In this week's Cyber Bits, AT&T breach impacts millions of customers, hackers take advantage of a proof of concept 20 minutes after release, EXIM bugs affecting almost a million mail relays, the anatomy of the Akira Ransomware and their unfortunate efficiency at data exfiltration, and a new group targeting Veeam infrastructure.
AT&T Data Breach Impacts Millions
Link: Dark Reading
The recent data breach at AT&T, resulting from a supply chain cyber-incident, compromised the personal information of over 70 million current and former customers. The leak included sensitive details such as social security numbers, email addresses, and phone numbers, although financial information remained secure. This also affected customers of Boost Mobile, Cricket Wireless, and H2O Wireless, all of which are owned by AT&T.
Rapid Exploitation of PoC Exploits
Link: Bleeping Computer
Hackers have been observed exploiting proof-of-concept (PoC) exploits within 22 minutes of their public release. Security researchers at Cloudflare found that as soon as PoC exploits become available, attackers incorporate them into their arsenal to target vulnerable systems before they can be patched.
Critical Exim Mail Server Bug
Link: Bleeping Computer
A critical vulnerability in the Exim mail transfer agent software, used on over 1.5 million servers, allows attackers to bypass security filters, posing a significant threat to email security. This flaw enables remote code execution, allowing attackers to potentially take control of affected servers. The vulnerability affects multiple versions of Exim, and users are urged to update their software to mitigate this risk.
Akira Ransomware’s Quick Data Exfiltration
Link: Dark Reading
The Akira ransomware group has been noted for its exceptionally fast data exfiltration capabilities. With the able to steal sensitive data within just two hours, organizations face a significant challenge for detection and mitigation, as traditional security measures may not respond quickly enough. Akira’s tactics include targeting corporate networks, exfiltrating valuable data, and then encrypting the systems to demand ransom.
New Ransomware Exploits Veeam Vulnerability
Link: The Hacker News
A new ransomware group has been exploiting vulnerabilities in Veeam backup software to target businesses, leveraging known weaknesses to gain unauthorized access, exfiltrate data, and then deploy ransomware. We strongly recommend anyone using Veeam to review their security practices, review their IR procedures, and apply necessary patches to prevent exploitation.