A group of actors originating from North Korea that Microsoft Threat Intelligence Center (MSTIC) tracks as DEV-0530 has been developing and using ransomware in attacks since June 2021. This group, which calls itself H0lyGh0st, utilizes a ransomware payload with the same name for its campaigns and has successfully compromised small businesses in multiple countries as early as September 2021.
Link to full MS report: IR-22-201-001_H0lyGh0st.pdf
Cybersecurity researchers have detailed the various measures ransomware actors have taken to obscure their true identity online as well as the hosting location of their web server infrastructure. Most ransomware operators use hosting providers outside their country of origin (such as Sweden, Germany, and Singapore) to host their ransomware operations sites. The actors use VPS hop-points as a proxy to hide their true location when they connect to their ransomware web infrastructure for remote a
The US Department of Justice (DOJ) announced recently that a man has been arrested and charged for allegedly selling fraudulent and counterfeit Cisco products. The suspect is 38-year-old Onur Aksoy of Miami, owner of Pro Network, who is allegedly also known as Ron Aksoy and Dave Durden. According to authorities, he was the CEO of at least 19 companies collectively tracked as Pro Network Entities the organization that bought fake Cisco networking equipment from China and Hong Kong and sold it
The US Department of Commerce's National Institute of Standards and Technology (NIST) has selected four quantum-resistant cryptographic algorithms for general encryption and digital signatures. NIST, a US standards-setting body and research organization within the Department of Commerce, announced the four algorithms after a six-year period of assessing potential quantum-resistant (QR) alternatives to today's cryptographic algorithms for public key encryption, digital signatures, and key excha
Fisherman are fans of worms for bait as most fish like them, yet cybersecurity professionals know that worms are bad. Worms have proven to be the most devastating force known to the computing world. The MyDoom worm holds the dubious position of most costly computer malware, responsible for some $52 billion in damage. And winning second place is Sobig, another worm.
Some investigators call MyDoom a virus, others call it a worm. It is known as My Doom and the Doom Virus. MyDoom is a serious
Link to full report: IR-22-196-001_weekly196.
Is Lamb Chop a hacker? Vulnerability coordination and bug bounty platform HackerOne recently disclosed that a former employee at the firm improperly accessed security reports submitted to it for personal gain. "The person anonymously disclosed this vulnerability information outside the HackerOne platform with the goal of claiming additional bounties," a spokesman said. "In under 24 hours, we worked quickly to contain the incident by identifying the then-employee and cutting off access to data.
Accountants may remember this phrase, “Figures do not lie, but liars’ figure.” After questioning some data results, people later were informed that when, the answer given was, “This is what the computer results showed.” As business people, there is a new “Expert” on its way and arguing with it may be useless.
In June 2022, Microsoft released the Microsoft Responsible Ai Standard, v2.[1] Its stated purpose is to “define product development requirements for responsible Ai.” Perhaps surprisingl
In a new tactic in the ransomware business, the LockBit cybercrime group has launched a bug bounty program promising money to people willing to share sensitive data that can be exploited in ransomware attacks. A recent tweet posted by the vx-underground account, which publishes malware samples, says that through the new bounty program, LockBit will pay for personally-identifiable information on “high-profile individuals, web security exploits and more.”
In February 2019, a large container ship sailing for the Port of New York/New Jersey identified a cyber intrusion on board that startled the US Coast Guard. Though the malware attack never controlled the vessel’s movement, authorities concluded that weak defenses exposed critical functions to “significant vulnerabilities.”
A maritime disaster didn’t happen that day, but a warning flare rose over an emerging threat to global trade: cyber piracy able to penetrate on-board technology that’s replac
The cyber insurance market has matured in recent years, but it may fall short when it comes to certain major attacks, says a US government spending watchdog. The US Government Accountability Office (GAO) has called for a federal response to insurance for "catastrophic" cyberattacks on critical infrastructure. A functioning insurance market is essential for businesses, consumers, and, as GAO highlights, for critical infrastructure operators. The GAO, which audits the trillions of dollars the
Gartner’s top eight cybersecurity predictions warn organizations that they need to employ greater resilience to reduce the impact of more severe cyberattacks. Reducing the blast radius of larger, more potentially devastating attacks is key. Implied in the predictions is advice to focus not just on ransomware or any other currently trending type of cyberattack, but to prioritize cybersecurity investments as core to managing risks and see them as investments in the business. By 2025, 60% of or
Link to full report: IR-22-189-001_weekly189.pdf
A China-linked state-sponsored hacking group named Bronze Starlight was observed deploying various ransomware families to hide the true intent of its attacks. In attacks observed as early as mid-2021, the threat group started using the HUI Loader to drop ransomware such as AtomSilo, LockFile, Night Sky, Pandora, and Rook.
See: https://redskyalliance.org/xindustry/what-keeps-a-cfo-awake-at-night
The short lifespan of each ransomware family, victimology, and the access to tools employed by Chine
News broke on 5 July 2022 that the operators of AstraLocker Ransomware were shutting down in favor of pursuing a new cryptojacking campaign. The group shared decryptors with VirusTotal, and according to BleepingComputer the decryptors worked on test files that were recently encrypted by the ransomware. AstraLocker was born out of the Babuk ransomware family. In the Summer of 2021 Babuk ransomware group’s code was leaked and the similarities between the leaked code and AstraLocker’s code point
Raccoon Stealer, one of the most prolific data stealers in digital history is back and more effective than ever. The re-emergence of the malware, best known for stealing personal information like passwords, files, and biometric data was first spotted by French cybersecurity company Sekoia the last week of June 2022. According to the firm's analysis, the authors of Raccoon Stealer have rewritten the code from scratch and added screenshot capturing and keystroke logging to its list of capabilit
If you were one of the millions of people who watched Netflix's The Tinder Swindler, you may have shaken your head in wonder at how women could be allegedly hoodwinked out of millions of dollars. People fall for these scams for the same reasons that they fall prey to cold-call scam texts claiming that their loved one is in hospital and fees urgently need to be paid: When emotions are involved, rational thinking can go out of the window.
See: https://www.netflix.com/title/81254340
Simon Leviev,
The cyber division of the Federal Bureau of Investigation (FBI) has published a notification, warning US colleges and universities that education and learning qualifications have been marketed for sale on the Dark Web and on online legal marketplaces and sites. The warning targets universities, colleges, and higher education institutions that credentials have been advertised for sale on Dark Web criminal marketplaces. This exposure of sensitive credential and network access information, especia
As witnessed by the violent criminal activity seen during the US 4th of July weekend; criminals appear to flourish on holiday weekends. No difference with criminal hacking. Cyber threat professionals and law enforcement officers are constantly reminding the public and private sector organizations to always remain vigilant and take appropriate precautions to reduce their risk of cyberattacks. Often, malicious threat actors take advantage of holidays and weekends to disrupt the critical network
Link to full report: IR-22-182-001_weekly182.pdf
