Everything you need to know about 4:05 ransomware attacks
(CNN Spanish) -
Hackers have been active this year attacking government and business targets in the United States, the latest of which was Accenture, a consulting firm that was the target of a ransomware attack by the LockBit criminal group.
Before this, between May and July, several cyberattacks were made known: to the software provider Kaseya;
meat supplier JBS USA;
and to the computer systems of more than 150 US government agencies, according to Microsoft.
Regarding the case of the 150 government agencies, Microsoft said that the most recent illegal intervention in the computer systems was perpetrated by the group "Nobelium".
These are the most recent attacks in a series of acts that have violated cybersecurity and raised alerts from the United States government.
Indeed, President Joe Biden launched an effort in April to bolster cybersecurity on the nation's power grid, calling on industry leaders to install technologies that could thwart supply attacks.
advertising
This year alone, more than two dozen government agencies in the United States have been affected, according to experts.
Homeland Security Secretary Alejandro Mayorkas sounded the alarm about these attacks in May, in a speech to the US Chamber of Commerce before the Colonial Pipeline was attacked, calling them an "existential threat" to businesses.
Here we present a list of the most recent cyberattacks against different entities that have set off the alarms.
The US wants to shield pipelines against cyber attacks 1:02
Accenture
Accenture, a global consultancy, was targeted by ransomware gang LockBit, according to the cybercriminal group's website.
Stacey Jones, an Accenture spokeswoman, confirmed the existence of a cybersecurity incident to CNN Business on Wednesday, August 11, but did not explicitly acknowledge a ransomware attack.
"Through our security controls and protocols, we identified irregular activity in one of our environments," Jones said in a statement.
"We immediately contained the matter and isolated the affected servers. We have fully restored our affected systems from backup. There was no impact on Accenture operations or our customers' systems."
Kaseya
Software vendor Kaseya said on Monday, July 5, that "fewer than 1,500 secondary companies" were affected by a ransomware attack that affected companies around the world.
"To date, we are aware of fewer than 60 Kaseya customers, all of whom were using the local VSA product, who were directly compromised by this attack," Kaseya said.
"While many of these customers provide IT services to many other companies, we understand that the total impact thus far has been on fewer than 1,500 secondary companies. We have not found any evidence that any of our (cloud) customers have seen compromised ".
The REvil malware affected a wide range of IT management companies and compromised hundreds of their corporate clients late last week.
JBS
Meat supplier JBS USA paid a US $ 11 million ransom in response to a cyberattack that led to the shutdown of its entire U.S. beef processing operation last week, the company said in a statement Wednesday, September 9. June.
The ransom was paid after most of the company's facilities came back online, the JBS statement said.
The cyberattack affected the servers that support JBS IT systems in North America and Australia.
The US government attributed the ransomware attack to REvil, a criminal gang believed to be based in Russia or Eastern Europe.
Colonial Pipeline
A cyber attack forced the temporary closure of one of the largest oil pipelines in the United States on May 8, highlighting already growing concerns about vulnerabilities in the country's critical infrastructure.
The operator, Colonial Pipeline, said the incident involves ransomware.
Colonial, which transports more than 100 million gallons of gasoline and other fuels a day from Houston to the port of New York, according to its website, said its operations were paused in the face of the attack.
This even caused long lines to form at various service stations in various states.
"In response, we proactively shut down certain systems to contain the threat, which has temporarily halted all pipeline operations and affected some of our IT systems," the company said in a statement at the time.
US: Gasoline prices are at 7-year highs 1:08
SolarWinds
The US government was hit late last year by a cyberattack that compromised the systems of a third-party software provider and led to data breaches at various federal agencies, including the Department of Commerce, the Department of Energy, and the arm. cybernetics from the Department of Homeland Security.
SolarWinds said in an investor presentation that up to 18,000 of its clients (out of 300,000 total) may have been running software containing the vulnerability that allowed hackers to penetrate the Commerce Department.
US officials suspect that hackers linked to Russia are behind the hack.
SolarWinds offers services to more than 425 companies in the US Fortune 500, it says on a page on its website that has since been withdrawn but remains accessible in the Wayback Machine internet archive.
The firms listed on the page included big names like Cisco, AT&T, Microsoft, Comcast and McDonald's, as well as financial giants Visa and Mastercard.
Alert in US companies for cyber attack on SolarWinds 0:55
DC Police
Even security guards are not safe from hackers.
Personnel files were obtained from some agents of the Washington Metropolitan Police Department in a ransomware attack in early May, the department's acting chief of police said.
Robert Contee wrote in an email to staff: "I can confirm that HR-related files containing personally identifiable information (PII) were obtained. As we continue to determine the size and scope of this breach, please note that it was blocked the mechanism that allowed unauthorized access ".
The attackers had released a ransom note claiming that they had stolen more than 250GB of data and threatening to publish the material if they were not paid.
The Babuk ransomware group claimed credit for the attack, posting screenshots of the note that were flagged by cybersecurity researchers.
Press Secure VPN
At least five federal civilian agencies appear to have been targeted, according to a senior official with the Agency for Cybersecurity and Infrastructure Security.
Hackers with suspected ties to China repeatedly exploited vulnerabilities in Pulse Secure VPN, a widely used remote connectivity tool, to gain access to government agencies, defense companies and financial institutions in the United States and Europe, a report published to early May.
"CISA is aware of at least five federal civilian agencies that have run the Pulse Connect Secure Integrity Tool and have identified indications of possible unauthorized access," Deputy Deputy Executive Director for Cybersecurity Matt Hartman said in a statement.
For its part, in a blog post, Pulse Secure said that the flaw affected a "very limited number of customers" and that a more permanent software update to address that vulnerability will be issued in early May.
Users learned that the information stolen from around 500 million LinkedIn user profiles is part of a database published for sale on a website popular with hackers, the company confirmed in early May.
The sale of the data was first reported by cybersecurity news and research site CyberNews, which said that a file that includes user IDs, names, email addresses, phone numbers, genders, professional titles, and links to other social media profiles were being auctioned on the forum for a four-figure sum.
What mistakes to avoid when looking for work online 1:22
According to LinkedIn, the database for sale "is actually an aggregation of data from a number of websites and companies."
LinkedIn user data includes only information that people who appear publicly on their profiles, the professional social networking site, which is owned by Microsoft (MSFT), said in a statement.
"This is not a LinkedIn data breach, and no private LinkedIn member account data was included in what we were able to review," the company said.
The personal information of nearly 500 million Facebook users, including their phone numbers, was posted on a website used by hackers, cybersecurity experts say.
There are records of more than 32 million accounts in the United States, 11 million in the United Kingdom and 6 million in India, according to Alon Gal, the CTO of cyber intelligence firm Hudson Rock.
Details in some cases included full name, location, birthday, email addresses, phone number and relationship status, he said.
"This is old data that was previously reported in 2019. We found and fixed this issue in August 2019," Facebook spokesman Andy Stone told CNN.
Verkada
Cloud-based security camera company Verkada confirmed that it recorded a cybersecurity incident after multiple reports saying hackers had breached customer video sources across a wide range of businesses.
The incident, which was first reported by Bloomberg, allowed intruders to access the sources of up to 150,000 security cameras from Verkada customers, including automaker Tesla, fitness company Equinox, and security company Verkada. Internet Cloudflare.
How to prevent your security cameras from being hacked?
2:50
Cloudflare told CNN Business that it uses Verkada systems to monitor entry points to the office and roads, and that Verkada had contacted to notify the company that its cameras may have been compromised.
Cloudflare said none of its own customer data had been affected by the Verkada leak.
"The cameras were located in offices that have been officially closed for almost a year," the company said.
CybersecurityHackersComputer Security
