Threat Actors Target Ledger Data Breach Victims in New Extortion Campaign
by Alina Bizga, from HotForSecurity , on 14.05.2021
Blackmailers are having a field day capitalizing on victims of the Ledger data leak from July 2020. Nearly a year after cybercriminals gained access to the e-commerce database of the France-based crypto wallet company, a new extortion campaign threatens usersand#8217; financial and emotional well-being. This novel attempt at extorting victims, spotted by Bitdefender Antispam Lab [and#8230;] read more
Abusing Legitimate Software to Avoid Detection – ‘NAIKON’ APT Caught Running Cyber-Espionage Campaign Against Asian Military Organizations
by Filip Truta, from Business Insights , on 13.05.2021
Advanced Persistent Threat (APT) groups are at the heart of today’s cyber-espionage efforts. Unlike one-off hackers, APTs distinguish themselves through novel attack techniques, cunning lateral movement across the victim’s infrastructure, swift malware deployment, efficient data exfiltration and – perhaps most importantly – stealthy operation to avoid detection by cybersecurity tools. read more
US DOD Expands Vulnerability Bounty Program to Encompass Networks, IoT, More
by Silviu STAHIE, from IoT Security Insights , on 12.05.2021
The Department of Defense (DOD) has announced its Vulnerability Disclosure Program will expand to envelop all publicly accessible DOD information systems, including IoT devices. The DOD Vulnerability Policy has been in force since 2016, but it only covered DOD public-facing websites and applications, until now. In the meantime, the world became a much more complicated ... The post US DOD Expands Vulnerability Bounty Program to Encompass Networks, IoT, More appeared first on Bitdefender. read more
Infrastructure Attack Highlights That Ransomware Operators Are Aiming for Business Disruption
by Business Insights , on 12.05.2021
Ransomware continues to be the ultimate business disruptor. This week Colonial Pipeline, a private operator of the largest refined products pipeline in the United States, transporting more than 100 million gallons of fuel daily, announced they were a victim of a ransomware attack by the organization known as “Darkside.” The attack propelled Colonial to take systems offline, halting operations and threatening to cause the price of oil to rise. This attack against the U.S. infrastructure is yet another harsh reminder of how fragile critical infrastructure can become when targeted by ransomware and may become the final catalyst for an executive order on cybersecurity from U.S. President Biden. According to the New York Times, the speculated order will “require federal agencies to take a “zero trust” approach to software vendors, granting them access to federal systems only when necessary, and require contractors to certify that they comply with steps to ensure that the software they deliver has not been infected with malware or does not contain exploitable vulnerabilities.” Since August of 2020, Darkside operators (the group behind the Colonial Pipeline ransomware attack) have become increasingly active, targeting bigger names across a diverse array of industries, culminating in more attacks against critical infrastructure operators. Darkside also started reorganizing the ransomware business by adopting novel tactics such as creating a press center on their website to announce upcoming leaks and to encourage reporters to get in touch with them. They started partnering with dubious data recovery companies who help victims disguise ransomware payments as “data recovery fees.” Like a digital Robin Hood, the group has also been taking some proceeds from their attacks and donating to charities to show “moral principles.” Since the release of our free Darkside decryptor this January, Bitdefender has seen an increased number of companies and Managed Service Providers (MSPs) reach out to us for help with decryption – a strong indicator that targeted ransomware attacks have become more frequent and effective. This incident is not the first and will not be the last, as U.S. critical infrastructure, spans across the continent. Ransomware operators take advantage of vast networks of systems in remote areas, by probing networks for weak points of entry or by buying phished credentials to remote desktop instances that they can use to mount an attack. Critical infrastructure is increasingly appealing to ransomware operators – particularly those who are involved in Ransomware-as-a-Service (RaaS) schemes because of several reasons: Increased Notoriety - High-profile critical infrastructure attacks are extensively covered by the media which brings added attention to ransomware