Security News

The Tokyo Olympics, set to open Friday night, are already being targeted by threat actors - however, the Federal Bureau of Investigation's Cyber Division has issued a chilling warning the Games' TV broadcast is likely to be plagued by attacks, since it will be the only way to view events now that spectators have been barred due to COVID-19 concerns. "Adversaries could use social-engineering and phishing campaigns in the leadup to the event to obtain access or use previously obtained access to implant malware to disrupt affected networks during the event," the FBI notification said.

In its report, researchers highlight what CVEs are the most frequently mentioned and try to determine where attackers might strike next. "Our findings revealed that there is no 100 percent correlation between the two parameters, since the top five CVEs that received the highest number of posts are not exactly the ones that were mentioned on the highest number of Dark Web forums examined," the report said.

Cyber incidents continue to rise, ransomware accounts for nearly two-thirds of all malware attacks, and more cybercriminals are customizing malware for attacks on virtual infrastructure, Positive Technologies finds. According to the research, the number of attacks increased by 17% compared to Q1 2020, with 77% being targeted attacks, and incidents with individuals accounting for 12% of the total.

Spanish law enforcement agencies on Wednesday arrested 16 individuals belonging to a criminal network in connection with operating two banking trojans as part of a social engineering campaign targeting financial institutions in Europe. As part of an effort to lend credibility to their phishing attacks, the operators worked by sending emails under the guise of legitimate package delivery services and government entities such as the Treasury, urging the recipients to click on a link that stealthily downloaded malicious software onto the systems.

Criminals targeted security gaps at financial services firms as their staff moved to working from home, according to a report issued by the international Financial Stability Board on Tuesday. Established after the G20 London summit in April 2009, the FSB makes recommendations about the global financial system and coordinates financial rules for the G20 group of nations in a non-binding way.

The warning to Putin was largely a repetition of the tough rhetoric Biden had used during their meeting in Geneva last month, when he warned that there would be consequences for continuing cyberattacks emanating from Russia. The dual prongs of the agenda show how even as Biden pledges to get tough on Russia over hacking, there's an inherent desire to avoid aggravating tensions as the administration looks for Russia to cooperate, or at least not interfere, with U.S. actions in other areas, including Syria, the Afghanistan withdrawal and climate change.

That fatigue makes it more likely users will click on a malicious email without knowing it - which explains why 94% of malware is now delivered via email. The fake unsubscribe spam email is a tactic used by criminals to refine their mailing lists and verify email addresses.

Law enforcement agencies in Europe, the US, and Canada on Tuesday announced the takedown of DoubleVPN, a virtual private network service that allegedly helped cybercriminals conduct nefarious activities. As part of the takedown operation, servers across the world were seized to ensure the disruption of the DoubleVPN service.

Europol, the US Department of Justice, and Britain's National Crime Agency have taken down a VPN service they claimed was mainly used by criminals - boasting that they hoovered up "Personal information, logs and statistics" from the site. The DoubleVPN site went dark yesterday after law enforcement agencies swooped on its servers, with a joint public statement this afternoon confirming that the takedown was genuine.

A coordinated international law enforcement operation resulted in the takedown of a VPN service called DoubleVPN for providing a safe haven for cybercriminals to cover their tracks. "Law enforcement gained access to the servers of DoubleVPN and seized personal information, logs and statistics kept by DoubleVPN about all of its customers. DoubleVPN's owners failed to provide the services they promised."