Israeli Government Visits NSO Group Amid Spyware Claims

Jeremy Kirk • July 29, 2021

The Israeli government paid a visit on Wednesday to NSO Group, the company whose spyware is alleged to have been covertly installed on the mobile devices of journalists and activists. The visit comes as Israel faces growing pressure to see if NSO Group's spyware, called Pegasus, has been misused.

Business Continuity Management / Disaster Recovery

Is Cryptocurrency-Mining Malware Due for a Comeback?

Latest

Cyberwarfare / Nation-State Attacks

Chinese APT Groups Targeted Asian Telecoms

Dan Gunderman • August 3, 2021

Chinese APT groups compromised networks of telecom providers across Southeast Asia in an effort to harvest customers' sensitive communications, according to Cybereason. As in other Chinese cyberattacks, these APT campaigns exploited flaws in Microsoft Exchange servers.

Fraud Management & Cybercrime

Global Incident Response: The Rise of Integrity Attacks

Tom Field • August 3, 2021

Tom Kellermann calls it a new "Twilight Zone" - an era in which cybersecurity adversaries can unleash destructive attacks that manipulate time, data, audio and video. The cybersecurity strategist shares insights and analysis from his latest Global Incident Response Threat Report.

Endpoint Security

Security Flaws Affect Hospital Pneumatic Tube Systems

Marianne Kolbasuk McGee • August 3, 2021

Several critical security vulnerabilities in the firmware of control panels powering current models of pneumatic tube system stations made by Swisslog Healthcare could allow attackers to gain control of targeted hospitals' tube networks, says Ben Seri of the security firm Armis, which discovered the flaws.

Fraud Management & Cybercrime

BlackMatter Ransomware Appears to Be Spawn of DarkSide

Mathew J. Schwartz • August 2, 2021

The new BlackMatter ransomware operation claimed to have incorporated "the best features of DarkSide, REvil and LockBit." Now, a security expert who obtained a BlackMatter decryptor reports that code similarities suggest "that we are dealing with a Darkside rebrand here."

Governance & Risk Management

Patching Woes: Most Frequently Exploited CVEs Listed

Dan Gunderman • July 30, 2021

A joint cybersecurity advisory issued by several agencies this week highlighting the ongoing exploits of longstanding software vulnerabilities illustrates the woeful state of patch management, security experts say.

Business Continuity Management / Disaster Recovery

Ransomware Changes: DoppelPaymer Rebrands; Babuk Evolves

Mathew J. Schwartz • July 30, 2021

The ransomware landscape changes constantly as groups disappear, change approaches or rebrand. The DoppelPaymer operation, for example, appears to have reinvented itself as Grief, while the administrator of Babuk has launched a ransomware-friendly cybercrime forum called RAMP.

Cybercrime

Analysis: Keeping Track of Ransomware Gangs

Anna Delaney • July 30, 2021

The latest edition of the ISMG Security Report features an analysis of the disappearance of ransomware-as-a-service groups, such as REvil and Darkside, and how that impacts the wider cybercrime ecosystem. Also featured: ransomware recovery tips; regulating cyber surveillance tools.

Fraud Management & Cybercrime

9 Ransomware Enablers - And Tactics for Combating Them

Mathew J. Schwartz • July 29, 2021

Ransomware operations continue to thrive thanks to a vibrant cybercrime-as-a-service ecosystem designed to support all manner of online attacks. Given that attackers first need remote access to victims' systems, robust patch management and remote desktop protocol security remain obvious must-have defenses.

Cybercrime

BlackMatter Ransomware Claims to Be Best of REvil, DarkSide

Mathew J. Schwartz • July 28, 2021

A new ransomware group called BlackMatter has debuted, claiming to offer the best features of REvil and DarkSide - both apparently defunct - as well as LockBit. A new attack using REvil's code has also been spotted, but a security expert says it's likely the work of a former affiliate.

Cybercrime

Attackers Rely on 'Exotic' Languages for Malware Creation

Rashmi Ramesh • July 26, 2021

Malware developers increasingly are relying on "exotic" programming languages - such as Go, Rust, DLang and Nim - to create malicious code that can avoid detection by security tools and add a layer of obfuscation to an attack, according to a report released Monday by BlackBerry.

Cryptocurrency Fraud

Hackers Target Kubernetes Using Misconfigured Argo Workflows

Akshaya Asokan • July 26, 2021

A hacking campaign is targeting Kubernetes environments using misconfigured Argo Workflows to deploy cryptominers, a report by security firm Intezer finds.

Business Continuity Management / Disaster Recovery

Ransomware: Average Ransom Payment Drops to $137,000

Mathew J. Schwartz • July 26, 2021

Good news on the ransomware front: The average ransom paid by a victim dropped by 38% from Q1 to Q2, reaching $136,576, reports ransomware incident response firm Coveware. In addition, fewer victims are paying a ransom simply for a promise from attackers to delete stolen data.