A Ransomware Gang is Now Shorting Stock Price of its Victims
The National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI) jointly released a Cybersecurity Advisory, “Russian SVR Targets U.S. and Allied Networks,” to expose ongoing Russian Foreign Intelligence Service (SVR) exploitation of five publicly known vulnerabilities. This advisory is being released alongside the U.S. government’s formal attribution of the SolarWinds supply chain compromise and related cyber espionage campaign. We are publishing this product to highlight additional tactics, techniques, and procedures being used by SVR so that network defenders can take action to mitigate against them.
Hackers suspected of working for Russia got access to an email account belonging to the former head of the U.S. Department of Homeland Security, which is responsible for cybersecurity, in the SolarWinds hack, the Associated Press reported here on Monday.
The AP report said the intelligence value of the hacking of Chad Wolf, the former acting secretary of the DHS, and of email accounts belonging to officials in the department’s cybersecurity staff, was not publicly known.
The DHS did not immediately respond to a request for comment.
In the security breach at SolarWinds Corp which came to light in December, hackers infiltrated the U.S. tech company’s network management software and added code that allowed them to spy on end users. The hackers penetrated nine federal agencies and 100 companies.
Last week, Reuters reported that a planned Biden administration executive order would require many software vendors to notify their federal government customers when the companies have a cybersecurity breach.
The most vulnerable cybercrime victims are young adults and adults over 75, according to the latest research revealed in the LexisNexis Risk Solutions biannual Cybercrime Report.
Released Feb. 23, the report tracks global cybercrime activity from July 2020 through December 2020. The report reveals how unprecedented global change in 2020 created new opportunities for cybercriminals around the world, particularly as they targeted new users of online channels.
LexisNexis’ research found a 29 percent growth in global transaction volume compared to the second half of 2019. This growth came in the financial services (29 percent), e-commerce (38 percent) and media (9 percent) sectors. The number of human-initiated attacks dropped in 2020 by roughly 184 million, while the number of bot attacks grew by 100 million.
Attacks employing the TrickBot malware continue, leveraging phishing emails as the initial infection vector, the Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) warn.
In a joint advisory published on Wednesday, the two agencies revealed that a sophisticated group of cybercrime actors is leveraging a traffic infringement phishing scheme to lure victims into downloading the TrickBot malware.
A Swiss computer hacker who has claimed credit for helping steal or distribute proprietary data from Nissan Motor Co, Intel Corp and most recently security camera startup Verkada was indicted on Thursday, U.S. prosecutors announced.
Till Kottmann, 21, remains in Lucerne and has been notified about the pending charges, the U.S. attorney’s office in Seattle said in a statement.
Kottmann did not immediately respond to a request for comment following the announcement of the indictment, which came after midnight in Lucerne.
Yuval Baron, CEO at AlgoSec, explains why micro-segmentation is one of the most effective methods to limit the damage of attacks on a network
On August 15, 2020, the cruise line Carnival Corporation fell victim to a cyber-attack that may have resulted in the loss of personal data of millions of passengers and crew members.
Carnival is the world’s largest travel and leisure company with approximately 13 million passengers per year. The company has not revealed how many customers or which of their individual brands were affected but what we do know is that law enforcement agencies were been notified because one of the brands reported a ransomware attack that broke through an encrypted part of their network.
“In recent campaigns identified in February 2021, browser extension delivery domains have prompted users to ‘Switch to the Firefox Browser’….”
Cybersecurity researchers today unwrapped a new campaign aimed at spying on vulnerable Tibetan communities globally by deploying a malicious Firefox extension on target systems.
“Threat actors aligned with the Chinese Communist Party’s state interests delivered a customized malicious Mozilla Firefox browser extension that facilitated access and control of users’ Gmail accounts,” Proofpoint said in an analysis.
The Maza cybercriminal forum has reportedly suffered a data breach leading to the leak of user information.
On March 3, Flashpoint researchers detected the breach on Maza — once known as Mazafaka — which has been online since at least 2003.
Maza is a closed and heavily-restricted forum for Russian-speaking threat actors. The community has been connected to carding — the trafficking of stolen financial data and payment card information — and the discussion of topics including malware, exploits, spam, money laundering, and more.
Once the forum was compromised, the attackers who took the forum over posted a warning message claiming “Your data has been leaked / This forum has been hacked.”
North Korean hackers have been masquerading as cybersecurity bloggers in order to target researchers in the field, according to Google. They’re doing so by exploiting mysterious weaknesses in computers running the most up-to-date versions of Microsoft Windows and Google Chrome, the tech giant warned Monday.
Adam Weidemann, a researcher at Google’s Threat Analysis Group, said the attacks have been ongoing over the last three months. The hackers set up fake Twitter accounts to show off security research and link to a blog. One of the accounts—@br0vvnn—claimed to be the founder of @BrownSec3Labs and looked to be posting innocuous research as well as promoting others’ work, including Google’s own researcher Ben Hawkes. Earlier this month, another Google researcher, Thomas Shadwell, was sent a Twitter direct message by one of the hackers’ personas, Zhang Guo, though it’s unclear what they wanted. While the blog did contain some legitimate research (as well as faked material), it also hosted an exploit that would install a backdoor on the victim’s PC. Only Windows PCs have been attacked thus far.