Iranian Ransomware hit's US companies

Ransomware has plagued the world for years now. It’s one of the worst cyber threats faces by companies and consumers alike. The targets could be anything from major companies and schools to hospitals and critical infrastructure. Over this past week it has been reported that many of these ransomware attacks are being directed at the US from hostile state actors. In this weeks case the attacks are backed by the Iranian government.

The CISA (Coordinator for Critical Infrastructure Security and Resilience) website has put out a post just on Aug 28 this year describing the Iran-based threat to American companies from these actors. Along with technical details and information on how the attack is performed. They appear to be using a front company (Danesh Novin Sahand) in Iran to cover for and fund their attacks on American and ally nation companies over the past 10 years.

The threat posed by these attacks is not just monetary, the companies targeted all have important or sensitive data taken. The data taken either pertains to Critical infrastructure, personal data(SSN etc.) or National defense data. Whether the ransom was paid or not the data that was stolen was the real damage. The secondary purpose seems to be a form of cyber terrorism, with the targeting of schools and other similar facilities.

The best defense for the average person/employee is being aware. As always, avoid suspicious emails and making sure the links you click are safe and so on. Also be wary of phone calls that ask you for any information or even where you work.

By far the Biggest threat with this group is any form of remote access applications. Ensuring those are up to date and used only on secure networks is essential. Many attacks (including these recent ones) use vulnerabilities that are already well known and have patches ready.

Below is a link to those of you who are curious what steps can be taken to resist cyber attacks. Though some step are more focused at the Cyber/IT team level

Want to stay up to date and learn more about Cybersecurity? Subscribe for free to receive updates weekly.

Chinese Typhoon takes IT providers by storm

In another alarming development over past week it was discovered that a zero day exploit was used by Chinese government backed hackers to breach US internet providers servers. Going through the Versa company servers they used a privilege escalation vulnerability to get admin permissions on It providers using unpatched versa director services. This attack is only the latest in a string of activity caused by the group called Volt Typhoon.

As far back as February 7 of this year CISA posted warnings about Volt Typhoon activity attacking critical Infrastructure.

The CISA post is incredibly informative. I do highly recommend looking into it if you interested. It provides loads of information about this threat, and a lot of interesting technical details.

While it is known where the attacks are coming from, the fact that they are state sponsored makes it very difficult to stop them. There is also not much that can be done about attacks on this scale as an average person. Though it is important to be aware of the vulnerability of data, and potential for major disruptions to daily life. Attacks like this could directly impact you our your companies daily operations.

CISA believes that the choice of targeting critical infrastructure could lead to major cyber attacks against internet, power and water facilities in the event of hostilities. It is important to be aware of such possibilities and be aware of how vulnerable data online can be. The attacks using the versa exploit are still ongoing, any infrastructure organization which uses unattached versa software is still at sever risk.

All your news. None of the bias.

Be the smartest person in the room by reading 1440! Dive into 1440, where 3.5 million readers find their daily, fact-based news fix. We navigate through 100+ sources to deliver a comprehensive roundup from every corner of the internet – politics, global events, business, and culture, all in a quick, 5-minute newsletter. It's completely free and devoid of bias or political influence, ensuring you get the facts straight.

Subscribe to 1440 today.

Seattle-Tacoma Airport

Over the last few years airports and transportation facilities have been targeted all across the world by cyber attacks. The most recent is the Seattle event. It occurred around 6 days ago and is still causing major delays. The hackers breached into the web based systems, email, phone and disabled many screens in the airport. The systems were shut down to limit internal damage and the airport is suffering massive backlog.

Forced to deploy workers and rely on pen in paper in many areas it has thrown off all Sea-Tac Airports operations. The attack is still being investigated to determine whether there was a data theft or if this was just a denial of service attack. Whichever one it was, the attack was undoubtably effective at hurting the airport. It was also rumored to be another ransomware attack, but this is as of yet unconfirmed.

Airports and sea ports have suffered an increase in denial of service and ransom based attacks in recent years. The government has announced their intention to provide cyber resources to those industries. This is however a slow process and complex attacks on these institutions have continued to occur. It is also sadly another risk to personal data. In many of these cases customer data was also taken and sold. Leading to sometimes unavoidable personal data loss for those using the victims services. It pays to be personally prepared in case something like this compromises your data.