Nations Reveal Ransomware Pain at US-Led Summit
The United States has convened some 30 countries — with the notable exception of Russia — to boost cooperation in fighting the costly and disruptive attacks that have boomed around the world. As if on cue, Yigal Unna, director of Israel’s National Cyber Directorate, broke news of the latest incident. “I can disclose now that…
Hackers Claim to Have Stolen 60 GB of Data From Acer
In a post on a publicly accessible hacker forum, a group calling itself “Desorden” claimed to have stolen databases and other files from breached Acer India servers. The hackers shared a link to a sample of the stolen data and they promised to leak more once they have analyzed it. They also published a video…
Extortionist Hacker Group SnapMC Breaches Networks in Under 30 Minutes
Dubbed SnapMC, the hacking group attempts to exploit multiple vulnerabilities in webserver and VPN applications for initial access and typically compromises victim networks in under 30 minutes. The group then exfiltrates victim data to leverage it for extortion, but doesn’t use ransomware or other means of disrupting the victim’s operations. SnapMC threatens to publish the…
Lots and Lots of Bots: Looking at Botnet Activity in 2021
Botnets continue to be a major problem for cybersecurity teams. With the growth in sophisticated threats, botnets are becoming more malicious, sometimes able to create hundreds of thousands of drones that can attack a variety of machines, including Mac systems, Linux, Windows systems, edge devices, IoT devices, and so on. Examining threat trends around botnet…
Iran-linked MalKamak Hackers Targeting Aerospace, Telcos With ShellClient RAT
Researchers have discovered a previously unknown advanced threat actor, probably of Iranian origin, using a previously undocumented RAT targeting largely aerospace and telecommunications organizations. They have named the group MalKamak, and the campaign Operation GhostShell. Cybereason first detected the threat actor engaged in cyber espionage with the unknown remote access trojan – which it called…
Aggressive Ransomware Group FIN12 Moves Fast, Targets Big Companies
The threat group, tracked until now by Mandiant as UNC1878, has been around since at least October 2018. The UNC classification is assigned to “uncategorized” entities before the cybersecurity firm can determine with certainty if it’s a financially-motivated group (FIN) or a state-sponsored advanced persistent threat actor (APT). The threat group, tracked until now by…
Telecoms Giant Syniverse Discloses Years-Long Data Breach
Syniverse says it has roughly 1,250 customers across 200 countries, including a vast majority of the world’s mobile carriers, such as AT&T, Verizon, T-Mobile, Vodafone, China Mobile, Airtel, Telefónica, and América Móvil. The company’s services are used to connect the networks of different mobile carriers and enable the transmission of data. Syniverse says it enables…
COVID-19’s Healthcare Feeding Frenzy for Cybercriminals
The vast increase in staff from all industries working from home, outside of their corporate network defenses and often on poorly protected home computers, has been a treasure trove for hackers. Two common attack methodologies have been phishing (where the pandemic has provided the opportunity to add two of the most compelling social engineering triggers:…
Enterprises Warned About Zix-Themed Credential Phishing Attacks
Zix provides cybersecurity, compliance and productivity solutions to 21,000 organizations, and cybercriminals have been leveraging the company’s reputation in a phishing campaign aimed at enterprises. Email security company Armorblox said on Tuesday that it has observed an attack on customer environments across Microsoft Exchange, Office 365 and Google Workspace. “Although the potential account exposure of…
Port of Houston Target of Suspected Nation-State Hack
The Port of Houston, a critical piece of infrastructure along the Gulf Coast, issued a statement Thursday saying it had successfully defended against an attempted hack in August and “no operational data or systems were impacted.” Cybersecurity and Infrastructure Security Agency Director Jen Easterly initially disclosed that the port was the target of an attack…
