Happy New Year from CSA, where we’ve been keeping an eye on the most notable recent cyber security stories. We’re here to keep you informed on the cyber threats you need to know about, so here are some of the biggest headlines from the last month, from the rise of phishing robocalls to terabytes of research being lost.

Scam robocalls doubled in 2021

A report from T-Mobile, published on the 20th of December, shows that they received over 700 suspected scam calls per second in 2021. The carrier’s Scam Shield blocked over 21 billion calls as scams, which represents a 116% increase from 2020. With these calls doubling over the past year, it’s never been more important to know whether a call is a phishing attempt or if it’s genuine. (source)

Ransomware group weaponises Log4Shell

Earlier in December, the entire security community was swept off its feet and brought to its knees after the Log4j or Log4Shell vulnerability put hundreds of millions of devices at risk, with many people working long days and nights to protect themselves and their clients. In December, the Russia-based ransomware group Conti became the first to weaponise Log4Shell, with a fully-fledged attack chain. (source)

Microsoft urges customers to patch bugs

On the 20th of December, Microsoft requested that organisations immediately patch two Active Directory domain controller bugs - CVE-2021-42287 and CVE-2021-42278. Both of these vulnerabilities were fixed in the November 2021 patch. Since then, however, a proof-of-concept tool has been published that leverages these vulnerabilities and could allow easy Windows domain takeover. The vulnerabilities have been described as "Windows Active Directory domain services privilege-escalation" errors, and have been assigned a high severity level and a CVSS severity of 7.5 out of 10. (source)

Half a billion compromised passwords found

According to the National Crime Agency’s National Cyber Crime Unit in the UK, nearly 586 million sets of credentials have been collected from a compromised cloud storage facility. They’ve been added to Have I Been Pwned (HIBP), a database of compromised passwords. The new sets include over 226 million new credentials that are new to HIBP, which already contained over 600 million passwords - bringing the database’s total to more than 847 million, making it an invaluable resource. (source)

University loses nearly 80TB of data

Between the 14th and 16th of December, Japan’s Kyoto University fell victim to an incident in which 34 million files, adding up to 77TB of data, were lost. Data belonging to 14 research groups was wiped from the system and backup files, and after attempts were made to recover the data, the work of four of the groups proved to be irretrievable. The translation of the report from the university stated that the files were deleted when an error occurred in their Hewlett-Packard supercomputer, with files under the same directory as log files were unintentionally deleted along with the log files. (source)

Ransomware group releases free decryptor

On the 29th of December, it was reported that the group behind the AvosLocker ransomware strain accidentally encrypted a police department in the US. After they learned they’d stolen data from a government agency, a representative from the ransomware group apologised and provided a free decryptor, claiming that they try not to compromise government entities because “tax payer money’s generally hard to get.” (source)

LastPass users have passwords compromised

Users of LastPass, the credential management service created by LogMeIn, have been receiving email notifications warning them that their accounts have been logged into from suspicious locations. LastPass has said this is a result of credential stuffing attacks, with users using the same passwords for different accounts. When they’re compromised, malicious actors are able to use these passwords to gain access to accounts. LastPass users are advised to enable multi-factor authentication to protect their information, if they haven’t already. (source)