their own homes. To send in their picks, each NFL team will use a modified version of Microsoft’s Teams, which is a messaging and communication app similar to Slack. The NFL has assured that their security measures are “comprehensive and thoughtful,” and they are executing a test run with all 32 of the league’s teams to increase the odds of a successful live event. Microsoft has also been working directly with the teams to keep the process secure and to prevent any leakage of sensitive information. Some coaches, such as Ravens head coach John Harbaugh, have shared their skepticism about the virtual process and expressed concern over the security of their private information such as their playbook or draft meetings.

Read more

5. FBI Warns of COVID-19 Phishing Targeting US Health Providers by Sergiu Gatlan

US healthcare providers continue to be targets of ongoing phishing campaigns that use COVID-19 themes to lure victims into clicking malicious attachments. The U.S. Federal Bureau of Investigation (FBI) sent out a flash alert to warn the healthcare sector of phishing attempts from domestic and international IP addresses that exploit “Microsoft Word document files, 7-zip compressed files, Microsoft Visual Basic Script, Java, and Microsoft Executables.” The FBI provided a list of indicators of compromise, as well as a list of hashes related to phishing attempts, to help network defenders to protect their environments. Companies and individuals are urged to be hyper-aware of clicking any links or attachments, and to report all evidence relating to a phishing attempt to the FBI.

Read more

Tags: Phishing, Ransomware, hacking, Cyber Security

Recommended Resources


  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business
  • How to simplify the classification process
  • Why classification is important to your firm's security
  • How automation can expedite data classification

Amanda Brown

Amanda is a Field Marketing Coordinator at Digital Guardian.