Technical Support: 412-349-6678 | Incident Response

Cyber Security Happenings from January 2021

Cyber security updates for January 2021

Law enforcement is striking back.

The FBI joined other international agencies to seize the servers of prominent Emotet and Netwalker Ransomware cybercriminal organizations.

Will these actions help counter the rising tide of cybercrime?  It’s a start.

However, only widespread cyber-security maturity can deter cyber criminals. With that said, let’s advance our understanding by examining the latest cyber incidents.

Notable Cyber Attacks in January


SonicWall suffered a sophisticated attack exploiting a zero-day vulnerability in its NetExtender VPN client and Secure Mobile Access (SMA) products. 

SonicWall issued an urgent security notice on Jan. 22, but has yet to issue any confirmation on the details of the vulnerability.

This zero-day attack on the high-profile security provider shows that even the most prepared organization can fall victim to previously unknown vulnerabilities.

To counter this issue, we need to prepare defenses in depth so that a zero-day flaw on one layer does not fully expose the organization. And, as a safety net for our technology, we should also monitor for intrusion

Of course less sophisticated attacks, such as stolen backup data and ransomware, also prove successful.  Attackers stole the cloud backup of Bonobos clothing stores’ customer database, which contained customer information, partial credit card numbers and encrypted passwords.

Hackers will use that information to target these customers in phishing campaigns.

This breach should inspire us to check on our backup process for vulnerabilities in both data transmission and storage location.  Additionally, we should verify that we encrypt our data at rest, so that any practical use of the data is prevented…even during a breach.


Two prominent global enterprises, Palfinger, an Austrian crane manufacturer, and the Okanogan County Public Health IT System, suffered attacks that shut down significant operations. 

While they would not reveal specifics, the widespread operations disruption suggests that the companies fell victim to ransomware, and that their networks lacked sufficient segmentation to contain the attacks. 

Also, a ransomware attack reportedly affected 40 servers within Belgium’s CHwapi hospital, forcing it to redirect patients and delay procedures.  While no deaths were reported, this attack provides yet another reminder to the healthcare industry: there are high-stakes operational costs involved in falling victim to ransomware.

However, operational cost isn’t the only problem, as discovered by the Canada-based real estate services firm Colliers International Group.  They initially suffered an attack last November, but only acknowledged it when the press discovered Colliers data published on the dark web.

The operation cost was compounded by reputation damage.

When dealing with ransomware, we must be proactive in all responses while also avoiding the temptation to hide the attack. We must actively stop the attacks, contact our customers promptly, and continuously provide updates to the affected parties in order to avoid compounding our operational troubles with legal and reputation damages.

Remote Work - options for network security and infrastructure
How to Improve Your Security & Infrastructure for Remote Work - Click to Read

In-Depth Liability

The Dairy Farm Group, a $27 billion retail chain in Asia, admitted to a ransomware attack, but claimed that they contained it, which impacted less than two percent of their devices. 

However, the hackers continue to brag publicly about maintaining full control of the company’s corporate email, and that they are actively stealing data.

Though, Active Directory screen shots and corporate emails provided by the press did not convince the Dairy Farm Group that the hackers were still active. It’s frustrating when you believe that an attack is under control, only to be confronted with evidence that it’s not.

A similar ongoing problem is affecting the Windows software developer, IObit. 

In January, their forums were hacked, and the attackers emailed all forum users with a promotional link that offered a free software license. That link actually  linked to a ransomware installer hosted on the IObit forums. 

In other words, IObit customers received a link to a legitimate server hosted by IObit that delivered ransomware hosted by the company.  The attack began on Jan. 16, polluting forums with adware scripts. The cybercriminals behind it demanded either an individual $100 payment in the DERO cryptocurrency from each customer, or a $100,000 payment from IObit in DERO to decrypt all of its customers’ data.

As of now, the forums remain down because IOBit has not fully restored control. An attack of this magnitude compounds the usual troubles by adding layers of liability that stem directly from hosting the malware.

Don't Wait for Rescue

Whether the law enforcement actions begin to significantly impair malware activity or simply represent high-profile whack-a-mole remains to be seen. 

If you’re not proactive in advancing your cyber-security protection, you may become the next high-profile victim.

You must remain vigilant, create defense-in-depth, and monitor for signs that your defenses are being tested or breached. At Ideal Integrations, we’re by your side, 24/7/365. 

Contact us today by completing the form below, or calling us at 412-349-6680, so we can help your team verify current defenses, create additional levels of security, and monitor for breaches.

Need a Managed IT Solution For Your Organization? Contact Us!

  • This field is for validation purposes and should be left unchanged.