14 June 2022
2021
Hades Ransomware Gang Exhibits Connections to Hafnium
Tara Seals
https://threatpost.com/hades-ransomware-connections-hafnium/165069/
Excerpt:
“The Hades ransomware gang has several unique characteristics that set it apart from the rest of the pack, according to researchers – including potentially having more than extortion on the to-do list. The group appears to use multiple nation-state tools and techniques.”
18-Year-Old Hacker Gets 3 Years in Prison for Massive Twitter 'Bitcoin Scam' Hack
Ravie Lakshmanan
https://thehackernews.com/2021/03/18-year-old-hacker-gets-3-years-in.html
Excerpt:
“A Florida teen accused of masterminding the hacks of several high-profile Twitter accounts last summer as part of a widespread cryptocurrency scam pled guilty to fraud charges in exchange for a three-year prison sentence.Graham Ivan Clark, 18, will also serve an additional three years on probation.”
A strategic approach to identity verification helps combat financial crime
https://www.helpnetsecurity.com/2021/03/15/strategic-approach-to-identity-verification/
Excerpt:
“70% of financial services organizations are taking a strategic approach to identity verification to combat financial crime and stay one step ahead of fraudsters according to Trulioo.”
Alarming number of consumers impacted by identity theft, application fraud and account takeover
https://www.helpnetsecurity.com/2021/03/15/consumers-impacted-by-identity-theft/
Excerpt:
“A new report, developed by Aite Group, and underwritten by GIACT, uncovers the striking pervasiveness of identity theft perpetrated against U.S. consumers and tracks shifts in banking behaviors adopted as a result of the pandemic.”
Police raid apartment of alleged Verkada hacker, as questions asked about employees’ access to customer video feeds
Graham Cluley
https://grahamcluley.com/police-raid-apartment-alleged-verkada-hacker/
Excerpt:
“On Friday, software engineer Tillie Kottmann’s apartment in Lucerne, Switzerland, was raided by police who seized electronic devices, according to a post from their Mastodon account:”
Norwegian government falls victim to Microsoft attacks
Alex Scroxton
https://www.computerweekly.com/news/252497656/Norwegian-government-falls-victim-to-Microsoft-attacks
Excerpt:
“The national parliament of Norway, the Storting, has come forward as another victim of cyber attacks arising from a series of dangerous ProxyLogon vulnerabilities in Microsoft Exchange Server that affect more than 100,000 organisations worldwide and are being actively exploited by malicious actors.”
2021 Hacker Report: Hackers are not just driven by money
https://www.helpnetsecurity.com/2021/03/10/2021-hacker-report/
Excerpt:
“HackerOne released its 2021 Hacker Report that reveals a 63% increase in the number of hackers submitting vulnerabilities in 2020.”
Serious Security: Webshells explained in the aftermath of HAFNIUM attacks
Paul Ducklin
Excerpt:
“The cybersecurity meganews of the week, of course, is anything to do with HAFNIUM. (To be clear, we’re going to write it as Hafnium from now on, as Microsoft does in its top-level incident disclosure document, so that it doesn’t look as though we’re shouting all the time.) Strictly speaking, Hafnium is the name that Microsoft uses to denote a specific gang of cybercriminals, allegedly operating out of China via cloud services in the US.”
Hackers Breach Thousands of Security Cameras, Exposing Tesla, Jails, Hospitals
William Turton
Excerpt:
“A group of hackers say they breached a massive trove of security-camera data collected by Silicon Valley startup Verkada Inc., gaining access to live feeds of 150,000 surveillance cameras inside hospitals, companies, police departments, prisons and schools.”
Number of ransomware attacks grew by more than 150%
https://www.helpnetsecurity.com/2021/03/08/ransomware-attacks-grew-2020/
Excerpt:
“By the end of 2020, the ransomware market, fueled by the pandemic turbulence, had turned into the biggest cybercrime money artery. Based on the analysis of more than 500 attacks observed during Group-IB’s own incident response engagements and cyber threat intelligence activity, researchers estimate that the number of ransomware attacks grew by more than 150% in 2020.”
US National Security Council urges review of Exchange Servers in wake of Hafnium attack
Laura Dobberstein
https://www.theregister.com/2021/03/08/us_national_security_council_says/
Excerpt:
“The Biden administration has urged users of Microsoft's Exchange mail and messaging server to ensure they have not fallen victim to the recently-detected "Hafnium" attack on Exchange Server that Microsoft says originated in China.”
Flagstar Bank customer data breached through Accellion hack
Charlie Osborne
https://www.zdnet.com/article/flagstar-bank-customer-data-breached-through-accellion-hack/
Excerpt:
“Flagstar Bank has been added to a list of companies breached due to an Accellion software zero-day vulnerability.”
