Security News > 2022 > February

As the number of ransomware attacks continue to rise, Blackberry has found as a part of its annual threat report that there may be a shared economy amongst cyber criminals that is growing. "This infrastructure has also incubated a criminal shared economy, with threat groups sharing and outsourcing malware allowing for attacks to happen at scale. In fact, some of the biggest cyber incidents of 2021 look to have been the result of this outsourcing."

Two US Senators claim that the CIA has been running an unregulated — and almost certainly illegal — mass surveillance program on Americans. The senator’s statement. Some declassified information...

Though a number of the group's attacks already have been tracked by various researchers - including Microsoft, Mandiant, Cisco Talos, Morphisec and others - since at least 2019, Proofpoint's latest research shares "Comprehensive details linking public and private data under one threat activity cluster we call TA2541," researchers wrote. Previously reported attacks related to TA2541 include a two-year spyware campaign against the aviation industry using the AsyncRAT called Operation Layover and uncovered by Cisco Talos last September, and a cyberespionage campaign against aviation targets spreading RevengeRAT or AsyncRAT revealed by Microsoft last May, among others.

Researchers discover common threat actor behind aviation and defense malware campaigns. Security researchers at Proofpoint have announced their discovery of a common threat actor behind attacks reported by Cisco Talos, Microsoft and others, and they say that the group has been active since at least 2017.

For years, a low-skilled attacker has been using off-the-shelf malware in malicious campaigns aimed at companies in the aviation sector as well as in other sensitive industries. Tracked as TA2541 by cybersecurity company Proofpoint, the adversary is believed to operate from Nigeria and its activity has been documented before in analysis of separate campaigns.

For years, a low-skilled attacker has been using off-the-shelf malware in malicious campaigns aimed at companies in the aviation sector as well as in other sensitive industries. Tracked as TA2541 by cybersecurity company Proofpoint, the adversary is believed to operate from Nigeria and its activity has been documented before in analysis of separate campaigns.

The BlackCat ransomware group, aka ALPHV, has claimed responsibility for the recent cyber attack on Swissport that caused flight delays and service disruptions. BlackCat has now been seen by BleepingComputer to leak a minuscule set of terabytes of data supposedly obtained from the recent ransomware attack.

The format is simple: we propose a motion, the arguments for the motion will run this Monday and Wednesday, and the arguments against on Tuesday and Thursday. Security pro Dave Cartwright is our first contributor arguing AGAINST the motion.

Offensive Security has released Kali Linux 2022.1, the latest version of its popular open source penetration testing platform. Visually refreshed and with improved usability for visually impaired users, it comes also with a new "Kali-linux-everything" image, wider compatibility for Kali's SSH client, and new tools.

This is the sort of situation facing more and more companies, as cybercriminals not only take advantage of existing vulnerabilities in the open-source ecosystem, but actively work to inject their own, giving them the chance to attack supply chains at their leisure. This session, featuring a panel of experts from Immersive Labs, takes you through the decision-making process you would face as you try to protect your own organisation as well your customers.