Ifigeneia Lella, cybersecurity officer at ENISA describes findings from the agency's Threat Landscape 2021 report, which assesses the motives, capabilities, targeting and evolution of four different types of threat actors: state-sponsored, cybercrime actors, hacker-for-hire actors and hacktivists.
Since Emotet malware returned last month, it's been dropping the Cobalt Strike penetration-testing tool directly onto infected endpoints shortly after infection, researchers say. The move could be a bid to more rapidly identify high-value systems for targeting with ransomware, some experts warn.
A botnet operation called Glupteba has been disrupted by Google's Threat Analysis Group. The botnet targeted more than 1 million Microsoft Windows users in the U.S, India, Brazil and Southeast Asia. Also, Google has filed a lawsuit against two Russians alleged to be the botnet's operators.
A U.S. federal court in Virginia has paved the way for Microsoft to disrupt the activities of China-based hacking group Nickel. Microsoft will target websites that the threat actor uses to gather intelligence from government agencies, think tanks and human rights organizations.
It's no surprise that as some ransomware-wielding criminals have been hitting healthcare, pipelines and other sectors that provide critical services, governments have been recasting the risk posed by ransomware not just as a business threat but as an urgent national security concern.
Good news on the breach prevention and incident response front: More businesses are getting more mature practices in place, although as attackers continue to improve their efforts, so too must defenders, says incident response expert Rocco Grillo of consultancy Alvarez & Marsal.
The FBI warns that the "Cuba" ransomware-wielding attackers have extorted $43.9 million in ransom payments from victims after compromising at least 49 organizations across five critical infrastructure sectors - financial services, government, healthcare, manufacturing and IT - since early November.
The U.S. Transportation Security Administration has issued new security directives for higher-risk freight railroads, passenger rail, and rail transit that it says will strengthen cybersecurity across the transportation sector in response to growing threats to critical infrastructure.
Many ransomware-wielding attackers continue to rely on initial access brokers to easily gain deep access to victims' systems, allowing them to steal data and attempt to pressure victims into paying via data leak sites. Researchers say that the number of victims being listed on such sites has surged.
In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including how the FBI has seized bitcoins from an alleged REvil ransomware affiliate, how to mitigate risks from BIN attacks and the latest COVID-19 trends globally.
The latest edition of the ISMG Security Report features an analysis of best practices for negotiating a ransom payment. Also featured: Busting Zero Trust myths and the dangers of mythologizing defenders.
A new variant of the Aberebot banking Trojan has been discovered by Cyble's researchers. Christened Aberebot-2.0, the latest malware version not only uses more advanced spying capabilities, it also has increased its target list to 213 banking apps and nine crypto wallets in 22 countries.
A recently discovered botnet is infecting thousands of AT&T internet subscribers in the U.S., using a critical-severity blind command injection flaw first reported in 2017, according to new findings from China-based cybersecurity researchers.
Unidentified threat actors are using fake cryptocurrency-related websites to distribute the SpyAgent malware, which abuses legitimate remote access tools. They have targeted a legitimate Russian remote access tool called Safib Assistant, Trend Micro researchers note.
The FBI has seized 39.9 bitcoins worth $2.3 million from an alleged affiliate of the notorious REvil - aka Sodinokibi - ransomware group. A forfeiture notice filed by the government accuses Russian national Aleksandr Sikerin of having amassed the cryptocurrency via victims' ransom payments.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing cuinfosecurity.com, you agree to our use of cookies.
