Get Permission
Researchers with Microsoft and FireEye are disclosing additional malware used by the hacking group that targeted SolarWinds in December 2020, according to a pair of reports released Thursday.
The newly discovered malware appears to be second-stage payloads deployed by the hacking group after victimized organizations downloaded a Trojanized software update to SolarWind s Orion network monitoring platform, which contained a backdoor dubbed Sunburst, the reports note. While about 18,000 of the company s customers downloaded the compromised software update, the attackers only deployed additional malware against certain organizations.
Both Microsoft and FireEye found these newly discovered second-stage malware variants were likely deployed in the later stages of the supply chain attack, most likely around August or September 2020. The attackers appear to have first compromised the SolarWinds network in September 2019 and then inserted the Sunburst backdoor in the soft
Fraudsters and hackers are preying on COVID-19 vaccine shortage anxiety with escalating scams and attacks, reports say.
As patients across the U.S. compete to book appointments online for COVID-19 vaccines, cybercriminals are tapping into the anxiety by escalating attacks and scams.
Reports issued this week by security vendors Imperva, Barracuda Networks and Kaspersky spotlight some of the latest threats and schemes. Those include: botnet attacks, which potentially are contributing to vaccine appointment website crashes; a rise in phishing scams promising access to vaccines; and dubious vaccines being offered for sale on the darknet.
Government agencies, including the Federal Trade Commission, also have been warning the American public about criminal scams looking to profit on COVID-19 angst.
Fresh affiliate programs helped ransomware-as-a-service operators achieve record profits in 2020. (Source: Group-IB)
Ransomware dominated the online-enabled crime landscape in 2020, some security experts say, thanks to the massive profits it s been generating and the relative ease of use for attackers - including support from a burgeoning cybercrime-as-a-service market.
Blockchain analysis firm Chainalysis this week reported that it s found just under $370 million in known 2020 ransomware profits - via ransoms that got paid - which represents a 336% increase over known 2019 earnings. The firm continues to update those estimates as it identifies previously unknown cryptocurrency wallets tied to gangs.
IBM Security X-Force, in its latest Threat Intelligence Index, says that of the incidents it investigated in 2020, 23% could be attributed to ransomware, up from 20% in 2019. The most-seen strains tied to attacks that it saw were Sodinokibi/REvil (in 22% of ransomware incidents), Nefi
Maza cybercrime forum members details breached (Source: Flashpoint)
Maza, a Russian carding and fraud discussion forum, has been breached, and hackers have leaked users email addresses and forum credentials, security firms report.
The breach occurred Wednesday evening, experts say, and led to many types of information being exposed: user IDs; usernames; email addresses; passwords in both hashed and obfuscated form; Yahoo, MSN and Skype credentials; and other data that could help identify individuals.
A 35-page PDF file leaked on the dark web, with 3,000 rows of data, includes alleged user information, experts say. Exposed data includes ICQ numbers, which could be used to connect multiple accounts to the same user across many forums and different nicknames over time, threat intelligence firm Flashpoint reports.
Get Permission
Hackers have targeted units of local government in the U.S. by attempting to exploit unpatched vulnerabilities in Microsoft Exchange email servers, according to a new report by the security firm FireEye.
While Microsoft has said that a Chinese-linked hacking group that has been exploiting the vulnerabilities in Exchange is known to target infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks and nongovernment organizations, FireEye analysts note that other groups appear to have set their sights on local government networks. Based on our telemetry, we have identified an array of affected victims, including U.S.-based retailers, local governments, a university and an engineering firm. Related activity may also include a Southeast Asian government and Central Asian telecom, according to the FireEye report.