Security News
Two Eastern European nationals have been sentenced in the U.S. for offering "Bulletproof hosting" services to cybercriminals, who used the technical infrastructure to distribute malware and attack financial institutions across the country between 2009 to 2015. Pavel Stassi, 30, of Estonia, and Aleksandr Shorodumov, 33, of Lithuania, have been each sentenced to 24 months and 48 months in prison, respectively, for their roles in the scheme.
A new national cyber strategy will be launched by year-end, the National Cyber Security Centre's chief exec has promised - while calling out spyware vendor NSO Group as a "Red flag" for the UK infosec community. Lindy Cameron told the Chatham House international affairs think tank that NSO Group was "Something we raised a red flag about before, that the commercial market for sophisticated cyber exploitation products is an issue."
As a result, ransomware groups are hiring experts in every aspect of the business, from pen-testers who can gain initial access to systems to ransom negotiators. We've seen ransomware groups call and harass employees of an organisation. We've seen them reach out to business partners and suppliers, third parties, to drum up additional pressure," he says.
The London law firm which secured a court injunction forbidding ransomware criminals from publishing data stolen from them has now gone a step further - by securing a default judgment from the High Court. 4 New Square Ltd, a barristers' chambers, raised some amusement in cyber security circles in July when it applied for a High Court injunction in the wake of a ransomware infection.
Lacework released its cloud threat report, unveiling the new techniques and avenues cybercriminals are infiltrating to profit from businesses. The rapid shift of applications and infrastructure to the cloud creates gaps in the security posture of organizations everywhere.
"Shah's first advice is that:"A negotiator should never reveal that they are a 'trained negotiator'. Shah sees his role as a conduit for the business to talk to the attackers, rather than a middleman, which means first he has to establish that the Storm team doesn't get involved with working out who was at fault.
The names and home addresses of 111,000 British firearm owners have been dumped online as a Google Earth-compatible. Dumped online last week onto an animal rights activist's blog, the reformatted Guntrader breach data was explicitly advertised as being importable into Google Earth so randomers could "Contact as many [owners] as you can in your area and ask them if they are involved in shooting animals."
A bungled data migration of a network drive caused the deletion of 22 terabytes of information from a US police force's systems - including case files in a murder trial, according to local reports. Dallas Police Department confessed to the information blunder last week, revealing in a statement that a data migration exercise carried out at the end of the 2020-21 financial year deleted vast amounts of data from a network drive.
"Whether it's taking advantage of the buzz around cryptocurrency, stealing credentials to start a ransomware attack, or tailoring attacks to less suspicious targets in low profile roles, cybercriminals are constantly adapting their tactics and making their attacks more sophisticated," per the report. Among social engineering attacks analyzed by Barracuda researchers, phishing represented 49%, followed by scamming, BEC and extortion.
The Cyber Security Agency of Singapore today released data revealing that cybercrime accounted for 43 per cent of all crime in the city-state during 2020. Ransomware attacks rose 154 per cent from 35 cases in 2019 to 89 in 2020, shifting from what CSA called "Indiscriminate, opportunistic attacks" to "Big Game Hunting".