Cyberattack shuts down online learning at 15 UK schools
Charlie Osborne
https://www.zdnet.com/article/cyberattack-shuts-down-online-learning-at-15-uk-schools/
Excerpt:
“15 schools in the United Kingdom have been unable to provide online learning due to a cyberattack.”
South Africa Opposes WhatsApp-Facebook Data Sharing
AFP
https://www.securityweek.com/south-africa-opposes-whatsapp-facebook-data-sharing
Excerpt:
“South Africa's information regulator has protested WhatsApp's plans to share user data with Facebook, vowing to engage directly with the popular messaging app to ensure its compliance to national privacy laws.”
More than 30% of the world’s countries now have 5G availability
https://www.helpnetsecurity.com/2021/03/03/countries-5g-availability/
Excerpt:
“The number of cities with 5G networks is now 1,336 globally, a 350 percent increase during the past year despite an ongoing global pandemic, Viavi Solutions reveals. As of January 2021, more than 30 percent of the world’s countries now have 5G availability.”
Cybercriminals continue to target trusted cloud apps
https://www.helpnetsecurity.com/2021/03/02/cybercriminals-target-trusted-cloud-apps/
Excerpt:
“The majority of all malware is now delivered via cloud applications, underscoring how attackers increasingly abuse popular cloud services to evade legacy security defenses putting enterprise data increasingly at risk, a Netskope research reveals.”
Data is most at risk on email, with 83% of organizations experiencing email data breaches
https://www.helpnetsecurity.com/2021/03/01/email-data-breaches/
Excerpt:
“95% of IT leaders say that client and company data is at risk on email, an Egress report reveals. Additionally, an overwhelming 83% of organizations have suffered data breaches via this channel in the last 12 months.”
Alarming Cybersecurity Stats: What You Need To Know For 2021
Chuck Brooks
Excerpt:
“The year 2020 broke all records when it came to data lost in breaches and sheer numbers of cyber-attacks on companies, government, and individuals. In addition, the sophistication of threats increased from the application of emerging technologies such as machine learning, artificial intelligence, and 5G, and especially from greater tactical cooperation among hacker groups and state actors.”
Top cybersecurity facts, figures and statistics
Josh Fruhlinger
https://www.csoonline.com/article/3153707/top-cybersecurity-facts-figures-and-statistics.html
Excerpt:
“Looking for hard numbers to back up your sense of what's happening in the cybersecurity world? We dug into studies and surveys of the industry's landscape to get a sense of the lay of the land—both in terms of what's happening and how security leaders are reacting to it.”
Is cyberwarfare as threatening as the research shows?
https://www.fintechnews.org/is-cyberwarfare-as-threatening/
Excerpt:
“With the advancement of technology, most people would have said, and they did, that the world would be a better place. In many respects, this has come true. However, you can’t always steal the honeypot from under the bear’s nose. With good things, bad ones are bound to appear.”
The biggest data breach fines, penalties, and settlements so far
Dan Swinhoe
Excerpt:
“Sizable fines assessed for data breaches since 2019 suggest that regulators are getting more serious about organizations that don’t properly protect consumer data. Marriott was hit with a $124 million fine, later reduced, while Equifax agreed to pay a minimum of $575 million for its 2017 breach.”
Booming dark web gig economy is a rising threat
Andrada Fiscutean
https://www.csoonline.com/article/3613171/booming-dark-web-gig-economy-is-a-rising-threat.html
Excerpt:
““I need a site hacker for $2,000,” “Break this site for $10K,” “Can you collect information from our competitors’ websites?” or “Can you delete reviews? Budget $300.”
4 ways to keep the cybersecurity conversation going after the crisis has passed
Stacy Collett
Excerpt:
“CISO Bill Brown knows how high-profile cybersecurity breaches like SolarWinds can raise alarm bells among executives and board members when they become headline news. When leading information security for three previous companies, he remembers executives would call him during their morning train commutes after reading about the latest security breach, seeking reassurance. “Could this happen to us? Should we be concerned? But nothing more than that.”
#TECH: Increase in detected cyber threats
BOTS team
https://www.nst.com.my/lifestyle/bots/2021/03/670615/tech-increase-detected-cyber-threats
Excerpt:
“Trend Micro Incorporated said it detected 119,000 cyber threats per minute in 2020 as home workers and infrastructure came under new pressure from attacks. This insight and many others come from Trend Micro's 2020 roundup report, A Constant State of Flux: Trend Micro 2020 Annual Cybersecurity Report.”
Now is the right time for digital health passport
Datuk Dr Ahmad Ibrahim
https://www.nst.com.my/opinion/columnists/2021/03/672510/now-right-time-digital-health-passport
Excerpt:
“The tourism industry is reeling from the reduced travel due to the Covid-19 pandemic. The local hotel sector has reported millions in losses as hotel rooms remain mostly closed. The country has lost billions in revenue from the hospitality sector.”