New ‘Enemybot’ DDoS Botnet Targets Routers, Web Servers
Dubbed Enemybot, the botnet appears to be the work of Keksec, an established cybercrime group that specializes in DDoS attacks and cryptocurrency mining. The malware was built using the source code of the Gafgyt (Bashlite) botnet – which leaked in 2015 – with some modules borrowed from the infamous Mirai botnet, including the scanner module…
Russia-Linked Pipedream/Incontroller ICS Malware Designed to Target Energy Facilities
The malware, described as a modular ICS attack framework and a collection of custom-made tools, can be used by threat actors to target ICS and SCADA devices, including programmable logic controllers (PLCs) from Schneider Electric and Omron, and OPC UA servers. Advisories and blog posts describing the toolset have been released by industrial cybersecurity firm…
Wind Turbine Giant Nordex Scrambling to Recover From Cyberattack
The incident was publicly disclosed in early April, when the company announced that it shut down “IT systems across multiple locations and business units” to contain the issue. The company also said that the cyberattack was detected in its early stages, and that it immediately set up an incident response team to investigate and address…
Shopping with Fraud Protection and Adaptive Artificial Intelligence
With the worldwide pandemic, consumer behavior has shifted significantly. There has been substantially less travel — employees haven’t been driving to the office, flying on planes, or taking cruises. Many have gone out less, stopped going to movies, and don’t hang out on Friday night after work. This has caused a major disruption in the…
‘Octo’ Android Trojan Allows Cybercrooks to Conduct On-Device Fraud
Dubbed Octo, the botnet was first mentioned on dark web forums in January 2022, but an analysis of its code revealed a close connection with ExobotCompact, which is believed to be the successor of the Exobot Android trojan, which in turn was based on the source code of the Marcher trojan. Exobot was used in…
FIN7 Morphs into a Broader, More Dangerous Cybercrime Group
New research shows the notorious cybercrime group FIN7 to be behind numerous clusters of previously unattributed threat activity spanning several years and targeting organizations in multiple regions and industries. The study by Mandiant shows that the threat actor has shifted from mostly targeting the retail and hospitality sectors to aiming at organizations across a considerably…
What We Can Learn From Lapsus$ Techniques
The Lapsus$ cybercriminal collective has been making headlines in recent weeks. After several high-profile attacks, the security community is turning its gaze toward this new threat actor and its techniques. The Okta incident also reveals some details of their techniques. Microsoft has now published an in-depth blog post detailing the activities it has observed associated…
Hive ransomware impacts California non-profit health organisation
Ransomware authors are once again targeting health services, holding important files to ransom and impacting potentially vital services. On this occasion, the victims are a non-profit organisation assisting people with their healthcare needs in California. When Hive ransomware strikes The victim, Partnership HealthPlan of California, has apparently been struggling since at least March 24 with…
Ransomware Payments, Demands Rose Dramatically in 2021
Ransomware attackers demanded dramatically higher ransom fees last year, and the average ransom payment rose by 78% to 541,010, according to data from incident response (IR) cases investigated by Palo Alto Networks Unit 42. IR cases by Unit 42 also saw a whopping 144% increase in ransom demands, to $2.2 million. According to the report,…
A Sheep in Wolf’s Clothing: Technology Alone is a Security Facade
After over 20 years in cybersecurity, I firmly believe that technology alone has not, and will not, win the war on cyberattacks. The idea of a purely technical solution providing lasting protection is flawed from the outset. The claims of security vendors that only bring technology to the cyber fight is the equivalent of a…
