Security News

The quarter saw cyber adversaries shift from low-return, mass-spread ransomware campaigns toward fewer, customized Ransomware-as-a-Service campaigns targeting larger, more lucrative organizations. A proliferation in 64-bit CoinMiner applications drove the growth of cryptocurrency-generating coin mining malware by 117%. Additionally, a surge in the growth of new Mirai-based malware variants drove increases in malware targeting Internet of Things and Linux systems.

A top Russian-language underground forum has been running a "Contest" for the past month, calling on its community to submit "Unorthodox" ways to conduct cryptocurrency attacks. The forum's administrator, in an announcement made on April 20, 2021, invited members to submit papers that assess the possibility of targeting cryptocurrency-related technology, including the theft of private keys and wallets, in addition to covering unusual cryptocurrency mining software, smart contracts, and non-fungible tokens.

One of the most powerful leadership tools is positive reinforcement - a proven and effective method for shaping and changing behavior. While dog owners might use treats or toys to reward desired behaviors, CISOs can leverage technology to reinforce certain behaviors conducted by employees - guiding them in their role in protecting the broader organization.

A new piece of ransomware named Epsilon Red has been used to target at least one organization in the United States, and its operators have apparently already made a significant profit. Cybersecurity firm Sophos reported last week that Epsilon Red operators have been spotted targeting a US-based company in the hospitality sector.

The latest escalation of the cybersecurity arms race finds threat actors following their targets into the cloud as they start to launch difficult-to-detect attacks by leveraging trusted domains owned by companies like Google and Microsoft. According to a blog post from cybersecurity software company Proofpoint, cloud collaboration tools like Microsoft 365, Azure, OneDrive, SharePoint, G-Suite and Firebase are being used to launch an increasing number of cyberattacks, and their cloud-hosted nature makes them difficult to detect.

Colonial Pipeline on Thursday restored operations to its entire pipeline system nearly a week following a ransomware infection targeting its IT systems, forcing it to reportedly shell out nearly $5 million to restore control of its computer networks. "Some markets served by Colonial Pipeline may experience, or continue to experience, intermittent service interruptions during this start-up period. Colonial will move as much gasoline, diesel, and jet fuel as is safely possible and will continue to do so until markets return to normal."

The infamous cybercrime organization known as Evil Corp may be running cyberespionage operations on behalf of a Russian intelligence agency, security consulting company Truesec reports. Evil Corp is allegedly run by Russian nationals Maksim Yakubets and Igor Turashev, who were charged by the United States in 2019.

Threat actors are increasingly adopting Excel 4.0 documents as an initial stage vector to distribute malware such as ZLoader and Quakbot, according to new research. The findings come from an analysis of 160,000 Excel 4.0 documents between November 2020 and March 2021, out of which more than 90% were classified as malicious or suspicious.

"Gathered from over 285 million real-world endpoints and sensors, and leveraging the extensive BrightCloud network of industry-leading partners, this year's Threat Report clearly shows how cybercriminals are willing and able to evolve their tactics to exploit collective human interest and current events," said Prentiss Donohue, EVP, SMB/C Sales, OpenText. One of which, %appdata%, saw the infection rate jump 59.2% YoY. Consumer devices saw twice as many malware infections when compared to business devices.

An examination of cybercrime ecosystems reveals it mirrors legitimate financial organization and market systems. "Cybercriminals need to move money and pay employees in their organization just like any other company," said Derek Manky Chief Security Insights & Global Threat Alliances at Fortinet's FortiGuard Labs.