FBI, CISA, and NSA warn of hackers

increasingly targeting MSPs

source: bleepingcomputer.com, contributed by FAN Steve Page  |  image:  pixabay.com

 

Members of the Five Eyes (FVEY) intelligence alliance today warned managed service providers (MSPs) and their customers that they’re increasingly targeted by supply chain attacks.

Multiple cybersecurity and law enforcement agencies from FVEY countries (NCSC-UK, ACSC, CCCS, NCSC-NZ, CISA, NSA, and the FBI) shared guidance for MSPs to secure networks and sensitive data against these rising cyber threats.

“The UK, Australian, Canadian, New Zealand, and U.S. cybersecurity authorities expect malicious cyber actors—including state-sponsored advanced persistent threat (APT) groups—to step up their targeting of MSPs in their efforts to exploit provider-customer network trust relationships,” the joint advisory reads.

Continue reading “FBI, CISA, and NSA warn of hackers increasingly targeting MSPs”

North Korean hackers targeting journalists with novel malware

source: bleepingcomputer.com  |  image: pixabay.com

 

North Korean state-sponsored hackers known as APT37 have been discovered targeting journalists specializing in the DPRK with a novel malware strain.

The malware is distributed through a phishing attack first discovered by NK News, an American news site dedicated to covering news and providing research and analysis about North Korea, using intelligence from within the country.

The APT37 hacking group, aka Ricochet Chollima, is believed to be sponsored by the North Korean government, which sees news reporting as a hostile operation, and attempted to use this attack to access highly-sensitive information and potentially identify journalists’ sources.

After NK News discovered the attack, they contacted the malware experts at Stairwell for further assistance, who took over the technical analysis.

Continue reading “North Korean hackers targeting journalists with novel malware”

FBI Warns of BlackCat Ransomware That Breached Over 60 Organizations Worldwide

 

source: thehackernews.com  |  image: pixabay.com

 

The U.S. Federal Bureau of Investigation (FBI) is sounding the alarm on the BlackCat ransomware-as-a-service (RaaS), which it said victimized at least 60 entities worldwide between as of March 2022 since its emergence last November.

Also called ALPHV and Noberus, the ransomware is notable for being the first-ever malware written in the Rust programming language, which is known to be memory safe and offer improved performance.

“Many of the developers and money launderers for BlackCat/ALPHV are linked to DarkSide/BlackMatter, indicating they have extensive networks and experience with ransomware operations,” the FBI said in an advisory published last week.

The disclosure comes weeks after twin reports from Cisco Talos and Kasperksy uncovered links between BlackCat and BlackMatter ransomware families, including the use of a modified version of a data exfiltration tool dubbed Fendr that’s been previously only observed in BlackMatter-related activity.

Continue reading “FBI Warns of BlackCat Ransomware That Breached Over 60 Organizations Worldwide”

Cyber warfare gets real for satellite operators

source: spacenews.com  |  image: pixabay.com

Recent network attacks in Ukraine have been ‘an eye opener for everybody’

WASHINGTON — The U.S. government on March 17 advised satellite operators to put their guard up in the wake of a cyberattack that disrupted internet services in Europe provided by Viasat’s KA-SAT.

“Given the current geopolitical situation, the Cybersecurity and Infrastructure Security Agency requests that all organizations significantly lower their threshold for reporting and sharing indications of malicious cyber activity,” said CISA, an organization within the Department of Homeland Security. 

Following CISA’s advisory, the Satellite Industry Association on March 18 issued a statement of “commitment to cybersecurity best practices” and expressed concern about “evolving attacks by criminals, terrorists, and nation states.”

Continue reading “Cyber warfare gets real for satellite operators”

DoD Identity Awareness, Protection, and Management (IAPM) Guide

 

Click the image above to view this amazing guide & resource

 

HOW TO USE THIS GUIDE The Identity Awareness, Protection, and Management (IAPM) Guide is a comprehensive resource to help you protect your privacy and secure your identity data online. The IAPM Guide is divided into chapters detailing key privacy considerations on popular online services, mobile apps, and consumer devices available in the market today. Each section provides you with tools, recommendations, and step-by-step guides to implement settings that maximize your security. The guide is updated periodically. While some of the chapters in the IAPM Guide deal with technical issues, they do not require a technical background to follow. The U.S. Department of Defense creates this guide to provide recommendations for readers to keep their identities private and secure online. Please note the information presented here is subject to change.

Blue, yellow and gray zone: The cyber factor in Ukraine

source: c4isrnet.com  |  image: pexels.com

 

WASHINGTON — As Russia massed troops along its border with Ukraine over the last few months, it was unclear whether Russian President Vladimir Putin would invade. But if he did, experts warned, Russia would bombard the nation with a series of cyberattacks to sow confusion and weaken its resolve.

