Threat Intel: Thursday, April 4

Threat Intel Thursdays are a chance for you to keep your finger on the pulse of the cybersecurity landscape. They include items that are serious but did not rise to the level of an immediate threat intelligence email blast.

For the first Threat Thursday of April, we’ve got a major threat intelligence email on the way:

Omni Hotels hit by massive ransomware attack causing IT outages at many locations – Since late March, Omni has been affected by an IT outage that has been confirmed as a cyberattack. While Omni has yet to release intimate details of the attack, we believe they are still under extortion by a ransomware gang that is threatening to leak stolen customer data. It’s unclear yet the breadth of this data, but with Omni locations across the globe, things aren’t looking good!

Expect more in your email about this soon!

Here’s our Thursday roundup of a few other items you should know about this week:

Google Added Increased Blocking for Spoofed Emails and Spam: Google has been working on automatically blocking emails sent by bulk senders that don’t meet stricter spam thresholds based on new guidelines since October. Now, they’ve revealed their changes. We advise you to read and review these new requirements as there are already reports of the new guidelines leading to email bounces.

Google Chrome Beta Tests New Protections Against Cooking Stealing: Chrome has notoriously been a target for cookie stealing attacks, and this month, Google is piloting a new feature called DBSC that binds each cookie to a specific device. We’re looking forward to seeing whether this new feature truly reduces the success rate of cookie theft malware.

Hackers Targeted Backups in 94% of Ransomware Attacks: Sophos released multiple reports on the state of security that announced startling statistics. Out of the victims they surveyed, 94% found that ransomware attackers specifically went after backups. This is why the answers around “backup testing” in our pentest questionnaire are so important. Targeting backups should now be expected!

Hackers Abused RDP in 90% of Ransomware Attacks: Another statistic that we found correlated with our pentest results is that hackers abused RDP in 90% of the ransomware attacks Sophos studied. Make sure you’re running regular tests to identify open ports in the environment. Shields up folks!

Critical Flaw in LayerSlider WordPress Plugin: A reported 1 million sites are affected by a critical vulnerability in the LayerSlider WordPress plugin. The vulnerability allows an attacker to completely compromise the site and extract password hashes. If you’re using this plugin on your WordPress sites, please remediate immediately.

New HTTP/2 Vulnerability Introduces new DoS Attack Opportunity: We expect to see a host of serious DOS attacks in the coming months. This new HTTP/2 vulnerability has given a single attacker the power of over 100 compromised machines. The vulnerability combined with a little stress from in the right places will cause servers to completely freeze up. Please stay on the lookout as we plan to release more information as the landscape shifts.

That’s all for this week!

Leave a Reply