Ransomware payments may have greater implications than you thought – and not just for the company that gave in to the attackers’ demands Firstly, the answer to the question is likely to be ‘yes’. The debate on ransomware payments continues, which, of course, is positive; with discussion and differing viewpoints put forward, an informed conclusion
admin
A Nigerian threat actor has been observed attempting to recruit employees by offering them to pay $1 million in bitcoins to deploy Black Kingdom ransomware on companies’ networks as part of an insider threat scheme. “The sender tells the employee that if they’re able to deploy ransomware on a company computer or Windows server, then
by Paul Ducklin [02’45”] Copyright infringement scams that beg you to call. [09’32”] An IoT bug that could be exploited for video snooping and more. [17’13”] A hacker steals $600m and then makes a song and dance out of giving it back. [26’18”] Oh! No! How Doug’s PS5 issues could have been solved back in
The US Census Bureau has been heavily criticized by a government inspector after a 2020 breach which could have been prevented by prompt patching. Although the attacker was not able to access servers used for the 2020 census, they could modify user account data to prepare for remote code execution, according to the US Office of Inspector General (OIG) report. Fortunately,
Fraudsters impersonate vaccine manufacturers and authorities overseeing vaccine distribution efforts, INTERPOL warns INTERPOL has issued a global warning about organized crime groups targeting governments with bogus offers peddling COVID-19 vaccines. The warning was issued to all of INTERPOL’s 194 member countries after the international law enforcement agency registered roughly 60 cases from 40 countries. The scammers focused
Cybersecurity researchers have disclosed details about an early development version of a nascent ransomware strain called Diavol that has been linked to threat actors behind the infamous TrickBot syndicate. The latest findings from IBM X-Force show that the ransomware sample shares similarities to other malware that has been attributed to the cybercrime gang, thus establishing
The average cost of phishing for large US organizations has soared by 289% over the past six years, with firms now losing nearly $15m annually, according to Proofpoint. The security vendor commissioned the Ponemon Institute to poll nearly 600 IT and IT security practitioners to compile its latest Cost of Phishing study. It revealed that
Smart speakers. Banking online. Location tracking. If you are a senior adult, there’s no doubt, the digital leaps and bounds you’re asked to consider each day can be daunting. If you are the child of a senior adult trying to make digital life more accessible, helping your parent consistently stay safe online can also be a challenge. According to the most
The secret list was exposed online for three weeks, allowing anyone to access it without any kind of authentication A terrorist watchlist containing almost 2 million records sat exposed and unsecured on the internet for a period of three weeks between July 19th and August 9th. The watchlist is said to come from the Terrorist
IT and communication companies in Israel were at the center of a supply chain attack campaign spearheaded by an Iranian threat actor that involved impersonating the firms and their HR personnel to target victims with fake job offers in an attempt to penetrate their computers and gain access to the company’s clients. The attacks, which
by Paul Ducklin Researchers at security company Mandiant have written up a report about a device-hijack bug in a video sharing and surveillance network called Kalay. Operated by Chinese smart device company ThroughTek, Kalay (which apparently means “handshake” in the Dawu language) is pitched as a cloud-based solution for vendors of home automation devices, including
As the new school year gets underway, many students will be returning to the classroom in-person, while others will opt to continue hybrid or remote learning indefinitely. Unfortunately, for families choosing the latter, remote learning could come at the expense of their online privacy. According to the RAND Corporation’s 2020 research report, one in five U.S. school
The Incident Response (IR) services market is in accelerated growth due to the rise in cyberattacks that result in breaches. More and more organizations, across all sizes and verticals, choose to outsource IR to 3rd party service providers over handling security incidents in-house. Cynet is now launching a first-of-its-kind offering, enabling any Managed Security Provider
The UK’s Ministry of Defence (MoD) is calling on startups to help the military reduce its cyber-attack surface by designing a new generation of more secure hardware and software. The MoD’s Defence and Security Accelerator (DASA) issued the call-to-arms on Monday, claiming it is prepared to fund proposals up to £300,000 for a nine-month contract. “The Defence Science and
by Paul Ducklin Copyright scams aren’t new – we’ve written about them many times in recent years. These scammers often target your Facebook or Instagram account, fraudulently claiming that someone has registered a complaint about content that you’ve posted, such as a photo, and telling you that you need to resolve the issue in order
