Security News

SMS phishing attacks - annoyingly called "Smishing" - are becoming more common. I know that I have been receiving a lot of phishing SMS messages over the past few months.

In this video for Help Net Security, Corey Nachreiner, CSO at WatchGuard Technologies, gives a high-level summary of the Internet Security Report for Q4 2021, which revealed all of the threats were up, whether they're network attacks or malware. When the pandemic started, the research team saw a big drop in malware being detected by network security devices.

In this video for Help Net Security, Mark Guntrip, Sr Director, Cybersecurity Strategy at Menlo Security, talks about highly evasive adaptive threats. The start of a malware infection or a ransomware incident is the threat act of getting a foothold in a victim's network, and that's where HEAT attacks are used.

This year's report showed dramatic 29% growth in overall phishing attacks compared to previous years, with retail and wholesale companies bearing the brunt of the increase. "Phishing attacks are impacting businesses and consumers with alarming frequency, complexity, and scope - with the rise in phishing-as-a-service making it easier than ever for non-sophisticated actors to launch successful attacks. Our annual report highlights how cybercriminals continue to escalate their usage of phishing as a starting point to breach organizations to deliver ransomware or steal sensitive data," said Deepen Desai, CISO and VP of Security Research and Operations at Zscaler.

The Five Eyes nations have released a joint cybersecurity advisory warning of increased malicious attacks from Russian state-sponsored actors and criminal groups targeting critical infrastructure organizations amidst the ongoing military siege on Ukraine. "Evolving intelligence indicates that the Russian government is exploring options for potential cyberattacks," authorities from Australia, Canada, New Zealand, the U.K., and the U.S. said.

How phishing attacks are spoofing credit unions to steal money and account credentials. A report released Thursday by email security provider Avanan reveals how a new phishing campaign is taking advantage of credit unions to steal money and information.

VMware released a report which takes the pulse of the financial industry's top CISOs and security leaders on the changing behavior of cybercriminal cartels and the defensive shift of the financial sector. The report found that financial institutions are facing increased destructive attacks and falling victim to ransomware more than in years' past, as sophisticated cybercrime cartels evolve beyond wire transfer fraud to now target market strategies, take over brokerage accounts and island hop into banks.

The Five Eyes nations' cybersecurity agencies this week urged critical infrastructure to be ready for attacks by crews backed by or sympathetic to the Kremlin amid strong Western opposition to Russia's invasion of Ukraine. "Given recent intelligence indicating that the Russian government is exploring options for potential cyberattacks against US critical infrastructure, CISA along with our interagency and international partners are putting out this advisory to highlight the demonstrated threat and capability of Russian state-sponsored and Russian aligned cybercrime groups," CISA Director Jen Easterly said in a statement.

The US Federal Bureau of Investigation warned Food and Agriculture sector organizations today of an increased risk that ransomware gangs "May be more likely" to attack them during the harvest and planting seasons. While ransomware groups regularly target the US agriculture sector, the FBI noted that the number of attacks against such entities during such critical seasons stands out.

Shuckworm's attacks are part of an ongoing campaign by Russian state-sponsored threat groups that escalated their efforts in the run-up to the invasion of Ukraine in late February, and have continue their attacks since. The Security Service of Ukraine last year said the group was responsible for more than 5,000 attacks against public agencies or critical infrastructure and linked Shuckworm to the FSB, Russia's security service and successor to the KGB. The SSU said the group targeted more than 1,500 government computer systems over seven years.