[Security Weekly] Acer Falls Victim to REvil Ransomware, $50 Million Demanded
4th Week of March 2021
1. Acer falls victim to REvil ransomware, $50 million demanded
Taiwanese computer giant Acer, one of the largest PC manufacturers in the world, reportedly suffered an attack led by the REvil ransomware gangs. Over the weekend of March 20, the attackers published images of a small portion of the stolen data on its leak site, mostly consisting of financial reports and details of bank accounts.
Acer did not release the details of the attack. However, cybersecurity experts suspect that the attackers could have gained intrusion by exploiting the Microsoft Exchange Server vulnerability. A representative from Acer told the public that the attack was detected in March and that countermeasures were taken immediately to stop the intrusion from spreading further. It also said that the situation was reported in detail to the police as well as data regulatory bodies in multiple countries.
Clearly a double extortion ransomware attack, the attackers demanded $50 million worth of Monero coins paid by March 28, after which the amount would increase to $100 million, making this the highest ransom demand ever reported in history.
2. IoT manufacturer Sierra Wireless halts production following ransomware attack
Sierra Wireless, a Canadian-based multinational manufacturer of IoT network equipment like modems, routers, as well as other software tools and services, suffered a ransomware attack that halted its production.
The attackers compromised Sierra Wireless’ corporate network on March 20, forcing the company to shut down its internal IT systems. As a result, manufacturing facilities were put to a full stop. The company website was down. Business operations were severely disrupted.
Sierra Wireless reassured its customers that the attack was only limited to its internal IT network and did not in any way compromise its customer-facing products. The company claimed that countermeasures were undertaken immediately and that it expects services to resume soon.
Sierra Wireless did not disclose the specific strain of ransomware it was hit by. Yet, it later withdrew the Q1 2021 financial guidance issued in February as the attack might force it to make downward adjustments to its financial outlook.
3. Critical vulnerability of F5 BIG-IP and BIG-IQ products targeted by attackers
On March 25, security researchers at cybersecurity firm NCC Group discovered that hackers have been actively scanning for and exploiting a critical vulnerability in F5’s BIG-IP application delivery services and BIG-IQ management platform.
With a CVSS score of 9.8, CVE-2021-22986 is a critical flaw that enables unauthenticated remote command execution (RCE), which could lead to full system compromise. F5 issued a patch to the vulnerability in early March. Security researchers later reverse-engineered the patch and shared an exploit code online as a proof of concept.
As a network giant that specializes in application services, F5’s customers include some of the largest companies in the world, such as Microsoft and Facebook. Being under such a spotlight makes it an appealing target for supply chain attacks. CISA issued an urgent notice to all users of BIG-IP and BIG-IQ products to install the patch immediately.
4. Oil giant Shell becomes latest victim of Accellion FTA supply chain attack
Royal Dutch Shell, one of the largest corporations in the world, disclosed a data breach that compromised various files containing sensitive personal and corporate information.
The attackers exploited the four infamous vulnerabilities of Accellion FTA, a legacy file transfer appliance now reaching its end of life. In the past month, the victim list of Accellion FTA exploitation kept growing. Accellion claimed that out of more than 300 clients that use the product, “less than” 100 have been affected by the vulnerability, with “less than” 25 victims suffering severe data breaches.
So far, victims come from a wide range of industries, including government bodies like the Reserve Bank of New Zealand and Australian Securities and Investments Commissions (ASIC), telecom giant Singtel, medical school and healthcare provider SIU Medicine, brewing company Trillium, supermarket Kroger, only to name a few.
Despite the data breach, Shell said that its core IT systems remained unaffected as Accellion FTA was deployed in an isolated network.
Check out Penta Security’s product lines:
Web Application Firewall: WAPPLES
Database Encryption: D’Amo
Identity and Access Management: ISign+
Car, Energy, Factory, City Solutions: Penta IoT Security