Security News
The number of phishing attacks worldwide jumped 29 percent last year as threat actors countered stronger enterprise defenses with newer methods, according to researchers with Zscaler's ThreatLabz research team. While the United States remained the country with the most phishing attempts, others are seeing faster growth in the number of incidents - exploiting new vectors like SMS and lowering the barrier of entry for launching attacks through pre-built tools made available on the market.
In the past, cybercriminals didn't focus so much on the left side of the attack kill chain-let's call it "The pre-attack framework." But now, we are starting to see more and more cases of cybercriminal empires focusing on that pre-attack framework and hopping on fresh zero-day vulnerabilities. It hasn't been the typical behavior of cybercriminals to use sophisticated attack methods.
Criminal defense law firm Tuckers Solicitors is facing a fine from the UK's data watchdog for failing to properly secure data that included information on case proceedings which was scooped up in a ransomware attack in 2020. Data held on the archive server had not been encrypted, Tuckers admitted to the ICO. This wouldn't have prevented the attack but may have mitigated the risk to data subjects.
The United States Department of Justice has revealed new policies that may see it undertake pre-emptive action against cyber threats. Revealed last week by deputy attorney general Lisa O. Monaco, in a speech at the Munich Cyber Security Conference, the policy will see prosecutors, agents and analysts assess "Whether to use disruptive actions against cyber threats, even if they might otherwise tip the cybercriminals off and jeopardize the potential for charges and arrests."
The format is simple: we propose a motion, the arguments for the motion will run this Monday and Wednesday, and the arguments against on Tuesday and Thursday. Security pro Dave Cartwright is our first contributor arguing AGAINST the motion.
FBI: Criminals escalating SIM swap attacks to steal millions of dollars. The FBI says criminals have escalated SIM card swap attacks to hijack victims' phone numbers and steal millions of dollars from fiat and virtual currency accounts.
The Federal Bureau of Investigation says criminals have escalated SIM swap attacks to steal millions by hijacking victims' phone numbers. "From January 2018 to December 2020, the FBI Internet Crime Complaint Center received 320 complaints related to SIM swapping incidents with adjusted losses of approximately $12 million. In 2021, IC3 received 1,611 SIM swapping complaints with adjusted losses of more than $68 million."
This week, cryptocurrency company Wormhole lived up to its name by exposing an exploitable vulnerability that apparently allowed cybercriminals to run off with an eye-watering 120,000 Ether tokens. As pointed out by Elliptic, a company that offers blockchain analytics to assist with compliance, the Wormhole team tried the same trick that was used by cryptocoin company Poly Networks when it was defrauded of more than $600,000,000 in August 2021.
For threat actors, there is a simple calculus at play - namely, what method of attack is a) easiest and b) most likely to yield the biggest return? And the answer, at this moment, is Linux-based cloud infrastructure, which makes up 80%+ of the total cloud infrastructure. These attacks will undoubtedly continue into 2022 and potential targets parties must remain vigilant.
A Russian national charged with providing bulletproof hosting services for cybercriminals, who used the platform to spread malware and attack U.S. organizations and financial institutions between 2009 to 2015, has received a 60-month prison sentence. 34-year-old Aleksandr Grichishkin, along with Andrei Skvortsov, founded the bulletproof hosting service and rented its infrastructure to other criminal clientele for distributing a wide range of malware and attempted to cause millions of dollars in losses to U.S. victims.