Security News

Russian crooks are selling network credentials and virtual private network access for a "Multitude" of US universities and colleges on criminal marketplaces, according to the FBI. According to a warning issued on Thursday, these stolen credentials sell for thousands of dollars on both dark web and public internet forums, and could lead to subsequent cyberattacks against individual employees or the schools themselves. "The exposure of usernames and passwords can lead to brute force credential stuffing computer network attacks, whereby attackers attempt logins across various internet sites or exploit them for subsequent cyber attacks as criminal actors take advantage of users recycling the same credentials across multiple accounts, internet sites, and services," the Feds' alert [PDF] said.

Cybercriminals are offering to sell for thousands of U.S. dollars network access credentials for higher education institutions based in the United States. The sensitive information consists of network credentials and virtual private network access "To a multitude" of higher education organizations in the U.S. In some cases, the seller posted a screenshot proving that the credentials provide the advertised access.

The FBI, in a joint advisory with the US government Departments of State and Treasury, has warned that North Korea's cyberspies are posing as non-North-Korean IT workers to bag Western jobs to advance Kim Jong-un's nefarious pursuits. North Korean IT workers may accept foreign contracts and then outsource those projects to non-North-Korean folks.

Multiple cybersecurity and law enforcement agencies from FVEY countries shared guidance for MSPs to secure networks and sensitive data against these rising cyber threats. "The UK, Australian, Canadian, New Zealand, and U.S. cybersecurity authorities expect malicious cyber actors-including state-sponsored advanced persistent threat groups-to step up their targeting of MSPs in their efforts to exploit provider-customer network trust relationships," the joint advisory reads.

The FBI warned the global cost of business email compromise attacks is $43 billion for the time period of June 2016 and December 2021. BEC or email account compromise are an advanced scamming technique that targets both employees and business and the businesses they work for.

FBI: $43 billion in losses are due to Business Email Compromise fraud between 2016 and 2021. The Federal Bureau of Investigation released an alert that said there has been a 65% increase in identified global exposed losses from Business Email Compromise fraud, also known as Email Account Compromise.

Cyber-scams cost victims around the globe at least $6.9 billion last year, according to the FBI's latest Internet Crime Report. A subset of this category, business email compromise, is proving very lucrative and and cost victims almost $2.4 billion from 19,954 victims, according to the feds.

The Federal Bureau of Investigation said today that the amount of money lost to business email compromise scams continues to grow each year, with a 65% increase in the identified global exposed losses between July 2019 and December 2021. Victims reported losses of almost $2.4 billion in 2021, based on 19,954 recorded complaints linked to BEC attacks targeting individuals and businesses.

Also called ALPHV and Noberus, the ransomware is notable for being the first-ever malware written in the Rust programming language that's known to be memory safe and offer improved performance. "Many of the developers and money launderers for BlackCat/ALPHV are linked to DarkSide/BlackMatter, indicating they have extensive networks and experience with ransomware operations," the FBI said in an advisory published last week.

The BlackCat ransomware gang, said to be the first-known ransomware group to successfully break into networks with Rust-written malware, has attacked at least 60 organizations globally as of March, according to the FBI. BlackCat, also known as ALPHV, is a relatively new group of cybercriminals that operates a Windows ransomware-as-a-service. While it only appeared on the ransomware crime scene in November 2021, security researchers and federal law enforcement have linked its developers and money launderers to the notorious Darkside/Blackmatter crime rings, "Indicating they have extensive networks and experience with ransomware operations," the FBI said in a security alert [PDF] this week.