Security News > 2023 > February

"The consequences of Russia's war against Ukraine have ushered in a new era of volatility and unpredictability for global cybercrime that carries a multitude of implications for defenders," Leslie said. Russian cybercrime, per the report, refers to a diverse group or Russian-speaking miscreants located in Russia, Ukraine, Belarus, the Baltics, the South Caucasus, and Central Asia.

"Q4 saw malicious actors push the limits of attack vectors," said John Fokker, Head of Threat Intelligence, Trellix Advanced Research Center. The report includes evidence of malicious activity linked to ransomware and nation-state-backed APT actors, and examines threats to email, the malicious use of legitimate security tools, and more.

In this Help Net Security video interview, Huxley Barbee, lead organizer of BSidesNYC 2023, talks about the upcoming event. BSidesNYC 2023 will take place at the John Jay College of Criminal Justice on April 22, 2023.

Given these dynamics and the massive market opportunities for cybersecurity professionals, talent churn poses a significant threat to security teams. Gartner research shows that compliance-centric cybersecurity programs, low executive support, and subpar industry-level maturity are all indicators of an organization that does not view security risk management as critical to business success.

A Russian national accused of developing the NLBrute brute-force hacking tool has made his first court appearance this week in Florida over accusations that he used the tool to spawn a criminal empire. Dariy Pankov, also known as "Dpxaker," created the NLBrute malware that cracked the Windows credentials of improperly secured Remote Desktop Protocol systems through the brute-force technique of throwing massive numbers of password guesses at them, according to the US Department of Justice.

Microsoft says admins should remove some previously recommended antivirus exclusions for Exchange servers to boost the servers' security. "Keeping these exclusions may prevent detections of IIS webshells and backdoor modules, which represent the most common security issues," the Exchange Team said.

Irish agricultural megacorp Dole has confirmed that it has fallen victim to a ransomware infection that reportedly shut down some of its North American production plants. "Upon learning of this incident, Dole moved quickly to contain the threat and engaged leading third-party cybersecurity experts, who have been working in partnership with Dole's internal teams to remediate the issue and secure systems," the statement continued.

The U.S. Federal Trade Commission revealed today that Americans lost almost $8.8 billion to various types of scams in 2022, following a significant surge of over 30% more lost to fraud compared to the previous year. In 2021, Americans also reported losses of more than $5.8 billion to fraud, another massive increase of over 70% compared to 2020.

FTX founder Sam Bankman-Fried's eight-count indictment related to the collapse of his crypto empire has been superseded by a new 12-count indictment unsealed in New York which provide graphic details about the extent the defunct biz paid off politicians. According to the superseding indictment [PDF], SBF "Corrupted the operations of the cryptocurrency companies he founded and controlled through a pattern of fraudulent schemes that victimized FTX customers, investors, financial institutions, lenders and the [FEC]."

Relief may not come soon, if research firm Gartner's predictions hold true that fully a quarter of security leaders will depart the cybersecurity field entirely by 2025 due to work pressures. In a new report, the firm predicts that nearly half of cybersecurity leaders will change jobs, and that by 2025, lack of talent or human failure will be responsible for over half of significant cyber incidents.