Security News
An advanced persistent threat group operating with objectives aligned with the Chinese government has been linked to an organized supply chain attack on Taiwan's financial sector. The second wave of attacks hit a peak between February 10 and 13, 2022, according to a new report published by Taiwanese cybersecurity firm CyCraft, which said the wide-ranging supply chain compromise specifically targeted the software systems of financial institutions, resulting in "Abnormal cases of placing orders."
Seattle-based logistics and freight forwarding company Expeditors International has been targeted in a cyberattack over the weekend that forced the organization to shut down most of its operations worldwide. At 9:20 AM EST Sunday morning, BleepingComputer received an anonymous tip saying that Expeditors suffered a large ransomware attack.
The non-fungible token marketplace OpenSea is investigating a phishing attack that left 17 of its users without more than 250 NFTs worth around $2 million. Phishing actors are always looking for ways to take advantage of changes that require users to take action and the OpenSea NFT theft is no different.
Social media as a threat channel saw a two-fold increase in attacks throughout 2021, according to a report from PhishLabs. In Q4 and throughout 2021, PhishLabs analysed hundreds of thousands of phishing and social media attacks targeting enterprises, their employees, and brands.
The United States Department of Justice has revealed new policies that may see it undertake pre-emptive action against cyber threats. Revealed last week by deputy attorney general Lisa O. Monaco, in a speech at the Munich Cyber Security Conference, the policy will see prosecutors, agents and analysts assess "Whether to use disruptive actions against cyber threats, even if they might otherwise tip the cybercriminals off and jeopardize the potential for charges and arrests."
Today, the White House has linked the recent DDoS attacks that knocked down the sites of Ukrainian banks and defense agencies to Russia's Main Directorate of the General Staff of the Armed Forces. Neuberger also added that, although "Of limited impact" these incidents could be part of a more significant Russian effort to prepare for other, "Laying groundwork" for more disruptive attacks that would come together with a potential invasion of Ukraine's territory.
SonicWall released a report which details a sustained meteoric rise in ransomware with 623.3 million attacks globally. Researchers diligently tracked the dramatic rise in ransomware, recording an astounding 318.6 million more ransomware attacks than 2020, a 105% increase.
Metaverse companies face 60% more attacks last year, and 5 other online fraud statistics. By its reckoning, 21% of all online traffic was fraud or cyberattack related, one in four new account registrations were fake, 80% of all login attacks were credential stuffing attempts and the travel industry was hit particularly hard, with a 12.5 time increase in attacks as people return to traveling.
"The DDoS attacks against the Ukrainian defense ministry and financial institutions appear to be harassment similar to the previous DDoS attacks seen in January," Rick Holland, CISO at Digital Shadows, said via email. In the past two months, Russian- advanced persistent threats have been tied to an attack on 70 Ukrainian government websites, a wiper targeting government, non-profit and IT organizations, and increased attacks and espionage against military targets.
Adobe has released an out-of-band security update for Adobe Commerce and Magento Open Source to address active exploitation of a known vulnerability, and Google has an emergency issue, too. "Adobe is aware that CVE-2022-24086 has been exploited in the wild in very limited attacks targeting Adobe Commerce merchants," the Silicon Valley stalwart said.