Attackers Went to Great Lengths to Separate the Backdoor From LoaderMicrosoft researchers are offering fresh details on the SolarWinds hackers' extensive efforts to remain hidden, which gave them more time to fully penetrate systems, move laterally through networks and exfiltrate data in follow-on attacks.
Increasing Ransomware Varieties and Attack Volume Look Set to Continue, Experts WarnRansomware dominated the cybercrime landscape in 2020 and looks set to do so again this year, as criminals seek fresh new ways to make victims pay. Experts predict gangs will double down on whatever works, which lately includes data exfiltration.
MrbMiner Malware Has Targeted Thousands of Microsoft SQL ServersAn ongoing global cryptomining campaign has connections to an Iranian software firm, according to a report from Sophos. The MrbMiner malware has targeted thousands of vulnerable Microsoft SQL Servers.
Senior Director for Cyber and Others AnnouncedPresident Joe Biden's cybersecurity team is beginning to take shape, with three appointments recently announced, including Michael Sulmeyer as senior director for cyber.
Increasing Ransomware Varieties and Attack Volume Look Set to Continue, Experts WarnRansomware dominated the cybercrime landscape in 2020 and looks set to do so again this year, as criminals seek fresh new ways to make victims pay. Experts predict gangs will double down on whatever works, which lately includes data exfiltration.
Under Executive Order, Cloud Providers Must Vet Foreign CustomersIn the waning hours of his presidency Tuesday, Donald Trump issued an executive order requiring U.S. infrastructure-as-a-service providers and other cloud service providers to maintain detailed records on foreign clients that could be used to help track down those committing cybercrimes.
Threat Actors Accessed 'Limited Subset of Internal Company Emails'The CEO of security firm Malwarebytes says the hackers who attacked SolarWinds also targeted his company and gained access to a "limited subset of internal company emails."
Researchers Says Malicious Network Could Be Used to Launch DDoS AttacksResearchers at Check Point Research are tracking a new botnet dubbed "FreakOut" that's targeting vulnerabilities in Linux systems. The malware is creating a malicious network that has the potential to launch DDoS attacks.
FireEye Also Describes Hackers' Tools and TechniquesSecurity firm FireEye has released a free auditing and remediation tool on GitHub that it says can help organizations determine if the hacking group that targeted SolarWinds used similar techniques within their network to gain access to Microsoft Office 365 accounts.
Pandemic Expert Regina Phelps Says Next Weeks Are CriticalAs the U.S. marks its first anniversary of fighting COVID-19, pandemic expert Regina Phelps says the next several, critical weeks come down to two vital words: vaccines and variants. "Those are going to determine our destiny for the long and foreseeable future," she says.
Researchers: Backdoor Is Fourth Malware Variant Used During AttacksSymantec Threat Intelligence says it's uncovered another malware variant used in the SolarWinds supply chain hack - a loader nicknamed "Raindrop" that apparently was used to deliver Cobalt Strike, a legitimate penetration testing tool, to a handful of targets.
Hackers Attempt to Collect VPN CredentialsThe FBI is warning that hackers are increasingly using voice phishing, or vishing, to target remote and at-home workers as a way of harvesting VPN and other credentials to gain initial access to corporate networks.
Company Will Enforce Domain Controller Settings to Block ConnectionsMicrosoft is alerting customers that starting Feb. 9, it will enforce domain controller settings within Active Directory to block connections that could exploit the unpatched Zerologon vulnerability in Windows Server. Microsoft has been warning about the urgency of patching the flaw for months.
Open-Source Development Project Asking Members to Reset PasswordsOpenWRT, an open-source project that develops operating systems, firmware and other software for connected and embedded devices, is investigating a data breach after a hacker gained access to an administrator account and apparently was able to access usernames and email addresses for community members.
Tipster Alleges Woman Planned to Pass Laptop to Russian Friend
Police have arrested Riley June Williams of Pennsylvania, who a tipster alleges stole a laptop or hard drive belonging to House Speaker Nancy Pelosi. But is the tipsters claim that she had planned to pass the device to a friend in Russia credible?
Pindrop's Mark Horne on How to Shift from Call-Centric to Account-Centric DefenseFraud in the interactive voice response channel was growing before the pandemic. Since? IVR fraud has become "a fraudsters' playground," says Mark Horne, CMO of Pindrop. He shares a new account-centric defensive solution.
But Across Europe, Total Fines and Breach Reports Continue to Vary Widely by CountryPrivacy watchdogs in Europe have imposed fines totaling more than $330 million since the EU's General Data Protection Regulation went into full effect in May 2018, according to law firm DLA Piper. Over the past year, regulations received 121,000 data breach notifications, up 19% from the year before.
Security Experts Say Proposal Amounts to a 'Down Payment'President-elect Joe Biden's $1.9 trillion plan for COVID-19 relief includes nearly $10 billion in cybersecurity and IT spending. Some security experts hope the amount as just a "down payment" toward a broader effort.
The prospects for passing a U.S. privacy law will improve under the Biden administration, predicts attorney Kirk Nahra, who offers a legislative outlook.
Fraudsters Impersonate Vaccine Manufacturers, WHO, DHLResearchers at the security firm Proofpoint are tracking several fraud schemes leveraging COVID-19 vaccine-themed emails. The schemes include business email compromise scams, messages with malicious attachments and phishing emails designed to harvest credentials.
FBI: 'Enemies of the People' Campaign Threatens US Officials Through Emails, Text MessagesThe FBI is warning that an Iranian-linked cyber operation called "Enemies of the People" continues to threaten federal and state officials as well U.S. civilians via emails and text messages.
Flaw in Accellion's File Transfer Appliance Likely Led to IncidentThe governor of New Zealand's Reserve Bank says he "personally owns" responsibility for a data breach that exposed private and sensitive stakeholder information. The breach came after a serious vulnerability was disclosed in December in Accellion's File Transfer Appliance, which the bank uses.
