X-Industry

The FBI and the Cybersecurity and Infrastructure Security Agency are warning of continued cyber threats stemming from Russia's Foreign Intelligence Service, or SVR, which the Biden administration accused of carrying out the SolarWinds supply chain attack.

In a joint alert issued 26 April 2021, the agencies warn that despite economic and other sanctions against Russia announced by the White House on 15 April 2021, attackers associated with the SVR likely will continue to target government network

Are large organizations better when it comes to cyber security? There are areas in which small and midsize businesses achieve stronger outcomes.  Cisco recently released the 2021 Security Outcomes Study - Small and Midsize Business (SMB) Edition, which revealed a number of somewhat surprising findings about SMBs and how they compare to their larger counterparts.

The entire report can be viewed at:  2021 Security Outcomes Study for Small to Midsize Businesses (SMBs) (cisco.com)

The report found t

The US Justice Department (DOJ) is creating a task force to tackle the growing threat of ransomware and related extortion schemes targeting school districts, hospitals and others, according to an internal department memo that began circulating the third week of April 2021.

The newly established Ransomware and Digital Extortion Task Force (RDE-TF) will include DOJ officials as well as representatives from the FBI and the Executive Office for US Attorneys.  The task force will target the "ransomwa

Activity Summary - Week Ending 30 April 2021:

• Beware of emails and trophies from Crystal Time
• Red Sky Alliance identified 40,298 connections from new unique IP addresses connected to Sinkholes
• Analysts identified 1,209 new IP addresses participating in various Botnets
• New FormBook Variant Delivered in Phishing Campaign
• SMS Flubot campaign in Italy
• Dear John: Farm Equipment
• US Agriculture Sector
• SickCodes
• Taylors Wines – Hit
• Kawasaki Heavy Equipment – Hit
• Protesting the MoMA, huh?

Link to full

As more web merchants accept cryptocurrencies, the possibilities for theft and fraud will increase.  There will no protections that consumers and businesses have enjoyed that are standard for purchases via credit card.  Hackers with apparent ties to North Korea that hit e-commerce shops in 2019 and 2020 to steal payment card data also tested functionality for stealing cryptocurrency, according to the cybersecurity firm Group-IB.  Group-IB's new report builds on findings published in July 2020 by

China, Russia, North Korea, and Iran continue to pose significant cybersecurity threats to the US, because each is capable of launching disruptive attacks, according to a report published 13 April 2021 by the Office of the Director of National Intelligence.

Threats include disinformation campaigns that target elections and try to undermine democratic institutions as well as aggressive hacking campaigns, such as the SolarWinds supply chain attack, according to the report. In many cases, criminal

TechRadar is reporting that the personal data of about 500 million LinkedIn users is being sold on a popular hacking forum.  Cyber security analysts discovered this evidence, which includes LinkedIn IDs, full names, email addresses, phone numbers, genders, links to LinkedIn profiles, links to other social media profiles, and professional titles, and other work-related data.  On a good note, no associated passwords or payment data appear to have been affected.

LinkedIn boasts of nearly 740 millio

Costco Wholesale Corporation is warning American internet users to be wary of more than a dozen digital scams targeting its customer base.   On its website,  HERE the American multinational corporation has published screenshots of 14 "prominent fraudulent emails, texts, and posts" in which cyber-criminals are impersonating Costco  The majority of the traps use financial benefits to lure victims, promising free products, financial reimbursements, exclusive offers, cash-back rewards, and gift card

Following the recent sanctions announced by the U.S. Department of the Treasury, Russian cyber-security firm Positive Technologies says the accusations are groundless.  The sanctions were announced against six Russian companies and 32 individuals and entities who the U.S. believes help Russian intelligence to conduct cyberespionage and election interference activities. The Biden administration also expelled 10 Russian diplomats.

Positive Technologies,  ptsecurity.com/ww-en/  - one of the sanctio

The new cooperation agreement between Russia and Iran on cybersecurity and information technology is likely to create new hurdles for the United States and its allies in the Middle East. In January 2021, Russian Foreign Minister Sergey Lavrov and his Iranian counterpart Javad Zarif signed a cooperation agreement on cybersecurity and information and communications technology (ICT).

