Security News

"As of October 2021, US election officials in at least nine states received invoice-themed phishing emails containing links to websites intended to steal login credentials." On 5 October 2021, unidentified cyber actors targeted US election officials in at least nine states, and representatives of the National Association of Secretaries of State, with phishing emails.

The new FBI warning [PDF] came a day after the US Department of Justice unsealed a pair of indictments that detail alleged Russian government efforts to use supply chain attacks and malware in an attempt to compromise and control critical infrastructure. One of the two indictments involves Triton malware and its use in the 2017 attack.

A 23-year-old Russian national has been indicted in the U.S. and added to the Federal Bureau of Investigation's Cyber Most Wanted List for his alleged role as the administrator of Marketplace A, a cyber crime forum that sold stolen login credentials, personal information, and credit card data. "Marketplace A specialized in the sale of unlawfully obtained access devices for compromised online payment platforms, retailers, and credit card accounts, including providing the data associated with those accounts such as names, home addresses, login credentials, and payment card data for the victims, who are the actual owners of those accounts," the U.S. Justice Department said in a statement.

A Russian national has been indicted by the US DOJ and added to the FBI's Cyber Most Wanted list for allegedly creating and managing a cybercrime marketplace. Igor Dekhtyarchuk, a resident of Russia, was indicted in the Eastern District of Texas for running the cybercrime marketplace that sold credit cards, access to compromised devices or accounts, and personal information.

The Federal Bureau of Investigation says ransomware gangs have breached the networks of at least 649 organizations from multiple US critical infrastructure sectors last year, according to the Internet Crime Complaint Center 2021 Internet Crime Report. The actual number is likely higher given that the FBI only started tracking reported ransomware incidents in which the victim a critical infrastructure sector organization in June 2021.

The FBI's Internet Crime Complaint Center released its annual report compiled from 847,376 complaints it received in 2021. There were 19,954 BEC complaints to the IC3 in 2021 that accounted for approximately $2.4bn in losses.

FBI warns of cyberattacks using AvosLocker ransomware. The FBI and US Treasury are advising organizations to beware of a specific strain of ransomware aimed at critical infrastructure sectors in the United States.

The AvosLocker ransomware has targeted multiple victims across the country, according to the joint advisory [PDF] issued late last week by the FBI, Treasury Department and Financial Crimes Enforcement Network. Palo Alto Networks' Unit 42 researchers in July 2021 wrote about an advertisement they saw on Dread, which they described as a "Reddit-like dark web discussion forum," for a new RaaS called AvosLocker, outlining features of the ransomware and letting affiliates who leverage the malware know that AvosLocker operators would handle the negotiation and extortion practices.

The Federal Bureau of Investigation warns of AvosLocker ransomware being used in attacks targeting multiple US critical infrastructure sectors. "AvosLocker is a Ransomware as a Service affiliate-based group that has targeted victims across multiple critical infrastructure sectors in the United States including, but not limited to, the Financial Services, Critical Manufacturing, and Government Facilities sectors," the FBI said [PDF].

CISA and the FBI said today they're aware of "Possible threats" to satellite communication networks in the US and worldwide. Today's security advisory also warned US critical infrastructure organizations of risks to SATCOM providers' customers following network breaches.