Security News

The RansomEXX ransomware gang is claiming responsibility for the cyberattack against Bombardier Recreational Products, disclosed by the company on August 8, 2022. BRP employs over 20,000 people, counts close to $6 billion in annual sales, and distributes various products in more than120 countries, so even a minimal disruption in its production can have a serious financial impact.

Ransomware attacks can impact any type of organization in virtually any sector. In a report released Wednesday, August 24, security provider Barracuda discusses which types of companies have been in the crosshairs of ransomware and offers advice on how to combat these attacks.

A new business email compromise campaign has been discovered combining sophisticated spear-phishing with Adversary-in-The-Middle tactics to hack corporate executives' Microsoft 365 accounts, even those protected by MFA. By accessing accounts of high-ranking employees like CEOs or CFOs of large organizations, the threat actors can monitor communications and respond to emails at the right moment to divert a large transaction to their bank accounts. The phishing emails sent in these attacks tell the target that the corporate bank account they usually send payments to has been frozen due to a financial audit, enclosing new payment instructions that switch to the account of an alleged subsidiary.

The threat actors behind a large-scale adversary-in-the-middle phishing campaign targeting enterprise users of Microsoft email services have also set their sights on Google Workspace users. The AitM phishing attacks are said to have commenced in mid-July 2022, following a similar modus operandi as that of a social engineering campaign designed to siphon users' Microsoft credentials and even bypass multi-factor authentication.

Lloyd's of London insurance policies will stop covering losses from certain nation-state cyber attacks and those that happen during wars, beginning in seven months' time. Because of this, all standalone cyber attack policies must include "a suitable clause excluding liability for losses arising from any state-backed cyberattack," Chaudhry wrote.

Threat actors are increasingly abusing legitimate software-as-a-service platforms like website builders and personal branding spaces to create malicious phishing websites that steal login credentials. Because SaaS platforms simplify and streamline the process of creating new sites, phishing actors can easily switch to different themes, scale up or diversify their operations, and quickly respond to reports and takedowns.

The Center Hospitalier Sud Francilien, a 1000-bed hospital located 28km from the center of Paris, suffered a cyberattack on Sunday, which has resulted in the medical center referring patients to other establishments and postponing appointments for surgeries."This attack on the computer network makes the hospital's business software, the storage systems, and the information system relating to patient admissions inaccessible for the time being," explains CHSF's announcement.

A new data extortion group named 'Donut Leaks' is linked to recent cyberattacks, including those on Greek natural gas company DESFA, UK architectural firm Sheppard Robson, and multinational construction company Sando. Strangely, the data for these victims have now appeared on the data leak site for a previously unknown extortion gang known as Donut Leaks.

Software running Palo Alto Networks' firewalls is under attack, prompting U.S. Cybersecurity and Infrastructure Security Agency to issue a warning to public and federal IT security teams to apply available fixes. Any additional attacks exploiting the bug have either not occurred or been publicly reported.

Abnormal Security released a report which explores the current email threat landscape. This Help Net Security video provides insight into the latest advanced email attack trends.