Security News

Over the last year, I've spoken with state IT teams throughout the U.S., and discovered that, while states responded effectively by enabling the move to a virtual working environment, the race to establish remote operations has exposed huge cybersecurity vulnerabilities within local municipalities: the struggle for adequate funding, the challenges in attracting skilled IT workers, and the widening cyber threat landscape are pushing municipalities to the brink. In the last year, RDP attacks increased by over 768%. For cybercriminals looking for vulnerable targets, local governments and municipalities with lax remote work security protocols are perfect targets for ransomware and other malicious actions.

U.S. law enforcement arrested six "Ringleaders" of a Ghana-based cybercriminal enterprise, who had allegedly launched a slew of money-stealing scams dating back to 2013 that included romance scams, business email compromise attacks and fraud. While the six arrested were allegedly involved with the criminal enterprise based in Ghana, they were located across the U.S. and targeted individuals and businesses in the U.S. Scams Relating to Romance, COVID-19 Relief.

Perhaps the most troubling aspect of this tale is that this was the seventh such malicious package found on npm within a month, a stark illustration of the effort that cybercriminals are making to insert themselves into the open source software supply chain. According to Weeks, anywhere from 10 per cent to 40 percent of open source software components developers are downloading have known vulnerabilities.

A group of cybercriminals known for ransomware attacks has started leaking files allegedly stolen from Jones Day, a major U.S.-based law firm that has represented former president Donald Trump, including in his attempts to overturn the results of the recent election. The cybercriminals behind the ransomware operation known as Clop have been known to encrypt files on compromised systems, as well as stealing files from the victim and threatening to leak them unless a ransom is paid.

Over 400 malicious Valentine's Day-themed phishing individual email campaigns were spotted on a weekly basis in January, according to Check Point Research. The fraudulent email sent the year has not changed and the company address is written in lower-case, according to Check Point.

A new distributed denial-of-service attack vector has ensnared Plex Media Server systems to amplify malicious traffic against targets to take them offline. "Plex's startup processes unintentionally expose a Plex UPnP-enabled service registration responder to the general Internet, where it can be abused to generate reflection/amplification DDoS attacks," Netscout researchers said in a Thursday alert.

Primarily, the report highlights a rise in ransom-related DDoS attacks, by which extortion demands are issued against organizations. While RDDoS is not a new phenomenon for many online industries, attackers have recently set their sights on organizations across a wider variety of sectors including financial services, government and telecommunications.

Cybercriminals behind a successful phishing campaign have exposed more than 1,000 corporate employee credentials on the Internet, according to a warning from security vendor Check Point. As part of the campaign, the attackers were able to successfully bypass Microsoft Office 365 Advanced Threat Protection filtering, which allowed them to harvest more than a thousand credentials from victims.

Bitdefender on Monday announced the availability of a free tool that organizations can use to recover files encrypted by DarkSide, a piece of ransomware that cybercriminals claim helped them make millions. DarkSide operators have been making money not only by encrypting important files on compromised systems, but also by stealing valuable information to pressure victims into paying up.

Security experts are warning hackers are ramping up attempts to exploit a high-severity vulnerability that may still reside in over 100,000 Zyxel Communications products. Zyxel, a Taiwanese manufacturer of networking devices, on Dec. 23 warned of the flaw in its firmware and released patches to address the issue.