Round Up of Major Breaches and Scams
BEC attacks represent a low percentage of email attacks by volume, but a disproportionally high percentage of overall loss to business. According to the 2019 FBI IC3 report, BEC was responsible for more than 50% of all cybercrime-related financial loss. According to Abnormal Security’s Quarterly BEC Report Q1 2020, there have been several major shifts in BEC attack patterns.
Phishing campaigns typically use a few different tactics to compromise their victims. The initial emails usually spoof a company, brand, or product potentially used by the recipient. Often such emails pretend to come from a fellow employee or trusted external partner. Also, these emails sometimes are directed toward a specific individual within an organization, such as a C-level executive or someone with financial control.
Round Up of Major Malware and Ransomware Incidents
Cybercriminals behind recent Sodinokibi ransomware attacks are now upping their ante and scanning their victims’ networks for credit card or point of sale (PoS) software. Researchers believe this is a new tactic designed to allow attackers to get the biggest bang for their buck – ransom payments and credit card data.
A ransomware campaign, dubbed Hakbit, is targeting mid-level employees across Austria, Switzerland and Germany with malicious Excel attachments delivered via the popular email provider GMX. The spear-phishing based campaign is low volume and so far targeted the pharmaceutical, legal, financial, business service, retail, and healthcare sectors.
A city in Oregon has paid a ransom of $48,000 to regain control over its computer network following a cyber-attack. The city of Keizer’s computer system was successfully targeted by threat actors using ransomware in the early hours of June 10. The attack left officials unable to access either files or their email accounts for a full seven days.
Several attack campaigns waited two weeks after achieving a successful Trickbot infection before they deployed Ryuk ransomware as their final payload. SentinelOne came across the attacks as the result of monitoring an attack server employed by Trickbot’s handlers. In the process, they discovered data for three separate attacks that occurred in the beginning of October 2019.
A crime gang seeking “ransomware attack opportunities” is targeting organizations that use unpatched or poorly secured Citrix remote-access technology, then stealing data, unleashing crypto-locking malware and using the threat of exfiltrated data being publicly dumped to try to force payment, New Zealand’s national computer emergency response team warns.
Round Up of Major Vulnerabilities and Patches
Security breaches within networks are far more common than we realize. Even when we think that we have locked down our systems well, there might still be some gaps in security that allow hackers or malware in. In recent years, the concern over Verizon FiOS router security has arisen as well. If you have Verizon FiOS and are concerned about your router’s security, we have some information to help you.
Microsoft is moving forward with its promise to extend enterprise security protections to non-Windows platforms with the general release of a Linux version and a preview of one for Android. The software maker is also beefing up Windows security protections to scan for malicious firmware.