Reading Time: ~ 2 min.

Maze Ransomware Group Ends Operations

A press release issued this week announced the end of the Maze
ransomware group’s data theft operations. In the release, the Maze authors revealed
their motives behind one of the most successful ransomware campaigns to date,
and why they chose to finally shut down their massive project. It also stated the
Maze team was working to expose the major security holes key industries fail to
address, though their methods created many victims.  

Magecart Targets International Gold Retailer

Nearly three months after a data breach caused by a Magecart
attack struck the international precious metals retailer, JM
Bullion
has finally released an official statement to customers. After
identifying unauthorized activity on their systems in the mid-July, the company
went on to find that their systems had been compromised since February by
Magecart payment card-skimming software. The company has yet to acknowledge why
took so long to discover the breach or why it failed to follow GDPR regulations
by immediately contacting affected customers.

Ryuk Remains Top Player Throughout 2020

With ransomware continuing its stay at the top of the cyberthreat
throne, Ryuk
variants have been responsible for over a third of all ransomware attacks in 2020
alone or roughly 67 million attacks. Ryuk has been around for over two years,
but found much greater success this year after being found responsible for only
5,100 attacks in 2019. Ransomware attacks grew 40 percent over last year, to
nearly 200 million as of Q3.

Cannabis Site Leaves Database Exposed

An unsecured database belonging to cannabis website GrowDiaries
and housing over 3.4 million user records was found to be accessible last month.
The data included 1.4 million user passwords that were encrypted using MD5
hashing, which is known to be easily unlocked by cybercriminals. Nearly a week
after being informed of the database GrowDiaries properly secured it from
public access, though it remains unclear how long it was accessible or who
accessed it during that time.

Mattel Reveals Ransomware Attack

Following a July ransomware attack, Mattel
has finally issued an official statement regarding the overall damage. The
company has confirmed that no data was stolen during the attack, which was
quickly identified by their security, and many systems were taken offline to
prevent any damage or theft occured. The ransomware attack was likely perpetrated
by TrickBot, as it’s known for concentrating on large organizations and leaving
them exposed for some encrypting variant to follow.

Connor Madsen

About the Author

Connor Madsen

Threat Research Analyst

As a Threat Research Analyst, Connor is tasked with discovering and identifying new malware variants, as well as testing current samples to ensure efficacy. Don’t miss the latest security news from around the world in his weekly Cyber News Rundown blog.

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: