FBI, CISA, and NSA warn of hackers

increasingly targeting MSPs

source: bleepingcomputer.com, contributed by FAN Steve Page  |  image:  pixabay.com


Members of the Five Eyes (FVEY) intelligence alliance today warned managed service providers (MSPs) and their customers that they’re increasingly targeted by supply chain attacks.

Multiple cybersecurity and law enforcement agencies from FVEY countries (NCSC-UK, ACSC, CCCS, NCSC-NZ, CISA, NSA, and the FBI) shared guidance for MSPs to secure networks and sensitive data against these rising cyber threats.

“The UK, Australian, Canadian, New Zealand, and U.S. cybersecurity authorities expect malicious cyber actors—including state-sponsored advanced persistent threat (APT) groups—to step up their targeting of MSPs in their efforts to exploit provider-customer network trust relationships,” the joint advisory reads.

Continue reading “FBI, CISA, and NSA warn of hackers increasingly targeting MSPs”

Anatomy of a Phishing Scam As Told Through Scamming the Scammer


image - phishing

source: blog.avast.com. |  image:  pixabay.com

to view all images associated with this blog post, go to Avast.com

Here’s a “scam the scammer” SMS conversation to highlight some of the red flags to look out for the next time your “boss” messages you.

Sometimes it feels like scammers are coming at you from every direction these days. They’re on the phone. They’re on SMS. They’re on social media. Sorting the real from the nonsense can feel like a full time job but, for some people, that “job” turns into fun.

That’s what happened recently when a professional woman in New York City decided to play around a little bit with her “boss,” (spoiler: not her boss) who was making odd requests via text. And while “scam the scammer” situations like this one are often hilarious, they’re also a great way to learn about the methodology that scammers use to trick people into giving them money. 

So let’s take a look at the following “scam the scammer” SMS conversation to highlight some of the red flags to look out for the next time your “boss” messages you. 

1. They set up a situation where you can’t talk to them on the phone.

“Josh” makes it clear up front that he can’t talk on the phone. Obviously there are some situations where this is legitimate — like if he was actually Josh and was actually at a conference — but “Cris,” as an employee, would likely know if her boss was out of office. The scammer is hoping that Cris doesn’t know her boss’ schedule.

Continue reading “Anatomy of a Phishing Scam…”

North Korean hackers targeting journalists with novel malware

source: bleepingcomputer.com  |  image: pixabay.com


North Korean state-sponsored hackers known as APT37 have been discovered targeting journalists specializing in the DPRK with a novel malware strain.

The malware is distributed through a phishing attack first discovered by NK News, an American news site dedicated to covering news and providing research and analysis about North Korea, using intelligence from within the country.

The APT37 hacking group, aka Ricochet Chollima, is believed to be sponsored by the North Korean government, which sees news reporting as a hostile operation, and attempted to use this attack to access highly-sensitive information and potentially identify journalists’ sources.

After NK News discovered the attack, they contacted the malware experts at Stairwell for further assistance, who took over the technical analysis.

Continue reading “North Korean hackers targeting journalists with novel malware”

Russian hackers targeted NATO, eastern European militaries: Google

source: indianexpress.com  |  image: pexels.com

Russia, which is now under heavy Western economic sanctions following its decision to invade Ukraine on Feb. 24, regularly denies accusations of mounting cyber attacks on Western targets.


Russian hackers have recently attempted to penetrate the networks of NATO and the militaries of some eastern European countries, Google’s Threat Analysis Group said in a report published on Wednesday.

The report did not say which militaries had been targeted in what Google described as “credential phishing campaigns” launched by a Russian-based group called Coldriver, or Callisto.

“These campaigns were sent using newly created Gmail accounts to non-Google accounts, so the success rate of these campaigns is unknown,” the report said.

NATO was not immediately available for comment on the report.

Russia, which is now under heavy Western economic sanctions following its decision to invade Ukraine on Feb. 24, regularly denies accusations of mounting cyber attacks on Western targets.

In 2019, Finnish cybersecurity firm F-Secure Labs described Callisto as an unidentified and advanced threat actor “interested in intelligence gathering related to foreign and security policy” in Europe.

The group also targeted a NATO Centre of Excellence, Wednesday’s Google report said, without elaborating.

In a statement, the centre did not directly address Google’s report but said: “We see malicious cyber activity on a daily basis.”


Microsoft App Store Sizzling with New ‘Electron Bot’ Malware

source: threatpost.com  |  image: pexels.com



The SEO poisoning bot, capable of full system takeover, is actively taking over social media accounts, masquerading as popular games like Temple Run.

