TechNadu is sharing images from a reported Babuk cyberattack on Japanese Power Tool Maker Yamabiko (who has not yet issued a statement on the attack). The threat actors claim to have stolen 0.5 TB of sensitive data and are already leaking out some of the documents. An expert from Blue Hexagon offers comments.

Subscribe
Notify of
guest

1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Saumitra Das
Saumitra Das , CTO and Co-founder
InfoSec Expert
May 11, 2021 3:09 pm

<p>Due to the deluge of new CVEs this year, attackers have now started attacking company infrastructure as an entry rather than the usual first vectors of phishing users, finding leaked credentials or open RDP. For example, a new zero-day <a href=\"https://nvd.nist.gov/vuln/detail/CVE-2021-22893\" target=\"_blank\" rel=\"noopener\" data-saferedirecturl=\"https://www.google.com/url?q=https://nvd.nist.gov/vuln/detail/CVE-2021-22893&source=gmail&ust=1620831053864000&usg=AFQjCNHVAAqNUGrqx_zFynLrvHUAOxn9pg\">CVE-2021-22893</a> was used along with old bugs in Pulse Secure VPNs by state-sponsored attackers to compromise several government agencies and corporations with 12 malware strains. It appears that in this attack as well, attackers may have used VPN as an entry point to gain a foothold. Such infection methods circumvent prevention-based perimeter defense like firewalls and necessitate the use of network detection and response to find attack traces that signature-based technologies miss.</p>

Last edited 1 year ago by Saumitra Das
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x