Cybercrime


NEWS 
  • FBI warns of rise in PYSA ransomware operators targeting US, UK schools

    March 17, 2021

    The FBI has warned of a surge in attacks against schools in which ransomware operators are stealing data to pile on the pressure for payment. In a joint FBI and DHS-CISA flash industry alert (.PDF) this week, law enforcement said a recent increase in attacks leveraging PYSA ransomware, also known as Mespinoza, has been traced to ...

  • Cybercriminals Are Making, and Demanding, More Money Than Ever

    March 17, 2021

    Ransomware is one of the top threats in cybersecurity and a focus area for Palo Alto Networks. The global threat intelligence team (Unit 42) and incident response team (The Crypsis Group) have partnered to create the 2021 Unit 42 Ransomware Threat Report to provide the latest insights on the top ransomware variants, ransomware payment trends ...

  • New Mirai Variant Targeting Network Security Devices

    March 15, 2021

    On Feb. 23, 2021, one of the IPs involved in the attack was updated to serve a Mirai variant leveraging CVE-2021-27561 and CVE-2021-27562, mere hours after vulnerability details were published. On March 3, 2021, the same samples were served from a third IP address, with the addition of an exploit leveraging CVE-2021-22502. Furthermore, on March ...

  • COVID-19: Examining the threat landscape a year later

    March 15, 2021

    A year ago — everything changed. In an effort to stem the tide of a rapidly spreading pandemic, the world shut down. Shops were forced to shut their doors, and whole countries were placed on stringent lockdowns. Schools were closed around the world, with more than one billion children affected, and the vast majority of ...

  • REvil Group Claims Slew of Ransomware Attacks

    March 12, 2021

    The REvil ransomware threat group is on a cyberattack tear, claiming over the past two weeks to have infected nine organizations across Africa, Europe, Mexico and the U.S. The organizations include two law firms, an insurance company, an architectural firm, a construction company and an agricultural co-op, all located in the U.S.; as well as two ...

  • Threat Assessment: DearCry Ransomware

    March 12, 2021

    Last week, Microsoft reported that attackers compromised Exchange Mail Servers with the use of four zero-day vulnerabilities. While patches have been released by Microsoft, adversaries are still attacking vulnerable versions of Microsoft Exchange Servers with malicious tools, malware and data exfiltration. Further, Microsoft has confirmed the existence of a ransomware variant leveraging these vulnerabilities, which ...

  • No Laughing Matter: Joker’s Latest Ploy

    March 12, 2021

    Joker reveals more tricks up its sleeves: new malicious Android apps that, like in past schemes, subscribe users to premium services without their consent. Joker (a.k.a. Bread) is one of the most persistent malware families that continually targets Android devices. The malware entered the scene in 2017, and by early 2020, Google has removed more than ...

  • The Future of P2P IoT Botnets

    March 11, 2021

    The internet of things (IoT) has created a new domain for botnet developers to compete and thrive in. Already, there they battle one another for devices while their victims contend with persisting infections. But the involvement of a well-known file-sharing technology, peer-to-peer (P2P) networking, into the mix can further complicate matters. A typical IoT botnet consists ...

  • NimzaLoader malware was written in an unusual programming language to stop it from being detected

    March 11, 2021

    A prolific cyber criminal hacking operation is distributing new malware which is written in a programming language rarely used to compile malicious code. Dubbed NimzaLoader by cybersecurity researchers at Proofpoint, the malware is written in Nim – and it’s thought that those behind the malware have decided to develop it this way in the hopes that ...

  • Molson Coors discloses cyberattack disrupting its brewery operations

    March 11, 2021

    Brewing giant Molson Coors disclosed Thursday that it has experienced a “cybersecurity incident” that has disrupted operations and beer production. In a Form-8K filed with the SEC today, Miller Coors said it’s bringing in an outside forensic IT firm to investigate the breach, but that delays in shipments were likely as it works to bring ...