For some, vanquishing aliens, building virtual amusement parks, and online battles royale are an excellent stress reliever. As we all know, over the past year there’s been plenty of stress to relieve and more spare time on our hands in which to revel in our hobbies. There was a 30% jump in online gaming traffic from the first to the second quarter of 2020. Hackers are
Over the past few years, food delivery apps have made it easy for people to get their favorite cuisines brought to their doorsteps. In 2020, consumers grew more accustomed to the convenience of ordering take-out when dining in at restaurants was no longer an option. But as we look ahead into 2022, this trend is here to stay. According to a new report by ResearchAndMarkets, the global online
A novel technique leverages optical emanations from a device’s power indicator LED to recover sounds from connected peripherals and spy on electronic conversations from a distance of as much as 35 meters. Dubbed the “Glowworm attack,” the findings were published by a group of academics from the Ben-Gurion University of the Negev earlier this week,
A new wave of attacks involving a notorious macOS adware family has evolved to leverage around 150 unique samples in the wild in 2021 alone, some of which have slipped past Apple’s on-device malware scanner and even signed by its own notarization service, highlighting the malicious software ongoing attempts to adapt and evade detection. “AdLoad,”
Nearly half (48%) of US hospitals have disconnected their networks in the past six months due to ransomware, according to a new study from Philips and CyberMDX. The Perspectives in Healthcare Security Report is based on interviews with 130 IT and cybersecurity hospital executives and biomedical engineers and technicians. The findings revealed the outsized impact ransomware continues to have on
Texts purporting to be from parcel and delivery companies are the most prevalent form of ‘smishing’ scams, according to new data provided to UK Finance by cybersecurity firm Proofpoint. The data showed that over two-thirds (67.4%) of all UK texts reported as spam to the NCSC’s 7726 text messaging system, operated by Proofpoint, during the 30
The second in our series on IIS threats dissects a malicious IIS extension that employs nifty tricks in an attempt to secure long-term espionage on the compromised servers ESET researchers have discovered and analyzed a previously undocumented backdoor, implemented as an extension for Internet Information Services (IIS), Microsoft’s web server software. The backdoor, which we
American tech-driven beauty brand IL MAKIAGE has acquired Israeli deep-tech AI-based computational imaging startup Voyage81 for $40m. IL MAKIAGE, which is based in New York City’s Soho area, was relaunched in 2018 by brother and sister duo Oran Holtzman and Shiran Holtzman-Erel. Two years later, the company became the fastest-growing online beauty brand in the United States. Voyage81
We’ve all been there. It’s the middle of the night and you wake up to a sad and sniffly kiddo shuffling into your room. Yup, looks like someone has a temperature. You phone the on-call doctor to make sure it’s nothing serious and then set an alarm so you can make an appointment when the
A new paper explains how ransomware has become one of the top cyberthreats of the day and how your organization can avoid becoming the next victim The infosec community has long been warning that ransomware has the potential to grow into the number one cyberthreat for business. However, since ransom demands were low and malware
Microsoft has disclosed details of an evasive year-long social engineering campaign wherein the operators kept changing their obfuscation and encryption mechanisms every 37 days on average, including relying on Morse code, in an attempt to cover their tracks and surreptitiously harvest user credentials. The phishing attacks take the form of invoice-themed lures mimicking financial-related business
Over one-third of organizations worldwide have experienced a ransomware attack or breach that blocked access to systems or data in the previous 12 months, according to new research. In a survey conducted by the International Data Corporation (IDC), it was found that many organizations that fell victim to ransomware experienced multiple ransomware events. In the
by Paul Ducklin [02’31”] Home and small business routers under attack. [16’22”] A hacking tool favoured by crooks gets hacked. [23’56”] The Navajo Nation’s selfless cryptographic contribution to America. [29’43”] A cybercrook gets aggrieved at being ripped off by cybercrooks. [38’33”] Oh! No! The steaming CEO with the flashing phone. With Doug Aamoth and Paul
Co-written by Catherine Huang, Ph.D. and Abhishek Karnik Artificial Intelligence (AI) continues to evolve and has made huge progress over the last decade. AI shapes our daily lives. Deep learning is a subset of techniques in AI that extract patterns from data using neural networks. Deep learning has been applied to image segmentation, protein structure, machine translation, speech recognition and robotics. It has outperformed human champions in the game of Go. In recent years, deep
As employees split their time between office and off-site work, there’s a greater potential for company devices and data to fall into the wrong hands Over the past few pieces of this mini-series on hybrid working, we’ve explored the potential cyber-risks posed by humans and their use of cloud and other services. But what about