Ransomware Actors Evolved Their Operations in 2020
www.crowdstrike.com/blog/ransomware-actors-evolved-operations-in-2020/ The year 2020 was marked by the trend continuing at an accelerated rate. The advancements by eCrime actors include refinement and application of high-pressure extortion tactics on victim organizations and the sharing or copying of new techniques among different ransomware groups, in addition to a marked increase in the number of ransomware variants. These advancements all but ensure that ransomware will remain a popular method for eCrime actors to monetize breaches in the foreseeable future.
A deep dive into the operations of the LockBit ransomware group
www.zdnet.com/article/a-deep-dive-into-the-operations-of-the-lockbit-ransomware-group/ Researchers have provided an in-depth look at how LockBit, one of the newer ransomware groups on the scene, operates. report PDF:
What’s Making Your Company a Ransomware Sitting Duck
threatpost.com/ransomware-sitting-duck/167040/ What’s the low-hanging fruit for ransomware attackers? What steps could help to fend them off, and what’s stopping organizations from implementing those steps?
5 essential things to do before ransomware strikes
www.welivesecurity.com/2021/06/18/5-essential-things-do-before-ransomware-strikes/ By failing to prepare you are preparing to fail here’s what you can do today to minimize the impact of a potential ransomware attack in the future
Poland says recent attacks on local politicians originated from Russia
therecord.media/poland-says-recent-attacks-on-local-politicians-originated-from-russia/ The Polish government said that a recent wave of cyberattacks that have targeted the email accounts of local political figures originated from Russia. “The analysis of our services and the special services of our allies allows for a clear statement that the cyber attack was carried out from the territory of the Russian Federation, ” Kaczyski said in a press release today. Press release:
Threat Activity Group RedFoxtrot Linked to China’s PLA Unit 69010; Targets Bordering Asian Countries
www.recordedfuture.com/redfoxtrot-china-pla-targets-bordering-asian-countries/ RedFoxtrot has been active since at least 2014 and predominantly targets government, defense, and telecommunications sectors across Central Asia, India, and Pakistan, aligning with the likely operational remit of Unit 69010. Of particular note, within the past 6 months, Insikt Group detected RedFoxtrot network intrusions targeting 3 Indian aerospace and defense contractors; major telecommunications providers in Afghanistan, India, Kazakhstan, and Pakistan; and multiple government agencies across the region.
Russia bans VyprVPN, Opera VPN services for not complying with blacklist request
thehackernews.com/2021/06/russia-bans-vyprvpn-opera-vpn-services.html Russia’s telecommunications and media regulator Roskomnadzor (RKN) on Thursday introduced restrictions on the operation of VyprVPN and Opera VPN services in the country. “In accordance with the regulation on responding to threats to circumvent restrictions on access to child pornography, suicidal, pro-narcotic and other prohibited content, restrictions on the use of VPN services VyprVPN and Opera VPN will be introduced from June 17, 2021, ” the state agency said in a statement.
50, 000 security disasters waiting to happen: The problem of America’s water supplies
www.nbcnews.com/tech/security/50000-security-disasters-waiting-happen-problem-americas-water-supplie-rcna1206 “If you could imagine a community center run by two old guys who are plumbers, that’s your average water plant, ” one cybersecurity consultant said. But of all the country’s critical infrastructure, water might be the most vulnerable to hackers: the hardest in which to guarantee everyone follows basic cybersecurity steps, and the easiest in which to cause major, real-world harm to large numbers of people.
South Korean police arrest computer repairmen who made and distributed ransomware
therecord.media/south-korean-police-arrest-computer-repairmen-who-made-and-distributed-ransomware/ South Korean authorities have filed charges today against nine employees of a local computer repair company for creating and installing ransomware on their customers’ computers.
Fake DarkSide Campaign Targets Energy and Food Sectors
www.trendmicro.com/en_us/research/21/f/fake-darkside-campaign-targets-energy-and-food-sectors.html Threat actors behind a recent campaign pose as DarkSide in a bid to deceive targets into paying ransom.
Carnival Cruise Cyber-Torpedoed by Cyberattack
threatpost.com/carnival-cruise-cyberattack/167065/ This is the fourth time in a bit over a year that Carnival’s admitted to breaches, with two of them being ransomware attacks.
Network Forensics on Azure VMs (Part #2)
isc.sans.edu/forums/diary/Network+Forensics+on+Azure+VMs+Part+2/27538/ In yesterday’s diary, we took a look at two methods that allow to capture network connection information off a potentially compromised virtual machine in Azure. Today, we’ll investigate the most recent addition to the VM monitoring arsenal, namely “Azure Monitor Insights”.
Google Releases New Framework to Prevent Software Supply Chain Attacks
thehackernews.com/2021/06/google-releases-new-framework-to.html As software supply chain attacks emerge as a point of concern in the wake of SolarWinds and Codecov security incidents, Google is proposing a solution to ensure the integrity of software packages and prevent unauthorized modifications.
Poltergeist attack could leave autonomous vehicles blind to obstacles or haunt them with new ones
www.theregister.com/2021/06/18/poltergeist_autonomous_vehicles/ Researchers at the Ubiquitous System Security Lab of Zhejiang University and the University of Michigan’s Security and Privacy Research Group say they’ve found a way to blind autonomous vehicles to obstacles using simple audio signals.
Miljoonat salasanat vuotivat katso, ovatko tietosi mukana
www.iltalehti.fi/tietoturva/a/469b78f0-94d0-4ec2-8ce1-479bc5c95467 Suojattuja pilvipalveluja tarjoava NordLocker kertoo sivuillaan havaitsemastaan mittavasta haittaohjelmakampanjasta. Yhtiön mukaan troijalaishaittaohjelma kaappasi vuosien 2018 ja 2020 välillä käyttäjien tietoja 3, 35 miljoonalta Windows-koneelta.
Data is Wealth: Data Security is Wealth Protection
securityintelligence.com/posts/data-security-wealth-protection/ In 2021 alone, humanity (and a few robots) will create 79 sextillion bytes of data. That’s nearly 10 million times the estimated number of grains of sand on Earth. And those 79 sextillion bytes of data are in addition to all the data we already have. So today, organizations everywhere are not just swimming in data; they are sinking into their own data quicksand.