  • TrickBot Takes Over, After Cops Kneecap Emotet

    March 11, 2021

    A massive malicious spam campaign, along with the global takedown of Emotet, has vaulted the TrickBot trojan to the top of the Check Point’s list of the most popular malware among cybercriminals for February. In January, TrickBot was ranked third on Check Point’s list, and it was fourth overall for 2020, while the No. 1 malware, ...

  • Ryuk ransomware hits 700 Spanish government labor agency offices

    March 10, 2021

    The systems of SEPE, the Spanish government agency for labor, were taken down following a ransomware attack that hit more than 700 agency offices across Spain. “Currently, work is being done with the objective of restoring priority services as soon as possible, among which is the portal of the State Public Employment Service and then gradually ...

  • GandCrab ransomware affiliate arrested for phishing attacks

    March 9, 2021

    A suspected GandCrab Ransomware member was arrested in South Korea for using phishing emails to infect victims. The GandCrab ransomware operation started in January 2018 when it quickly became a malware empire threatening businesses worldwide. Operated as a Ransomware-as-a-Service (RaaS), the GandCrab developers teamed up with affiliates in a revenue share partnership, with affiliates earning between 70-80% ...

  • Cracking of encrypted messaging service dealt major blow to organised crime

    March 9, 2021

    The cracking of a previously-unbreakable encrypted messaging service popular with criminals involved in drug trafficking and organised crime delivered a major victory for the justice system on Tuesday. The cracking of the expensive messaging app, called “Sky ECC,” was what allowed over 1,500 police officers across Belgium to be simultaneously deployed in at least 200 raids, ...

  • Fake Google reCAPTCHA Phishing Attack Swipes Office 365 Passwords

    March 8, 2021

    Microsoft users are being targeted with thousands of phishing emails, in an ongoing attack aiming to steal their Office 365 credentials. The attackers add an air of legitimacy to the campaign by leveraging a fake Google reCAPTCHA system and top-level domain landing pages that include the logos of victims’ companies. According to researchers, at least 2,500 ...

  • European Banking Authority discloses Exchange server hack

    March 8, 2021

    The European Banking Authority (EBA) took down all email systems after their Microsoft Exchange Servers were hacked as part of the ongoing attacks targeting organizations worldwide. EBA is part of the European System of Financial Supervision and it oversees the integrity orderly functioning of the EU banking sector. “The Agency has swiftly launched a full investigation, in ...

  • Airlines warn passengers of data breach after aviation tech supplier is hit by cyberattack

    March 8, 2021

    Global aviation industry IT supplier SITA has confirmed it has fallen victim to a cyberattack, with hackers gaining access to personal information of airline passengers. The information technology and communications company, which claims to serve around 90% of the world’s airlines, said that a cyberattack on February 24, 2021 led to “data security incident” involving passenger ...

  • Unpatched QNAP devices are being hacked to mine cryptocurrency

    March 8, 2021

    Unpatched network-attached storage (NAS) devices are targeted in ongoing attacks where the attackers try to take them over and install cryptominer malware to mine for cryptocurrency. The threat actors exploit two pre-auth remote command execution (RCE) vulnerabilities in the Helpdesk app patched by QNAP in October 2020. Cryptomining malware discovered on NAS devices compromised during this campaign ...

  • D-Link, IoT Devices Under Attack By Tor-Based Gafgyt Variant

    March 5, 2021

    Researchers have discovered what they say is the first variant of the Gafgyt botnet family to cloak its activity using the Tor network. Gafgyt, a botnet that was uncovered in 2014, has become infamous for launching large-scale distributed denial-of-service (DDoS) attacks. Researchers first discovered activity from the newest variant, which they call Gafgyt_tor, on Feb. 15. In ...

  • Accellion zero-day claims a new victim in cybersecurity company Qualys

    March 4, 2021

    Qualys has revealed that a “limited” number of customers may have been impacted by a data breach connected to an Accellion zero-day vulnerability. The cloud security and compliance firm said on Wednesday that the security incident did not have any “operational impact,” but “unauthorized access” had been obtained to an Accellion FTA server used by the ...