Security News > 2022

Ransomware gangs are mailing malicious USB drives, posing as the U.S. Department of Health and Human Services and/or Amazon to target the transportation, insurance, and defense industries for ransomware infection, the FBI warned on Friday. FIN7 got into the ransomware/data exfiltration game, with its activities involving REvil or Ryuk as the payload. The FBI said that over the past several months, FIN7 has mailed the malicious USB devices to US companies, in hopes that somebody would plug in the drives, infect systems with malware and thus set them up for future ransomware attacks.

Google Drive ended 2021 as the most abused cloud storage service for malware downloads, according to security provider Netskope. In its "January 2022 Cloud and Threat Report" released Tuesday, Netskope noted that cloud storage apps gained even greater adoption in 2021.

The FBI, CISA, and the NSA have warned critical infrastructure network defenders to be ready to detect and block incoming attacks targeting organizations from US critical infrastructure sectors, orchestrated by Russian-backed hacking groups. "In some cases, Russian state-sponsored cyber operations against critical infrastructure organizations have specifically targeted operational technology/industrial control systems networks with destructive malware."

How might this renewed focus on security start to play out in 2022? Ping Identity CEO and founder Andre Durand offers his take with nine cybersecurity predictions for the new year. With greater investments in security needed to protect society, cybersecurity will become the fourth responsibility of ESG for corporations, according to Durand.

Some European cellphone carriers, and now T-Mobile, are blocking Apple’s Private Relay anonymous browsing feature. This could be an interesting battle to watch.

A new multi-platform backdoor malware named 'SysJoker' has emerged in the wild, targeting Windows, Linux, and macOS with the ability to evade detection on all three operating systems. The discovery of the new malware comes from researchers at Intezer who first saw signs of its activity in December 2021 after investigating an attack on a Linux-based web server.

A new multi-platform backdoor malware named 'SysJocker' has emerged in the wild, targeting Windows, Linux, and macOS with the ability to evade detection on all three operating systems. The discovery of the new malware comes from researchers at Intezer who first saw signs of its activity in December 2021 after investigating an attack on a Linux-based web server.

Dubbed SysJoker by Intezer, the backdoor is used for establishing initial access on a target machine. A possible attack vector for SysJoker is an infected npm package, according to Intezer's analysis - an increasingly popular vector for dropping malware on targets.

Rapid7 has offered up more details on a SonicWall critical flaw that allows for unauthenticated remote code execution on affected devices, noting that it arises from tweaks that the vendor made to the Apache httpd server. CVE-2021-20038 is the most critical of the flaws, with a rating of 9.8 on the Common Vulnerability Scoring System.

With the last month of 2021 dominated by the log4J vulnerabilities discovery, publication, and patches popping up in rapid succession, odds are you have patched your system against Log4J exploitation attempts. 3 - The odds of missing at least one instance of Log4J are high: All version of Log4J from the September 2013 V2.0-beta9 onwards carry those vulnerabilities.