FISA

  Ransomware activity in September reached unprecedented levels following a relative lull in August that was still way above regular standards for summer months. According to NCC Group data, ransomware groups launched 514 attacks in September. This surpasses March 2023 activity, which  counted 459 attacks , and was heavily skewed by  Clop's Fortra GoAnywhere data theft attacks . Clop had virtually no activity in September, which may be a sign the sophisticated ransomware gang is preparing for its next big attack.  However, the record was achieved by other threat groups, led by LockBit 3.0 (79 attacks), LostTrust (53), and BlackCat (47). LostTrust is a new threat actor in the list, making a dynamic entrance straight to second place. Believed to be a rebrand of MetaEncryptor due to significant code overlaps,  LostTrust has already encrypted the networks  of many organizations, some of whom experienced data leaks, too. RansomedVC,  a newcomer in exto...

  Security firm WithSecure's Detection and Response Team  said  it tracked multiple Vietnamese cybercrime groups running social engineering campaigns in September, designed to trick marketing professionals into downloading malicious files masquerading as job descriptions and salary details. Schemes used by attackers included using fake job openings at Corsair, a computer memory and hardware manufacturer, to convince individuals to download a malicious file called  Job Description of Corsair.docx . They also used job openings at Indian finance company Groww as bait in India. The Vietnam-based groups likely purchased the information-stealing malware from cybercrime marketplaces and used them interchangeably when attacking specific sectors or groups, researchers said. The malware samples used in the campaigns included the well-known DarkGate info stealer, as well as Ducktail, Lobshot and  Redline . Researchers said attackers' tactics and choice of malware overlappe...

The U.S. government has announced the seizure of 17 website domains used by North Korean information technology (IT) workers as part of an illicit scheme to defraud businesses across the world, evade sanctions, and fund the country's ballistic missile program. The Department of Justice (DoJ) said the U.S. confiscated approximately $1.5 million of the revenue that these IT workers collected from unwitting victims using the deceptive scheme in October 2022 and January 2023. It also called out North Korea for flooding the "global marketplace with ill-intentioned information technology workers." Court documents allege that the dispatched workers primarily live in China and Russia with an aim to deceive companies in the U.S. and elsewhere into hiring them under fake identities, and ultimately generating "millions of dollars a year" in illicit revenues. The development comes amid continued warnings from the U.S. about North Korea's reliance on its army of highly-s...

An updated version of a sophisticated backdoor framework called  MATA  has been used in attacks aimed at over a dozen Eastern European companies in the oil and gas sector and defense industry as part of a cyber espionage operation that took place between August 2022 and May 2023. "The actors behind the attack used spear-phishing mails to target several victims, some were infected with Windows executable malware by downloading files through an internet browser," Kaspersky said in a new exhaustive report published this week. "Each phishing document contains an external link to fetch a remote page containing a  CVE-2021-26411  exploit." CVE-2021-26411 (CVSS score: 8.8) refers to a memory corruption vulnerability in Internet Explorer that could be triggered to execute arbitrary code by tricking a victim into visiting a specially crafted site. It was previously exploited by the Lazarus Group in early 2021 to target security researchers. The cross-platf...

  As cyber threats continue to mount amidst the Israel-Gaza conflict, threat actors have been observed using a malicious version of the ‘RedAlert – Rocket Alerts’ app to spread spyware. The app is popularly used by Israelis and, with the latest attacks in South Israel, the number of users for the app has exploded as more and more people are seeking timely warnings about airstrikes in their area. Understanding the fake app campaign According to  Cloudflare , the malicious version of the app is being distributed via a readalert[.]com website which was created on October 12.  This development comes two days after a threat actor group named AnonGhost exploited a security issue in the ‘Red Alert: Israel’ app to intercept requests, expose servers and APIs, and send fake alerts to users, including nuclear bomb messages.  The website provides the option to download the app for the iOS and Android platforms.  While the iOS download redirects a user to the legitimate proj...

In our digital age, data is king. It drives businesses, informs decision-making, and plays an essential role in our everyday lives. However, with the convenience of technology comes the risk of data breaches and leaks. One often overlooked aspect of this risk is the role that lost and stolen computers play in compromising sensitive information. According to  Forrester Research’s 2023 State of Data Security  report, only 7% of security decision makers are concerned about a lost or stolen asset causing a breach, even though such incidents account for 17% of breaches. Such assets can include smartphones, tablets, laptops, external hard drives, and USB flash drives. While these types of breaches may not command the same attention-grabbing headlines as major cyberattacks, the theft or loss of laptops, desktops, and flash drives poses a very real problem. It underscores the pressing need for endpoint resilience and recovery. The Rising Threat Lost and stolen computers are a growing ...

  While the mainstream media is covering the tragic and heartbreaking events of the war in Israel in detail,  SecurityWeek  wanted to look at a specific issue — the effect of this war on Israeli cybersecurity firms. These firms are globally important to the cybersecurity ecosphere. Many of the larger firms have moved their business headquarters to the US and in some cases to Europe. Such firms will be less directly affected — but many have maintained their R&D centers in Israel. These centers, and smaller and new companies will undoubtedly be affected. According to  SecurityWeek  sources, at least two cybersecurity companies have canceled funding announcements scheduled for this week with staffing affected by the Israeli military call-up of reservists. This depletion of manpower is one of the major and most immediate effects of the war. The Israeli tech industry, and especially the cybersecurity industry, has been built on the experience and expertise of the...