operators and their attacks. This increases their visibility and adds an extra pressure point on the victims to pay up faster. Added “Affiliates” - In the RaaS space, reputation is paramount. The more high-profile victims a group compromises, the more likely additional “affiliates” will join their team and share illicit revenue obtained through extortion. Likely to Negotiate – Last, but not least, competition among ransomware groups is fierce, with as many as 15 new families of ransomware showing up every month. Ransomware groups know that operators of critical infrastructure don’t have the luxury of losing data or shutting down operations (without massive loss) – not to mention regulatory fines. Ransomware groups know infrastructure operators may more open to negotiation than companies in less critical areas. The current situation with Darkside and the Colonial Pipeline shows once again that protection and prevention are key factors, and that one missed sample can have dire consequences not only for the business in question but also for the local or global economy as well.If you are worried about your organization becoming a victim of ransomware – here are three things you can do to become more cyber resilient against ransomware and avoid business disruption: Basic security hygiene – It’s obvious but true that many of the most pervasive cyber-attacks have been possible because of an unpatched machine, or outdated antimalware. You should apply patches immediately and audit your systems regularly to ensure everything is up to date. read more
Facebook Won’t Delete WhatsApp Accounts if You Don’t Agree to New Terms of Service
by Silviu STAHIE, from HotForSecurity , on 12.05.2021
Facebook announced a few months ago that the upcoming policy changes would require non-European users to accept new terms and conditions or be forced to stop using the service. From the looks of it, Facebook won’t require it from the start, but aims to make the user experience terrible for those who donand#8217;t accept. Facebook [and#8230;] read more
German Privacy Watchdog Prohibits Facebook from Processing WhatsApp User Data
by Alina Bizga, from HotForSecurity , on 12.05.2021
The Hamburg Commissioner for Data Protection and Freedom of Information (HmbBfDI) has imposed a three-month ban prohibiting Facebook from gathering and processing German WhatsApp usersand#8217;data. On Tuesday, the top German privacy watchdog told Facebook officials to stop processing user data from its instant messaging service, saying the appand#8217;s most recent privacy policy update that could [and#8230;] read more
Fraudsters Use Bogus Pfizer Covid-19 Vaccine Surveys to Steal Personal Info and Money in Ongoing Scam Campaign
by Alina Bizga, from HotForSecurity , on 12.05.2021
Scammers continue to piggyback on the pandemic and vaccination campaigns in a new giveaway vaccine survey scam purportedly from pharmaceutical giant Pfizer. According to Bitdefender Antispam Laband#8217;s latest telemetry, the survey scam has reached over 200,000 consumers since April. Our analysis shows a geo-targeted dispersal of the spam campaign, with 69.98% of the targeted users [and#8230;] read more
Threat Actor Compromised More than 25 Percent of Tor Network Relays, Research Shows
by Silviu STAHIE, from HotForSecurity , on 11.05.2021
Unknown actors took control over a quarter of all Tor network relays to launch man-in-the-middle attacks, target bitcoin addresses and much more. Tor is a software that lets users obfuscate their network traffic by routing it automatically through numerous volunteer-operated relays worldwide. That traffic is typically encrypted, so intercepting it is not really an option, [and#8230;] read more
Removal of Fraudulent URLs Jumped 15-Fold in 2020, NCSC Says
by Alina Bizga, from HotForSecurity , on 11.05.2021
In 2020, The National Cyber Security Centre’s (NCSC) Active Cyber Defense (ACD) program managed to curb the online scam economy in a record-breaking takedown of 700,595 scams. The agency’s latest annual report highlights a fifteen-fold increase in campaign takedowns compared to 2019. Nearly 1.5 million URLs were taken down in 2020, including: Fake celebrity endorsement [and#8230;] read more
City of Tulsa Struck by Ransomware Attack
by Graham CLULEY, from HotForSecurity , on 10.05.2021
Tulsa, Oklahoma, is reportedly the latest in a long line of American cities to have fallen victim to a ransomware attack. The attack, which occurred on Friday evening, caused the cityand#8217;s IT security teams to shut down many of Tulaand#8217;s internal systems over the weekend and#8220;out of an abundance of cautionand#8221; while they worked around [and#8230;] read more