On Feb. 24, Putin unveiled his plans. Moscow’s war machine rolled into the Eastern European nation. The combined Russian air, land and sea assault was preceded by waves of cyberattacks, the sort of gray-zone meddling analysts and defense officials had foreseen. Websites were hamstrung. Malware coursed through computers. Communications were hampered.

But the full-fledged cyberwar some feared has not materialized. There has been no digital devastation of critical infrastructure, no damning disinformation.

“Apparently, it’s less than we thought would have happened at this point,” said Charles Munns, a retired U.S. Navy vice admiral who has advised the Defense and Energy departments. “It’s more of a 20th century invasion, with tanks and missiles and airplanes.”

A brief cyber history of Ukraine

Both Russia and Ukraine have a history with cyberattacks — the former leveraging the domain to wreak havoc, and the latter often finding itself on the receiving end.

Continue reading “Blue, yellow and gray zone: The cyber factor in Ukraine”

 

Microsoft App Store Sizzling with New ‘Electron Bot’ Malware

source: threatpost.com  |  image: pexels.com

 

 

The SEO poisoning bot, capable of full system takeover, is actively taking over social media accounts, masquerading as popular games like Temple Run.

A backdoor malware that can take over social-media accounts – including Facebook, Google and Soundcloud – has infiltrated Microsoft’s official store by cloning popular games such as Temple Run or Subway Surfer.

The backdoor, dubbed Electron Bot, gives attackers complete control over compromised machines. Among the multiple evil deeds it can execute remotely, it enables its operators to register new accounts, log in, and comment on and like other social media posts – all in real time.

In a Thursday report, Check Point Research (CPR) said that the malware has claimed more than 5,000 victims in 20 countries – most from Bermuda, Bulgaria, Russia, Spain and Sweden– in its actively ongoing onslaught.

Continue reading “Microsoft App Store Sizzling with New ‘Electron Bot’ Malware”

The threat of cyber-warfare

source: economist.com  |  image: pixabay.com

Our podcast on the science and technology making the news. This week we investigate the technology and tactics of digital warmongering, and assess why Russia hasn’t yet wielded its cyber power

Click below to listen

THE CONFLICT in Ukraine has brought renewed fear of a global cyber-war. We explain the technology behind the digital threat and its role in modern warfare. And, why hasn’t Russia carried out large-scale cyber-attacks so far? Alok Jha hosts. Runtime: 42 min

Free Cybersecurity Tools and Services List

Published by CISA

 

source: pewresearch.org  | image by pixabay.com

 

Asked to ‘imagine a better world online,’ experts hope for a ubiquitous – even immersive – digital environment that promotes fact-based knowledge, offers better defense of individuals’ rights, empowers diverse voices and provides tools for technology breakthroughs and collaborations to solve the world’s wicked problems

 

This report is the second of two analyzing the insights of hundreds of technology experts who responded in the summer of 2021 to a canvassing of their predictions about the evolution of online public spaces and their role in democracy in the coming years. In response to the primary research question, many said they expect that these forums will be significantly improved by 2035 if reformers, big technology firms, governments and activists tackle the problems created by misinformation, disinformation and toxic discourse. At the same time, they expressed ongoing concerns about the destructive forces in culture and technology that could continue to plague online life and disrupt beneficial change in the coming years.

Continue reading “Free Cybersecurity Tools and Services List Published by CISA”

TrickBot Ravages Customers of Amazon, PayPal and Other Top Brands

source: threatpost.com  |  image by pixabay.com

 

The resurgent trojan has targeted 60 top companies to harvest credentials for a wide range of applications, with an eye to virulent follow-on attacks.

Cyberattackers are targeting 60 different high-profile companies with the TrickBot malware, researchers have warned, with many of those in the U.S. The goal is to attack those companies’ customers, according to Check Point Research (CPR), which are being cherry-picked for victimization.

According to a Wednesday CPR writeup, TrickBot is targeting well-known brands that include Amazon, American Express, JPMorgan Chase, Microsoft, Navy Federal Credit Union, PayPal, RBC, Yahoo and others.

“Trickbot attacks high-profile victims to steal the credentials and provide its operators access to the portals with sensitive data where they can cause greater damage,” researchers noted in their report.

On the technical front, the variant that’s being used in the campaign has also added three interesting modules, and new de-obfuscation and anti-analysis approaches, researchers added.

TrickBot’s Back with a New Bag

The TrickBot malware was originally a banking trojan, but it has evolved well beyond those humble beginnings to become a wide-ranging credential-stealer and initial-access threat, often responsible for fetching second-stage binaries such as ransomware.

Continue reading “TrickBot Ravages Customers of Amazon, PayPal and Other Top Brands”