Security News > 2022 > April

At least six Russian Advanced Persistent Threat actors and other unattributed threats, have conducted destructive attacks, espionage operations, or both, while Russian military forces attack the country by land, air, and sea. It is unclear whether computer network operators and physical forces are just independently pursuing a common set of priorities or actively coordinating.

While a cybercriminal can conceivably launch a social engineering attack against any part of an organization, such attacks often target the helpdesk. One of the best options is to attack your own service desk as a part of a Red Team exercise.

While a cybercriminal can conceivably launch a social engineering attack against any part of an organization, such attacks often target the helpdesk. One of the best options is to attack your own service desk as a part of a Red Team exercise.

Study: 90% of organizations say ransomware impacted their ability to operate. At the same time, the number of extortion-only attacks in which the criminals did not encrypt sensitive files but instead threatened to publicly leak them dropped to 4% from 7%. Whether or not to pay the ransom is a decision every victim faces in a ransomware attack.

GitHub revealed details tied to last week's incident where hackers, using stolen OAuth tokens, downloaded data from private repositories. "We do not believe the attacker obtained these tokens via a compromise of GitHub or its systems because the tokens in question are not stored by GitHub in their original, usable formats," said Mike Hanley, chief security officer, GitHub.

Cyberattacks against Ukraine have been used strategically to support ground campaigns, with five state-sponsored advanced persistent threat groups behind attacks that began in February. From late February to mid-March, another series of wiper attacks using malware called HermeticWiper, IsaacWiper and CaddyWiper targeted organizations in the Ukraine as Russia commenced its physical invasion.

A newly discovered malware loader called Bumblebee is likely the latest development of the Conti syndicate, designed to replace the BazarLoader backdoor used to deliver ransomware payloads. The emergence of Bumblebee in phishing campaigns in March coincides with a drop in using BazarLoader for delivering file-encrypting malware, researchers say.

A newly discovered malware loader called Bumblebee is likely the latest development of the Conti syndicate, designed to replace the BazarLoader backdoor used to deliver ransomware payloads. The emergence of Bumblebee in phishing campaigns in March coincides with a drop in using BazarLoader for delivering file-encrypting malware, researchers say.

A 'logical flaw' in the npm registry enabled authors of malicious packages to quietly add anyone and any number of users as 'maintainers' to their packages in an attempt to boost the trust in their packages. A security flaw in the npm registry, dubbed 'package planting' allowed threat actors to silently add any developer as 'maintainers' to their malicious packages.

Researchers analyzing the collateral consequences of a ransomware attack include costs that are roughly seven times higher than the ransom demanded by the threat actors. Ransomware attacks typically involve stealing data from the company and encrypting systems to pressure the victim into paying to decrypt files and to avoid a data leak.