Security News












        Ransomware attack hits major US data center provider. CyrusOne, one of the biggest data center providers in
        the US, has suffered a ransomware attack, ZDNet has learned. In an email after this article's publication, a
        CyrusOne spokesperson confirmed the incident and said they are currently working with law enforcement and
        forensics firms to investigate the attack, and help customers restore systems impacted systems. "Six of our
        managed service customers, located primarily in our New York data center, have experienced availability issues
        due to a ransomware program encrypting certain devices in their network," CyrusOne told ZDNet. "Our data
        center colocation services, including IX and IP Network Services, are not involved in this incident. Our
        investigation is on-going and we are working closely with third-party experts to address this matter," the
        company said. According to details ZDNet received in a tip, the incident took place yesterday and was caused
        by a version of the REvil (Sodinokibi) ransomware. This is the same ransomware family that hit several
        managed service providers in June, over 20 Texas local governments in early August, and 400+ US dentist
        offices in late August.

                Source: https://www.zdnet.com/article/ransomware-attack-hits-major-us-data-center-provider/



        ThreatList: 90% of SMBs Believe Nation-State Actors Are Targeting Them. While APT activity is generally
        considered to be aimed at large enterprises housing valuable intellectual property, military-industrial entities,
        dissidents and civil society, and organizations of strategic importance to governments, the vast majority of
        small- and medium-sized businesses (SMBs) are concerned that they may be on the target list. A full 93
        percent of all SMB executives in a recent survey from AppRiver believe that nation-state-backed attackers are
        attempting to use businesses like theirs to breach the country’s digital security. And, this already-high figure
        jumps to 97 percent among larger SMBs with 150–250 employees. The reasoning goes that APTs see SMBs as
        entry points into a supply chain through which they can access larger game.

                Source: https://threatpost.com/smbs-nation-state-actors-apts-targeting/150836/



        RevengeHotels: cybercrime targeting hotel front desks worldwide. RevengeHotels is a targeted cybercrime
        malware campaign against hotels, hostels, hospitality and tourism companies, mainly, but not exclusively,
        located in Brazil. We have confirmed more than 20 hotels that are victims of the group, located in eight states
        in Brazil, but also in other countries such as Argentina, Bolivia, Chile, Costa Rica, France, Italy, Mexico, Portugal,
        Spain, Thailand and Turkey. The goal of the campaign is to capture credit card data from guests and travelers
        stored in hotel systems, as well as credit card data received from popular online travel agencies (OTAs) such as
        Booking.com. The main attack vector is via email with crafted Word, Excel or PDF documents attached. Some
        of them exploit CVE-2017-0199, loading it using VBS and PowerShell scripts and then installing customized
        versions of RevengeRAT, NjRAT, NanoCoreRAT, 888 RAT and other custom malware such as ProCC in the
        victim’s machine. The group has been active since 2015, but increased its attacks in 2019.

                Source: https://securelist.com/revengehotels/95229/








                                                    www.accumepartners.com
                                                                                                                     5