Security News > 2022 > June

Telegram's anonymous blogging platform, Telegraph, is being actively exploited by phishing actors who take advantage of the platform's lax policies to set up interim landing pages that lead to the theft of account credentials. Telegraph is a blogging platform that lets anyone publish anything without creating an account or providing any identification details.

The scam industry is becoming more structured and involves more and more parties divided into hierarchical groups, according to Group-IB. The number of such groups jumped to a record high of 390, which is 3.5 times more than last year, when the maximum number of active groups was close to 110. Due to Scam-as-a-Service, in 2021 the number of cybercriminals in one scam gang increased 10 times compared to 2020 and now reaches 100.

While other businesses worry about reputational damage when they're hit by a ransomware attack, hospitals have to worry about canceled operations and ambulances backing up outside the emergency department. If an attack does get through, there is immense pressure on hospitals to simply pay the ransom.

The security firm's Vedere Labs team said it developed a proof-of-concept strain of this type of next-generation malware, which they called R4IoT. After gaining initial access via IoT devices, the malware moves laterally through the IT network, deploying ransomware and cryptocurrency miners while also exfiltrating data, before taking advantage of operational technology systems to potentially physically disrupt critical business operations, such as pipelines or manufacturing equipment. These types of increasingly destructive attacks, combined with the growing number of internet-connected devices led the researchers to consider: what if ransomware exploited IoT gear to get into a corporate network.

SASE helps by teaming cloud-based SD-WAN with cloud-delivered secure service edge security services - including access control, threat defense, data protection, security monitoring and more - to deliver a boundless security perimeter while radically increasing performance. Using SD-WAN as your SASE starting point and launchpad to SSE. Without laying the proper connectivity foundation with reliable SD-WAN, implementing SSE will be difficult.

Top executives and their families are increasingly being targeted on their personal devices and home networks, as sophisticated threat actors look for new ways to bypass corporate security and get direct access to highly sensitive data. In this video for Help Net Security, Chris Pierson, CEO at BlackCloak, shares on these issues and emerging areas of risk for executives.

Corero Network Security has published the latest edition of its annual DDoS Threat Intelligence Report that compiles the trends, observations, predictions, and recommendations based on DDoS attacks against Corero customers during 2021. Stephenson adds, "Combined with the 82% share of short duration DDoS attacks, the intention is that these stealthier transient attacks will appear as legitimate traffic, bypassing simple security measures and succeeding in choking access to important downstream services or connections." Frequency of repeat attacks also grew with a 29% increase in organizations who experienced a second attack within a week.

The botnet malware EnemyBot has added exploits to its arsenal, allowing it to infect and spread from enterprise-grade gear. "The threat group behind EnemyBot, Keksec, is well-resourced and has the ability to update and add new capabilities to its arsenal of malware on a daily basis," Ofer Caspi, a security researcher with Alien Labs, wrote in a blog post this month.

The company surveyed of 4,000 consumers across three continents, including 1,000 UK respondents, showed that 61% of consumers feel confident enough with contactless payments to leave their wallet at home and just take their phone - a figure that rises to over three quarters for UK Gen Z respondents. The research shows that contactless payments are becoming increasingly prevalent in the UK: 96% of UK consumers surveyed have used contactless in the last year.

"Now it is significantly harder to separate the wheat from the chaff and discover the real C&C servers among thousands of legitimate domains used by Xloader as a smokescreen," Israeli cybersecurity company Check Point said. The latest findings from Check Point build on a previous report from Zscaler in January 2022, which revealed the inner workings of the malware's C&C network encryption and communication protocol, noting its use of decoy servers to conceal the legitimate server and evade malware analysis systems.