Domestic Extremists Remain Principal Threat Ahead of Biden Inauguration, FBI WarnsThe U.S. Capitol siege and the impeachment of President Trump are being exploited for disinformation purposes ahead of Inauguration Day by Russia, Iran and China, a U.S. joint threat assessment reportedly warns. But in terms of violence, domestic extremists are the principal threat.
Researchers: Notorious Underground Marketplace Will 'Retire' in FebruaryJoker's Stash, the notorious underground marketplace that has specialized in the sale of stolen payment card data, is reportedly shutting down in February with its administrator claiming to "retire" at that time, according to Gemini Advisory. Researchers say business will quickly move to other sites.
Researchers: Charming Kitten Campaign Used SMS and Email MessagesA recent phishing campaign tied to an Iranian hacking group known as Charming Kitten used SMS and email messages to spread malicious links to steal the email credentials of potential victims in the U.S., Europe and the Persian Gulf region, security firm Certfa Lab reports.
Researchers Find Groups Hiding JavaScript Skimmers and Phishing PagesSeveral Magecart groups hide their JavaScript skimmers, phishing domains and other malicious tools behind a "bulletproof" hosting service called Media Land, according to researchers with RiskIQ. This particular service is notorious for catering to cybercriminals and hackers.
Livestreaming, Social Media Posts Lead to ArrestsMany of the insurrectionists who marched on the Capitol on Jan. 6 and violently forced their way into the building livestreamed their activities or boasted about them via social media. Those self-identifying actions have helped law enforcement authorities identify some of the more than 70 individuals charged.
Experts Warn of an Elevated Risk of Attack From Domestic, Foreign ActorsAs thousands of National Guard troops pour into Washington to provide security for the Jan. 20 inauguration of Joe Biden as president, cybersecurity analysts are calling attention to the need to defend against cyber incidents as well.
The FDIC is clarifying its policy and supervisory approach related to facilitating payment processing services directly, or indirectly through a third party, for merchant customers engaged in higher-risk activities.
The FFIEC on Oct. 7 issued a joint statement concerning Microsoft's discontinuation of support for its Windows XP operating system as of April 8, 2014.
Five federal regulatory agencies encourage financial institutions to work with customers affected by the federal government shutdown.
The FDIC has announced a series of steps intended to provide regulatory relief to financial institutions and facilitate recovery in areas of Illinois affected by severe storms, straight-line winds, and tornadoes.
Wells Fargo's Sridhar Sidhu on Redefining IAM for Remote WorkforceOrganizations with largely remote workforces must strengthen their dynamic authentication processes to enhance security, says Sridhar Sidhu, senior vice president and head of the information security services group at Wells Fargo.
The latest edition of the ISMG Security Report describes new details emerging from the SolarWinds supply chain hack investigation. Also featured: A discussion of why security education is so crucial in 2021 and tips on how to retain security and operations center analysts.
SolarWinds' Hack Prompts an Assessment of the Work That Still Needs to Be Done
In light of the widespread apparent impact of the hack of SolarWinds' network management tools, it's time for a frank assessment of the lack of cybersecurity progress in recent years. Consider a "60 Minutes" report from 2015 - and where we're at today.
Hunters Could Become the Hunted After Theft of Cybersecurity Firm's Hacking Tools
Because 2020 wasn't already exciting enough, now we have to worry about being hunted by adversaries wielding FireEye's penetration testing tools, thanks to the company having suffered a big, bad breach. Here's a list of targeted flaws that every organization should ensure they've patched.
Suspected Cyberespionage Operators Likely Only Hacked the Juiciest of Targets
Following the discovery that attackers Trojanized SolarWinds' Orion software, expect the list of organizations that were running the backdoored network-monitoring tool to keep increasing. But with this being a suspected cyberespionage operation, attackers likely focused on only the juiciest targets.
Espionage Operations Demand a Different Policy Response to Damaging Cyberattacks
In light of calls from some quarters for the U.S. to launch online attacks in reprisal for the SolarWinds supply chain campaign - allegedly carried out by Russia's foreign intelligence service - it's time to pause and remember: Spies are going to spy.
Facebook's relaunch and rebrand of its Libra digital payment initiative as Diem is seen by some as a shadow of its former self. Financial services commentator Chris Skinner explains why state governments and AML concerns are to blame.
The "remote workforce" of 2020 is gone. Now we're talking about the new, permanent "branch office" - and it comes with its own unique set of cybersecurity concerns, says Derek Manky of FortiGuard Labs. He discusses new social engineering trends and how to respond.
This edition of the ISMG Security Report features an analysis of the very latest information about the SolarWinds hack. Also featured are discussions of "zero trust" for the hybrid cloud environment and data privacy regulatory trends.
Conti Gang Claims Credit for Christmas Eve Attack and Data ExfiltrationThe Scottish Environment Protection Agency says a ransomware attack last month continues to cause serious outages and warns that ransom-demanding attackers also stole some data. The Conti ransomware-as-a-service operation has claimed credit for the attack and begun to leak the stolen data.
Agency Describes How DoH Can Help Prevent EavesdroppingThe NSA has released guidance on how organizations can adopt encrypted domain name system protocols to prevent eavesdropping and manipulation of DNS traffic. Although the agency's report is geared toward the military and defense contractors, its recommendations can be adopted in all sectors.
Researchers: 40 Gangs Uses Phony Classified Ads to Launch Phishing SchemesA Russian-speaking "scam-as-a-service" operation dubbed "Classiscam" is expanding globally, with 40 interconnected gangs in about a dozen countries using fake product advertisements to launch phishing schemes, the security firm Group-IB reports.