Security News

Companies are vulnerable to potential cyberthreats during mergers and acquisitions; learn from an expert why and how to reduce security risks during the transition. Why are cybercriminals targeting companies undergoing a merger or acquisition?

Ransomware remains primary threat in the first half of the year as cybercriminals continued to target big-name victims. Working with third parties to gain access to targeted networks, they used Advanced Persistent Threat tools and techniques to steal and encrypt victims' data.

According to a recent AtlasVPN report, malicious office documents are the latest trend in cybercriminal behavior; a timely strategy as companies pause office reentry plans and continue to work remotely due to COVID-19. "Even though infecting office documents with malware has been established for a long time, it is still very successful at tricking people," said William Sword, Atlas VPN cybersecurity researcher, in a blog post about the findings.

Threat actors are capitalizing on the growing popularity of proxyware platforms like Honeygain and Nanowire to monetize their own malware campaigns, once again illustrating how attackers are quick to repurpose and weaponize legitimate platforms to their advantage. "Malware is currently leveraging these platforms to monetize the internet bandwidth of victims, similar to how malicious cryptocurrency mining attempts to monetize the CPU cycles of infected systems," researchers from Cisco Talos said in a Tuesday analysis.

Cybercriminals are making strides towards attacks with malware that can execute code from the graphics processing unit of a compromised system. In a short post on a hacker forum, someone offered to sell the proof-of-concept for a technique they say keeps malicious code safe from security solutions scanning the system RAM. The seller provided only an overview of their method, saying that it uses the GPU memory buffer to store malicious code and execute code.

Companies should now consider cybercriminals as business competitors, according to Lacework's 2021 Cloud Threat Report Volume 2. The Lacework Lab analyzed telemetry from its customers and other data to identify rising and increasing security threats to cloud deployments.

"Many schools cannot operate without their computer systems, and some schools have had to cancel classes due to ransomware attacks," said Paul Bischoff, privacy advocate at Comparitech. "Resolving a ransomware attack without paying the ransom takes about two weeks on average, which is far too long for kids to be out of school. So ransomware creates urgency that makes schools more likely to pay up."

Human error is still responsible for the majority of breaches, but we're getting better about watching for suspicious links, expert says.

VMware released a report which analyzes how cybercriminals are manipulating reality to reshape the modern threat landscape. "Today, we're seeing a nexus between nation-states and cybercriminals continue to rapidly advance the development of increasingly sophisticated and destructive cyberattacks, combined with the broadening of the attack surface as a result of COVID-19," says Tom Kellermann, head of cybersecurity strategy, VMware.

IT management software firm Kaseya on Monday said it did not pay any money to cybercriminals, following speculation that it may have paid a ransom to obtain a decryptor that would allow customers hit by the recent ransomware attack to recover their files. "Recent reports have suggested that our continued silence on whether Kaseya paid the ransom may encourage additional ransomware attacks, but nothing could be further from our goal," Kaseya said in a statement.