A backdoor malware that can take over social-media accounts – including Facebook, Google and Soundcloud – has infiltrated Microsoft’s official store by cloning popular games such as Temple Run or Subway Surfer.

The backdoor, dubbed Electron Bot, gives attackers complete control over compromised machines. Among the multiple evil deeds it can execute remotely, it enables its operators to register new accounts, log in, and comment on and like other social media posts – all in real time.

In a Thursday report, Check Point Research (CPR) said that the malware has claimed more than 5,000 victims in 20 countries – most from Bermuda, Bulgaria, Russia, Spain and Sweden– in its actively ongoing onslaught.

Continue reading “Microsoft App Store Sizzling with New ‘Electron Bot’ Malware”

TrickBot Ravages Customers of Amazon, PayPal and Other Top Brands

source: threatpost.com  |  image by pixabay.com


The resurgent trojan has targeted 60 top companies to harvest credentials for a wide range of applications, with an eye to virulent follow-on attacks.

Cyberattackers are targeting 60 different high-profile companies with the TrickBot malware, researchers have warned, with many of those in the U.S. The goal is to attack those companies’ customers, according to Check Point Research (CPR), which are being cherry-picked for victimization.

According to a Wednesday CPR writeup, TrickBot is targeting well-known brands that include Amazon, American Express, JPMorgan Chase, Microsoft, Navy Federal Credit Union, PayPal, RBC, Yahoo and others.

“Trickbot attacks high-profile victims to steal the credentials and provide its operators access to the portals with sensitive data where they can cause greater damage,” researchers noted in their report.

On the technical front, the variant that’s being used in the campaign has also added three interesting modules, and new de-obfuscation and anti-analysis approaches, researchers added.

TrickBot’s Back with a New Bag

The TrickBot malware was originally a banking trojan, but it has evolved well beyond those humble beginnings to become a wide-ranging credential-stealer and initial-access threat, often responsible for fetching second-stage binaries such as ransomware.

Continue reading “TrickBot Ravages Customers of Amazon, PayPal and Other Top Brands”



source: warontherocks.com, contributed by Artemus founder, Bob Wallace  |  Photo by Markus Spiske from Pexels


What if the next ransomware attack on U.S. soil involves a nuclear weapon?  What measures are being taken to ensure that this terrifying hypothetical never becomes a reality?

The weapons in the U.S. nuclear stockpile undergo frequent flight testing as a component of the National Nuclear Security Administration’s Stockpile Stewardship Program to ensure their safety, security, and reliability. However, weapon designs are changing, incorporating more digital components and communications. Legacy weapons used analog signaling and mechanical switching for most operations.  Digitally upgraded weapons rely on software, and standard software-testing practices are inadequate protection against failures when the code underpins life-or-death mechanisms.



NCA: Kids as Young as Nine Have Launched DDoS Attacks

source: infosecurity-magazine.com  | Photo by SoraShimazaki from Pexels

UK police have launched another initiative designed to persuade young people not to get involved in cybercrime after claiming that children as young as nine have launched DDoS attacks in the past.

The National Crime Agency (NCA) has teamed up with Schools Broadband, part of ISP the Talk Straight Group, on a new education campaign.

It said that students searching for specific terms associated with DDoS and other cybercrimes would be shown a warning message and suggested redirection to the Cyber Choices website. The aim is to educate young people about the Computer Misuse Act and the consequences of cybercrime.

A trial scheme is said to have significantly reduced searches for terms such as “stresser” and “booter” associated with DDoS, and it will now be rolled out nationwide to over 2000 primary and secondary schools.

The NCA said data from its National Cyber Crime Unit (NCCU) reveals a 107% increase in reports from the police cyber prevent network of students deploying DDoS attacks from 2019 to 2020.

The median age for referrals to the NCCU’s Prevent team is reportedly 15, but some offenders are as young as nine.

“Education is a key pillar in preventing crime and these messages highlight the risks and consequences of committing cyber offenses, which can result in a criminal record,” saidJohn Denley, deputy director of the NCA’s NCCU.

“Law enforcement plays a critical role in tackling cybercrime and keeping the country safe. School outreach is important to educate a younger audience and this initiative will continue to help divert young people away from criminality.”

A National Cyber Security Centre (NCSC) report from 2019, which polled 430 schools across the UK, found that over a fifth (21%) reported unauthorized use of computers, networks or servers by pupils – almost twice the number (11%) who claimed the same of staff.

The report warned that such schools might be at risk of failing GDPR compliance as a result.