Sophos researchers have discovered a malware campaign whose primary purpose appears to stray from the more common malware motives. Instead, say the researchers, it appears to steal passwords or to extort a computer's owner for ransom, blocking infected users' computers from being able to visit a large number of websites dedicated to software piracy by modifying the HOSTS file on the infected system.
Microsoft has warned that Nobelium is currently conducting a phishing campaign after the Russian-backed group managed to take control of the account used by USAID on the email marketing platform Constant Contact. The phishing campaign has targeted around 3,000 accounts linked to government agencies, think tanks, consultants, and non-governmental organizations.
The recent ransomware attack of the Colonial Pipeline has reinvigorated calls from legislators to strengthen the defenses of U.S. pipelines and the electric power grid. Over the last several years, a repeatable pattern is becoming apparent with each major cyber-attack. A critical cyberattack occurs that is followed by outrage that result in statements from government leaders with calls for action - all followed by proposed ideas on how to better mitigate the risk of cyberattacks in the future. Yet, it seems that time goes by and with the next major attack the cycle starts all over again. This time, government is taking a more rigorous approach to proposing solutions to end the vicious cycle.
Conti ransomware gang appears to be behind Ireland's Health Service Executive (HSE) ransomware attack, according to reports. HSE, a $25 billion public health system, shut down its IT systems to protect the service from further damage, switching to a paper-based system. Though life-saving equipment and COVID-19 vaccine programs were still operating, several healthcare practices across Ireland were forced to cancel low priority appointments.
Ransomware is nothing new. But the tactics, techniques and procedures (TTPs) leveraged by threat actors have reached new levels of sophistication over the last few years. And with that growth has come an increased difficulty in protecting networks against costly attacks such as the recent DarkSide one on the Colonial Pipeline.
Healthcare businesses are already reeling from massive losses during the pandemic, and cyberattacks could cause further long-term damage beyond the initial attack. Research at Morphisec indicates that almost 3-in-10 consumers say they would consider switching providers if their records were breached in a cyberattack. Considering that same report found that 1-in-5 Americans say a cyberattack has impacted their healthcare provider in the past year, it’s undoubtedly worrying news for the entire industry. With this in mind, here are three avenues hackers are likely to exploit as healthcare becomes a more attractive target and what providers’ need to do to protect their sensitive data and safeguard the lives of their patients.
After seven years of malicious activity, law enforcement have managed to seize the infrastructure of the notorious malware variant “Emotet,” and have scheduled a mass uninstallation event to occur on April 25. In their latest research, Digital Shadows discusses the significance of the shutdown, how the process unfolded, and what it means for the cybercriminal landscape.
Mandiant is currently tracking 12 malware families associated with the exploitation of Pulse Secure VPN devices. These families are related to the circumvention of authentication and backdoor access to these devices, but they are not necessarily related to each other and have been observed in separate investigations. It is likely that multiple actors are responsible for the creation and deployment of these various code families, says Mandiant.
Cybercriminals continue to exploit unpatched Microsoft Exchange servers. Cybersecurity researchers at Sophos report an unknown attacked has been attempting to leverage the ProxyLogon exploit to unload malicious Monero cryptominer onto Exchange servers, with the payload being hosted on a compromised Exchange server.
A new CISCO Talos Intelligence report explores how cybercriminals are increasingly abusing the communications platforms that many organizations use to facilitate employee communications. According to the report, communication platforms have allowed attackers to circumvent perimeter security controls and maximize infection capabilities. Over the past year, adversaries are increasingly relying on these platforms as part of the infection process.