News – April 2022

April 30, 2022

Targeted ransomware attacks continue to be one of the most critical cyber risks facing organizations of all sizes. The tactics used by ransomware attackers are continually evolving, but by identifying the most frequently employed tools, tactics, and procedures (TTPs) organizations can gain a deeper understanding into how ransomware groups infiltrate networks and use this knowledge ...

April 29, 2022

Security researchers have detailed six significant strains of data-wiping malware that have emerged in just the first quarter of 2022, a huge surge over previous years. This increase coincides with the invasion of Ukraine, and all of these wipers have been used against that state’s infrastructure and organizations. One of the wipers also took wind turbines ...

April 29, 2022

A sophisticated malware loader dubbed Bumblebee is being used by at least three cybercriminal groups that have links to ransomware gangs, according to cybersecurity researchers. Gangs using Bumblebee have in the past used the BazarLoader and IcedID loaders – linked to high-profile ransomware groups Conti and Diavol. The emergence of Bumblebee coincides with the swift disappearance ...

April 29, 2022

As cybercriminals become more sophisticated and their attacks more destructive and costly, private security firms and law enforcement need to work together, according to Interpol’s Doug Witschi. It’s tough to argue with either of these two statements. But considering the constant barrage of ransomware-attack headlines, as well as politicians’ calls for more public-private threat intelligence sharing, ...

April 28, 2022

CISA and the Federal Bureau of Investigation (FBI) have updated joint Cybersecurity Advisory AA22-057A: Destructive Malware Targeting Organizations in Ukraine, originally released February 26, 2022. The advisory has been updated to include additional indicators of compromise for WhisperGate and technical details for HermeticWiper, IsaacWiper, HermeticWizard, and CaddyWiper destructive malware. CISA and the FBI encourage organizations to ...

April 28, 2022

Months on from a critical zero-day vulnerability being disclosed in the widely-used Java logging library Apache Log4j, a significant number of applications and servers are still vulnerable to cyberattacks because security patches haven’t been applied. First detailed in December, the vulnerability (CVE-2021-44228) allows attackers to remotely execute code and gain access to systems that use Log4j. Not ...

April 28, 2022

Since early 2021, Mandiant has been tracking extensive APT29 phishing campaigns targeting diplomatic organizations in Europe, the Americas, and Asia. This blog post discusses our recent observations related to the identification of two new malware families in 2022, BEATDROP and BOOMMIC, as well as APT29’s efforts to evade detection through retooling and abuse of Atlassian’s ...

April 27, 2022

Trend Micro researchers recently discovered a new advanced persistent threat (APT) group that they have dubbed Earth Berberoka (aka GamblingPuppet). Based on their analysis, this group targets gambling websites. Trend Micro’s investigation has also uncovered that Earth Berberoka targets the Windows, Linux, and macOS platforms, and uses malware families that have been historically attributed to ...

April 27, 2022

For five years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. These summaries are based on our threat intelligence research; and they provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. They are ...

April 27, 2022

CISA, the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), the Australian Cyber Security Centre (ACSC), the Canadian Centre for Cyber Security (CCCS), the New Zealand National Cyber Security Centre (NZ NCSC), and the United Kingdom’s National Cyber Security Centre (NCSC-UK) have released a joint Cybersecurity Advisory that provides details on the top ...

April 25, 2022

he DDoS landscape in Q1 2022 was shaped by the ongoing conflict between Russia and Ukraine: a significant part of all DDoS-related news concerned these countries. In mid-January, the website of Kyiv Mayor Vitali Klitschko was hit by a DDoS attack, and the websites of a number of Ukrainian ministries were defaced. In mid-February, DDoS ...

April 25, 2022

The US Department of Homeland Security (DHS)’s first bug bounty with external researchers called “Hack DHS” helped discover 122 vulnerabilities. DHS announced the Hack DHS bounty in December and in phase one of the program invited more than 450 “vetted security researchers” to get involved. DHS suggests the program produced solid results: 27 or about 22% ...

April 25, 2022

The Met Police will root out rogue officers with ‘sophisticated’ new technology that can monitor officers’ emails and work phones for ‘alarming’ words in a bid to stamp out its culture of sexism and racism. The software will also track their movements while in a police station and even monitor tasks like photocopying – as replicating ...

April 24, 2022

The NCI Agency announced earlier this year that experts had successfully collaborated with industry partners to upgrade the central management of two cyber security systems: the Network Intrusion Protection/Detection System (NIPS) and Full Packet Capture (FPC) system. This contract award begins the next and final phase of the project, where Atos will replace NIPS and ...

April 22, 2022

The US Department of Energy (DOE) has announced that it will provide $12 million in funding to six university teams to develop defense and mitigation tools to protect US energy delivery systems from cyberattacks. Cybersecurity tools developed as a result of the six university-led research, development, and demonstration (RD&D) projects will focus on detecting, blocking, and ...