Dormant malware gets activated
Go Back

Dormant malware gets activated

1. Signals of a bigger attack?

Polish intelligence is investigating a recent cyber attack on Poland's railway network. The attack involved hackers gaining access to railway frequencies, causing trains to halt their services. The messages included a mix of recordings of Russia's national anthem and a speech by President Vladimir Putin. Around 20 trains were affected, but services were quickly restored. (BBCnews)

My thoughts: This attack comes after multiple attempts to destabilize the state. If I were to guess, this was a test of how the state would react and how timely they were. Thankfully, Poland’s internal security team is taking this seriously.

2. NEVER HEARD BEFORE: A third-party attack affects hundreds of businesses

Swan Retail, a U.K.-based provider of Retail Management and EPOS Solutions, experienced a cyber attack that caused significant disruptions to around 300 retailers. Sectors such as fashion, homewares, and sports equipment were affected. The incident is under investigation by the U.K. National Cyber Security Center (NCSC) and other agencies. (hackread)

My thoughts: We’ve talked about this before so many times. If only Swan Retail read Cyber Weekly. “You are are strong as your business partners” - Me. This is a reminder to validate and verify your business partners’ cyber security posture.

3. Dormant malware gets activated!!!

CloudNordic, a Danish cloud-sharing platform, lost the customer data for most of its clients in a ransomware attack. It has forced the company to rebuild its systems from scratch. The incident occurred while the company moved servers between data centers. Unfortunately, dormant malware on some servers was activated in the move. This allowed hackers to encrypt all servers and backup systems, rendering the data inaccessible. (PCmag)

My thoughts: Yikes. They didn’t know there was dormant malware on their servers. It is very common for bad actors to let malware “linger” for weeks and months inside an organization before unleashing it! Easy solution: Look into SentinelOne to protect your workstations and be sure to have adequate backup. We keep hearing these stories of businesses finding out about malware WAYY too late. Be better than them and look into SentinelOne and Veeam for Backup.

4. A case of historic security measures

The Ohio History Connection, a non-profit that manages archives of over 50 museums, suffered a ransomware attack that exposed sensitive information, including Social Security numbers, of around 7,600 current and former employees. The attackers demanded a multi-million-dollar ransom to prevent data release, which the organization declined to pay. It came from a phishing email with a malicious attachment. The organization defended its delay in notifying victims, stating they needed time to assess the extent of the breach. (therecord)

Thoughts: First of all, they sent letters!? Tell me you don’t have an up-to-date IT team without telling me you don’t have an up-to-date IT team! Second, let me introduce you to a secret - Abnormal Security. They specialize in email security. They literally have a feature that REMOVES suspicious emails from inboxes. Why take a chance!?

Featured Posts
Cyber Talk

Access monthly conversations with IT & Tech Leaders about the hottest cyber security topics in the industry.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.