Cybercrime

June 15, 2023

“Several” US federal government agencies have been hit in a global cyberattack that exploits a vulnerability in widely used software. The US Cybersecurity and Infrastructure Security Agency “is providing support to several federal agencies that have experienced intrusions affecting their MOVEit applications,” Eric Goldstein, the agency’s executive assistant director for cybersecurity, said in a statement on ...

June 15, 2023

Every day, the Zaporozhye nuclear power plant (ZNPP) has to deal with cyberattacks, an adviser to the director general of Russia’s Rosenergoatom nuclear power engineering company has said. “Every day, networks of the Rosenergoatom concern, of the Rosatom state corporation and of the plant’s operating company, JSC Zaporozhye NPP, are subjected to powerful DDoS attacks,” Renat ...

June 14, 2023

Over 1.15 billion cyber attacks were launched against retailers, hotels and travel-related organisations in Asia-Pacific (APAC) last year, underscoring the security risks that come with growing digitisation efforts in the commerce sector. According to Akamai’s Entering through the gift shop: attacks on commerce report, retailers in India and China were the most targeted due to the ...

June 14, 2023

Today, CISA, the Federal Bureau of Investigation (FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and international partners released Understanding Ransomware Threat Actors: LockBit, a joint Cybersecurity Advisory (CSA) to help organizations understand and defend against threat actors using LockBit, the most globally used and prolific Ransomware-as-a-Service (RaaS) in 2022 and 2023. This guide is ...

June 14, 2023

US cyber insurance premiums surged 50% in 2022 as increased ransomware attacks and online commerce drove demand for coverage. Premiums collected from policies written by insurers reached $7.2 billion in 2022 and tripled in the past three years, ratings firm AM Best said in a study released this week. “Systematic risk is an ongoing concern,” Fred ...

June 13, 2023

As a result of Google’s announced sale of new TLDs that are also popular file extension formats, there is an increased risk with the deployment of the “.zip” domain that threat actors will develop new vectors for compromising victims. In early May 2023, Google released eight new TLDs, marketing the “.zip” domain as a way ...

June 13, 2023

Prudential Assurance Malaysia Bhd (PAMB) and Prudential BSN Takaful Bhd (PruBSN) have confirmed that they have been affected by the global MOVEit data-theft attack, “where a zero-day vulnerability was exploited.” The two insurance companies said that as soon as they became aware of the breach, “we took action to isolate the affected server while the incident ...

June 12, 2023

Extortion actors have been actively exploiting a recently patched vulnerability in MOVEit Transfer, a file-transfer application that is widely used to transmit information between organizations. The nature of the software affected means that attackers can exploit unpatched systems to mount a supply chain attack against multiple organizations. While the original vulnerability (CVE-2023-34362) was patched on May ...

June 12, 2023

Media watchdog Ofcom has confirmed that it is a victim of a cyber-attack by hackers linked to a notorious Russian ransomware group. Confidential data about some companies regulated by Ofcom, and personal information from 412 employees was downloaded during the mass hack. A number of firms, including British Airways, the BBC and Boots, have been affected ...

June 12, 2023

Stealing cryptocurrencies is nothing new. For example, the Mt. Gox exchange was robbed of many bitcoins back in the beginning of 2010s. Attackers such as those behind the Coinvault ransomware were after your Bitcoin wallets, too. Since then, stealing cryptocurrencies has continued to occupy cybercriminals. One of the latest additions to this phenomenon is the multi-stage ...