Cybersecurity Weekly: Ransomware training, holiday package phishing attack, $10 million DarkSide bounty
Should companies subject employees to ransomware-specific security training? Tis the season for the wayward package phish. The U.S. puts a $10 million bounty on DarkSide ransomware hackers. All this, and more, in this week’s edition of Cybersecurity Weekly.
1. Should companies subject employees to ransomware-specific security training?
According to a recent report, only 31% of 1,500 employees and 36% of 1,500 business leaders said that their enterprises offer ransomware-focused security training. This lag could be attributed to organizations not having an adaptable and scalable cybersecurity education program that can cover new topics as they arise, which we know often happens in cyber.
2. Tis the season for the wayward package phish
The holiday shopping season always means big business for phishers, who tend to find increased success this time of year with a lure about a wayward package that needs redelivery. Here’s a look at a fairly elaborate SMS-based phishing scam that spoofs FedEx in a bid to extract personal and financial information from unwary recipients.
3. The U.S. puts a $10 million bounty on DarkSide ransomware hackers
The DarkSide ransomware gang spent a year or so as one of the most prolific groups in a very crowded field of criminal hackers. The U.S. State Department offered a reward of up to $10 million for anyone who has information that will help them identify or locate DarkSide leadership, as well as up to $5 million for tips that lead to the arrest or conviction of DarkSide affiliates.
4. Criminal group dismantled after forcing victims to be money mules
The Spanish police have arrested 45 people who are believed to be members of an online fraud group that operated twenty websites to defraud at least 200 people of 1,500,000 Euros, or $1.73 million. The simultaneous weekend raids took place in various provinces of Spain, and were the result of lengthy investigations that began in July 2019.
5. BlackBerry uncovers initial access broker linked to three distinct hacker groups
A previously undocumented initial access broker has been unmasked as providing entry points to three different threat actors for mounting intrusions that range from financially motivated ransomware attacks to phishing campaigns. BlackBerry's research and intelligence team dubbed the entity Zebra2104.
6. Two NPM packages with 22 million weekly downloads backdoored
In yet another instance of a supply chain attack targeting open-source software repositories, two popular NPM packages with cumulative weekly downloads of nearly 22 million were compromised with malicious code by gaining unauthorized access to the respective developer's accounts.
7. Electronics retail giant MediaMarkt hit by ransomware attack
MediaMarkt suffered a weekend ransomware attack that encrypted servers and workstations and led to the shutdown of IT systems to prevent the attack's spread. The attack affected numerous retail stores throughout Europe. While online sales continue to function as expected, cash registers cannot accept credit cards or print receipts at affected stores.
8. Experts detail malicious code using ManageEngine ADSelfService exploit
At least nine entities across the technology, defense, healthcare, energy, and education industries were compromised by leveraging a recently patched critical vulnerability in Zoho's ManageEngine ADSelfService Plus self-service password management and single sign-on solution.
9. SolarWinds vulnerability exploited in first stage of Clop ransomware attacks
A recent surge in Clop ransomware attacks led researchers to spot a common thread in the first stage of the attack: the exploitation of a known and patched vulnerability in SolarWinds Serv-U file server software. Researchers recently spotted the attack chain while conducting incident response cases of Clop ransomware victims.
10. White hat hackers earn over $1 Million at Pwn2Own Austin 2021
The Pwn2Own Austin 2021 hacking contest has ended, the participants earned a total of $1,081,250 for 61 zero-day exploits. The participants compromised NAS devices, mobile phones, printers, routers, and speakers from Canon, Cisco, HP, NETGEAR, Samsung, Sonos, TP-Link and Western Digital.
In this Series
- Cybersecurity Weekly: Ransomware training, holiday package phishing attack, $10 million DarkSide bounty
- Canada Flipper Zero ban and new RustDoor macOS malware
- AnyDesk hack and iPhone patched kernel flaw
- Tesla Pwn2Own hacks and iOS push alerts abuse
- TeamViewer breach and Atlassian Jira outage
- Moscow ISP revenge hack and Microsoft Sharepoint bug warning
- X verified accounts hack and SpectralBlur macOS malware
- CISA default password alert and SOHO KV-botnet campaign
- New 5G modem flaws and Apple’s data breach report
- Staples cyberattack, Agent Racoon backdoor and other news
- British Library ransomware attack, Windows fingerprint authentication bypass
- Samsung UK data breach and ransomware actor’s SEC complaint
- ICBC ransomware attack and ChatGPT outage
- Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
- Octo Tempest hacking group and new iLeakage attack
- Okta support system breach and Google Ads fake KeePass campaign
- Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
- 23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach
- Malicious Bing Chat ads and FBI’s dual ransomware warning
- T-Mobile app glitch and fake Booking.com pages
- Airbus data leak, Cisco Webex ad malware and €345 million TikTok fine
- New Apple iMessage exploit and CISA’s Apache RocketMQ warning
- Forever 21 data breach and Android BadBazaar espionage
- Duolingo data leak and the Met Police IT hack
- Discord.io data breach and Ivanti Avalanche vulnerabilities
- UK Electoral Commission hack and Microsoft’s role in China email breach
- Salesforce email zero-day exploit and Microsoft Power Platform criticism
- Airlines disclose pilot data breach and the Microsoft Teams bug
- GravityRAT Android Trojan and new MOVEit Transfer flaw
- University of Manchester hack and Honda API flaws
- MOVEit zero-day exploit and the U.S. iPhone hack accusation
- Daam Android virus and Barracuda zero-day flaw
- TP-Link router exploit and 18-year-old charged with hacking DraftKings accounts
- Discord support hack and Toyota location data leak
- Twitter private tweets bug and Cisco phone router vulnerabilities
- Cisco XSS zero-day flaw and PaperCut vulnerabilities
- 3CX hackers hit critical infrastructure and secondhand routers cause security concerns
- Hyundai data breach and Microsoft’s warning to accountants
- Western Digital cloud breach and the MSI ransomware hack
- TMX loan data breach, Italy bans ChatGPT and WordPress Elementor Pro exploit
- ChatGPT data leak and Gmail message theft by North Korean hackers
- U.S. federal agency hack and the return of FakeCalls Android malware
- Massive AT&T data breach and fake jobs targeting security researchers
- U.S. Marshals service breach and TPM 2.0 security flaws
- Dangerous ChatGPT apps and food giant Dole ransomware attack
- GoDaddy malware installations, record-breaking DDoS attack and the new WhiskerSpy malware
- Reddit’s employees phished, healthcare firms targeted and the new Screenshotter malware
- JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
- Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware
- PayPal accounts breached, Fortinet VPN flaw exploited, and the new Hook malware
- Twitter users’ emails leaked, ChatGPT used to write malware and Slack’s repository breach
We’ll customize our demo to your
- Security awareness goals
- Existing security and employee training tools
- Industry and compliance requirements