The agreement includes cybersecurity cooperation, technology transfer, combined training, and coordination at multil

US insurance leader Geico says hackers stole driver's license numbers from its website after they supplied personal information that they had acquired elsewhere.   The driver's license numbers are believed to have been used "to fraudulently apply for unemployment benefits," Geico reported.  Unemployment fraud has skyrocketed since Covid.

The US Labor Department's Office of the Inspector General estimated that between April and September 2020, as much as 10% of the $360 billion spent as part of t

Activity Summary - Week Ending 23 April 2021:

• Analysts identified 2,512 new IP addresses participating in various Botnets
• Red Sky Alliance identified 51,165 connections from new unique IP Addresses
• 33 new unique email accounts Compromised with Keyloggers were Observed
• Rocke Group Leverages SSH Keys
• To Whitelist, or Not to Whitelist - Packity Networks
• Cars Driving Themselves
• The UN and Cars
• Digital Twin
• Miami FL Auto Dealer Hit
• GND gaining Speed in Governments

Link to full report: IR-21-113-001

The US government is working to draw attention to supply chain vulnerabilities, an issue that received particular attention late last year after suspected Russian hackers gained access to federal agencies and private corporations by sneaking malicious code into widely used software. 

The US National Counterintelligence and Security Center (NCSC) recently warned that foreign hackers are increasingly targeting vendors and suppliers that work with the government to compromise their products in an e

Popular TCP/IP stacks are affected by a series of Domain Name System (DNS) vulnerabilities that could be exploited to take control of impacted devices, researchers with IoT security firm Forescout recently reported.  Collectively called NAME:WRECK and identified in the DNS implementations of FreeBSD, Nucleus NET, IPnet, and NetX, the flaws could also be abused to perform denial of service (DoS) attacks, to execute code remotely, or take devices offline.

Devices ranging from smartphones, aircraft

For the second time in two years, the contents of the darknet payment card marketplace Swarmshop have been removed and posted to a competing underground forum, Group-IB reports. The content includes data on more than 600,000 payment cards as well as administrator, seller and buyer information.

While underground hacker forums get hacked from time to time, cardshop breaches do not happen very often. In addition to buyers' and sellers' data, such breaches expose massive amounts of compromised payme

While ransomware and leaky or completely unprotected databases dominated headlines, e-skimmers quietly made a killing. A major e-skimming compromise was discovered on Macy's in which hackers captured the payment information of a number of online shoppers. The retailer was not alone. American Outdoor Brands, Puma, Ticketmaster UK, British Airways, Vision Direct, Newegg, and many, many others were also infected by e-skimmers.

The best way to avoid getting skinned by e-skimming is standard issue. E

Recently, one Discord network search turned up 20,000 virus results, researchers found.  Workflow and collaboration tools like Slack and Discord have been infiltrated by threat actors, who are abusing their legitimate functions to evade security and deliver info-stealers, remote-access trojans (RATs) and other malware.

The pandemic-induced shift to remote work drove business processes onto these collaboration platforms in 2020, and predictably, 2021 has ushered in a new level cybercriminal exper

Ten variants of the Joker Android Trojan managed to slip into the Huawei AppGallery app store and were downloaded by more than 538,000 users, according to new data from Russian anti-malware vendor Doctor Web.  Also known as Bread, the Joker Trojan was first observed in 2017 when it was originally focused on SMS fraud.  Joker is a malware Trojan that targets Android users. It was packaged in at least two dozen applications that were downloaded from Google Play store over 400,000 times. The main p

Ransomware has been one of the hottest topics in cybersecurity during the last year. Some researchers are labeling it the "perfect storm."  A storm made more severe by the pandemic, with so many employees working remotely, exacerbating the risk of ransomware. However, there are other contributing factors to the rise in ransomware the world witnessed in 2020.

The Royal United Services Institute for Defense and Security Studies (RUSI), a British defense and security think tank, has released a repo

Purple Fox is the name of a malware downloader, a malicious program that proliferates other programs of this type.  This malware is used to infect systems with cryptocurrency mining programs.  Purple Fox can cause serious damage and must be uninstalled immediately.  An example of malware that could be installed through Purple Fox is ransomware.  These programs encrypt files and prevent victims from accessing them unless ransoms are paid or confidential information is disclosed and offered for sa