The second of our spine-tingling October Cybersecurity Awareness Month posts.<\/p>\n
We started our Cybersecurity Awareness Month blog posts with rather scary cybersecurity stats<\/a>, and we\u2019re continuing with some truly frightening tales of hacking and ransomware attacks that were successfully undertaken on some major targets. We wish these were just urban legends, but these are bona fide horror stories that have far-reaching impacts well beyond the millions of dollars paid to attackers.<\/p>\n This bone-chilling attack has been characterized as a “global cybersecurity crisis” due to its level of focus, method of exploit, and potential reach. The HAFNIUM attack leveraged previously unknown exploits to target\u00a0vulnerabilities in Microsoft\u2019s on-premises Exchange Server software. It utilized multiple zero-day exploits to launch a targeted attack aimed at on-premises versions of Microsoft Exchange Server. This enabled HAFNIUM operators to deploy web shells on any compromised server that would potentially allow attackers to steal data and perform additional malicious actions leading to further compromise.<\/p>\n Microsoft was swift in identifying the attack and in releasing a patch for the vulnerability, but the sheer number of potentially affected servers and the possible lingering effects made this an especially scary and challenging attack to deal with for CSPs and MSPs alike. Read the Pax8 response<\/a>.<\/p>\n This ransomware attack was especially terrifying because of its cascading effect. Attackers were able to exploit an authentication bypass\u00a0vulnerability\u00a0within one of Kaseya\u2019s remote monitoring and management\u00a0software packages. Through this, they were able to distribute a malicious payload through hosts managed by the software, which exposed MSPs and their clients to downstream ransomware attacks.<\/p>\n The effect reportedly caused widespread downtime for more than 1,000 companies, which included one Swedish supermarket chain that had to close down all 800 stores for almost a week leaving some in small villages without any food shopping options. The chain didn\u2019t pay any ransom but rebuilt their systems from scratch after waiting for an update from Kaseya.<\/p>\n Read the Pax8 security post<\/a> regarding this attack.<\/p>\n This successful ransomware attack was one that literally created a panic in the streets, or at least at the pumps. Using a stolen password on a legacy Virtual Private Network (VPN) system that lacked multifactor authentication, Eastern European hackers were able to encrypt the computers used to manage Colonial\u2019s pipeline system. The company was forced to shut down its entire distribution pipeline, which threatened gasoline and jet fuel supplies for the entire U.S. east coast.<\/p>\n Colonial paid the hackers 75 bitcoin (nearly $5 million at the time), of which the U.S. government was able to recover 60 bitcoin. The financial impact of this attack is greatly overshadowed by the potentially devastating impact it could have had on our ability to travel and on our economy as a whole. Read the details on the MSSP Alert<\/a>.<\/p>\n The prospect of a cyberattack on our public infrastructure should scare you to your soul, especially understanding why this attack was even discovered. An ongoing deeper-level attack was discovered because of a separate incident on February 5, 2021 where a hacker remotely accessed the water treatment plant\u2019s system and increased sodium hydroxide (more commonly known as lye) levels from 100 parts per million to 11,100 parts per million. The change was immediately detected by a plant operator, who changed the levels back before the attack had any impact on the system.<\/p>\n However, during the resulting investigation, an IT security firm discovered malicious code in the plant\u2019s computers that had been there since December 20, 2020 when attackers had gained access using a watering hole attack. An Oldsmar city computer reportedly visited a website where malicious code had been inserted into the footer of a WordPress-based site belonging to an actual Florida water infrastructure construction company. Once the watering hole attack code was inserted, the attackers began collecting information on visitors to this legitimate site. Check out the local news coverage<\/a> on the attacks.<\/p>\n The nightmare-inducing aspect of this attack isn\u2019t the whopping $11 million in cryptocurrency the company paid to recover their data, it\u2019s the catastrophic effect it could have had on the world\u2019s food supply. JBS is the world\u2019s largest meat supplier, with operations in 28 U.S. states, Canada, Puerto Rico, Mexico, Europe, Australia, and New Zealand.<\/p>\n This attack was carefully coordinated and started with an initial reconnaissance phase in February. Then from March through the end of May, attackers launched multiple data exfiltration events, ultimately accessing a massive 5 TB of data. The attack was finally revealed on June 1 when the threat actors encrypted the JBS environment and published their ransom demands. The initial intrusion occurred in February by a third-party believed to be using leaked login credentials. Even scarier still, it\u2019s still not known how those credentials were leaked or by whom. Get the details on the MSSP Alert<\/a>.<\/p>\n As we were compiling this post, Microsoft announced on October 11th<\/sup>, that, in August of this year, it thwarted a mind-boggling distributed denial of service (DDos) attack against its Azure cloud service. The attack traffic came from a botnet comprised of approximately 70,000 bots located in multiple countries in the Asia-Pacific region and the United States. A series of very short-lived bursts were sent over approximately a ten-minute period, with each ramping up in seconds to terabit volumes. In total, three main peaks were registered, the first at 2.4 Tbps, the second at 0.55 Tbps, and the third at 1.7 Tbps \u2014 all of which were mitigated by Azure\u2019s built-in security system. This was the largest DDoS attack the company has faced to date and is the second-largest DDoS attack ever recorded. Read Microsoft\u2019s post<\/a> on the Azure blog.<\/p>\n If you take nothing else from these chilling tales, we hope you learn the lesson that victims in horror flicks never do \u2014 never wander around unprotected and alone, especially in cyberspace. Make sure your clients are well-protected and properly trained, so a poor security strategy or bad habits don\u2019t come back to haunt them. Our security vendors have the solutions you need to continually protect your clients, and Pax8 is always here to help shine a light into the shadows and answer any questions you may have.<\/p>\n Explore security resources<\/a> Among the ongoing rise in stories of hacked data, ransomware attacks, and other malicious cybercrimes, we\u2019ve compiled the five scariest successful attacks AND one that was foiled in spectacular faction.<\/p>\n","protected":false},"author":141,"featured_media":297,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"","_relevanssi_noindex_reason":"","site-sidebar-layout":"default","site-content-layout":"default","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"default","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[5],"tags":[],"class_list":["post-1444","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security"],"acf":[],"yoast_head":"\nMicrosoft Exchange Servers HAFNIUM attack<\/h1>\n
March 2, 2021<\/h2>\n
Kaseya ransomware attack<\/h1>\n
July 2, 2021<\/h2>\n
The Colonial Pipeline ransomware attack<\/h1>\n
May 7, 2021<\/h2>\n
Attack on Oldsmar, Florida’s water supply<\/h1>\n
December 20, 2020 \u2013 February 16, 2021<\/h2>\n
JBS Meat Processor ransomware attack<\/h1>\n
February \u2013 May 2021<\/h2>\n
The scariest attack that didn\u2019t succeed<\/h1>\n
August 2021<\/h2>\n
Don\u2019t be Scared. Be Prepared.<\/h1>\n
\nSchedule a call<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"