Month: May 2022

The FBI warned on May 26, 2022 that thousands of compromised credentials harvested from US college and university networks are circulating on online crime forums in Russia and elsewhere, and could lead to subsequent cyber attacks against individual users or affiliated organizations. “Credential harvesting against an organization is often a byproduct of spear-phishing, ransomware, or other cyber intrusion tactics”, says the alert.

• As of January 2022, Russian cyber criminal forums offered for sale or posted for public access the network credentials and virtual private network accesses to a multitude of identified US-based universities and colleges across the country, some of which included screenshots as proof of access.
• In May 2021, over 36,000 email and password combinations (some of which may have been duplicates) for email accounts ending in .edu were identified on a publicly available instant messaging platform.
• In late 2020, US territory-based university account usernames and passwords with the domain .edu were found for sale on the dark web. The seller listed approximately 2,000 unique usernames with accompanying passwords.

The FBI alert offered recommendations:

• Keep all operating systems and software up to date.
• Implement user training programs and phishing exercises for students and faculty to raise awareness.
• Require strong, unique passwords for all accounts.
• Require multi-factor authentication (MFA).
• Restrict where accounts and credentials can be used.
• Segment networks to help prevent unauthorized access.
• Identify, detect, and investigate abnormal activity with network-monitoring tools.
• Use anomaly detection tools.
• Enforce principle of least privilege through authorization policies.
• Secure and closely monitor remote desktop protocol (RDP) use.
• Document external remote connections.

Read more about it here.

Agricultural machinery manufacturer giant AGCO announced that a ransomware attack impacted some of its production facilities. on May 5, 2022. “AGCO is still investigating the extent of the attack, but it is anticipated that its business operations will be adversely affected for several days and potentially longer to fully resume all services depending upon how quickly the Company is able to repair its systems” reads the announcement.

In an update provided on May 16, 2022, AGCO said: ” A majority of the affected production sites and parts operations resumed operational activities last week or today. The remainder of the sites are expected to begin operations during the balance of this week.” The Company also reported that there had been data exfiltration as a result of the ransomware cyber attack. While the Company does not have retail operations, and therefore no privacy-protected consumer data, the Company is still evaluating the scope and consequences of the data loss.

AGCO is based out of Duluth, Georgia, US, and has about 20,000 employees.

Read more about it here.

Car rental company Sixt confirmed on May 1, 2022 that it had detected “IT irregularities” on April 29, and had been subject to a cyberattack. A statement made by the company said: “Response measures were implemented immediately in accordance with pre-planned security protocols. Subsequently, it has been confirmed that Sixt SE was subject to a cyber-attack, which Sixt was able to contain at an early stage.” The statement further said: “As a standard precautionary measure, access to IT systems was immediately restricted and the pre-planned recovery processes were initiated. Many central Sixt systems, in particular the website and apps were kept up and running.”

Customers who called the company heard a recorded message telling them, “Due to a technical problem, we are currently unavailable and can only process e-mail inquiries with a delay.”

The type of attack has not been made public, and it is unclear if it was a ransomware attack. The company also declined to say whether customer or employee data was accessed during the cyberattack.

Sixt employs 7,000 people and operates about 2,000 locations across 110 countries.

Read more about it here.