[Security Weekly] US Law Firm to Fortune 500 Companies Suffers Ransomware Attack and Data Breach
4th Week of July 2021
1. US law firm to Fortune 500 companies suffers ransomware attack and data breach
Campbell Conroy & O’Neil, P.C, a US corporate law firm whose clients include some of the world’s biggest corporations, disclosed a ransomware attack incident that happened back in February, which may have led to the compromise of sensitive personal data. Some of Campbell’s corporate clients include Toyota, Exxon Mobil, Apple, Mercedes-Benz, Ford, Honda, Home Depot, Johnson & Johnson, IBM, Boeing, and Pfizer.
Campbell disclosed in a press release on July 16 stating that the company first discovered abnormal activity on its IT network on February 27 and later confirmed that a number of its systems were locked out by ransomware.
Campbell said that some of the compromised devices contained highly sensitive personally identifiable information (PII), including names, dates of birth, passport numbers, social security numbers (SSN), driver’s licence numbers, bank account information, payment card information, health insurance information, as well as biometrics information. It remains unclear which individuals were affected. Campbell promised to offer two years of credit monitoring service for those who lost sensitive data.
What also remains unclear is whether data belonging to corporate clients were breached. If the attackers had accessed sensitive corporate information, more data breaches would likely occur in the foreseeable future.
Sources: Threatpost, Bleeping Computer
2. 16-year-old printer driver vulnerability puts millions of Windows devices at risk
Researchers discovered a 16-year-old vulnerability in a driver used by HP, Samsung, and Xerox printers, impacting millions of Windows devices globally.
Existent since 2005, the vulnerability (CVE-2021-3438) was rated a CVSS score of 8.8, making it a high-severity vulnerability. The flaw affects the SSPORT.SYS driver and allows any attacker to escalate their user privilege. When exploited, the attacker could bypass authentication, install malware, and tamper with data. They could also set up new accounts with higher privileges.
What’s more concerning is that the flawed driver gets automatically installed with the printer installation software, and gets loaded every time a Windows operating system starts, making it an appealing target for hackers.
Since the vulnerability remained undetected for 16 years, a high number of printers are impacted. All customers are advised to install the patches immediately, which can be found on the customer support websites of HP and Xerox.
Sources: ZDNet, Threatpost
3. Israeli cybersecurity firm NSO Group’s Pegasus spyware potentially abused
NSO Group, an Israeli offensive cybersecurity company, was claimed by media across the globe to be selling its Pegasus spyware to authoritarian leaders, who have been using it to spy on innocent people. NSO Group denied the claim and said that Pegasus is only sold to vetted government bodies including intelligence agencies, law enforcement agencies, and the military.
Pegasus is a spyware program specifically designed to infect mobile devices run on Android and iOS. As a very powerful tool, it can exfiltrate encrypted messages and emails, view photo galleries, record phone calls, and even secretly turn on microphones.
The scandal began when Guardian along with 16 other media organizations investigated a set of leaked data relating to Pegasus. The leaked data contained 50,000 phone numbers, belonging to those who were potentially targeted by Pegasus users since 2016.
The list contained the numbers of human rights activists, NGO employees, religious leaders, business executives, union leaders, and government officials such as presidents, prime ministers, and cabinet ministers. Close family members of authoritarian leaders were also included on the list, hinting that the users may be using the spyware to watch their families.
Journalists from CNN, Financial Times, New York Times, the Economists, the Associated Press, and Reuters were all included on the list.
Even though having phone numbers on the list is not direct evidence of being targeted, investigations on some of the victims’ phones showed signs of Pegasus infection, making it highly likely that the listed people are interested targets of Pegasus users.
Sources: Guardian, Amnesty International
Check out Penta Security’s product lines:
Web Application Firewall: WAPPLES
Database Encryption: D’Amo
Identity and Access Management: ISign+
Car, Energy, Factory, City Solutions: Penta IoT Security