Security News

The Federal Bureau of Investigation has shared info about a threat actor known as OnePercent Group that has been actively targeting US organizations in ransomware attacks since at least November 2020. "The FBI has learned of a cyber-criminal group who self identifies as the 'OnePercent Group' and who have used Cobalt Strike to perpetuate ransomware attacks against US companies since November 2020," the FBI said.

Security researcher Bob Diachenko claims to have discovered an unprotected Elasticsearch database containing 1.9 million records related to what appeared to be a terrorist watchlist of the United States government. Diachenko identified what he believed to be a no-fly list maintained by the Terrorist Screening Center, a multi-agency group administered by the FBI. The no-fly list represents only a subset of a larger terrorist watchlist maintained by the U.S. Department of Homeland Security.

The FBI Criminal Investigative Division and Securities and Exchange Commission warn investors of fraudsters impersonating registered investment professionals such as investment advisers and registered brokers. The end goal of these broker imposter schemes is to lure their targets into investment scams using spoofed sites, fake social media profiles, cold calling, and doctored documents.

A joint security advisory issued today by several cybersecurity agencies from the US, the UK, and Australia reveals the top 30 most targeted security vulnerabilities of the last two years. "Collaboration is a crucial part of CISA's work and today we partnered with ACSC, NCSC and FBI to highlight cyber vulnerabilities that public and private organization should prioritize for patching to minimize risk of being exploited by malicious actors," said Eric Goldstein, CISA Executive Assistant Director for Cybersecurity.

The Tokyo Olympics, set to open Friday night, are already being targeted by threat actors - however, the Federal Bureau of Investigation's Cyber Division has issued a chilling warning the Games' TV broadcast is likely to be plagued by attacks, since it will be the only way to view events now that spectators have been barred due to COVID-19 concerns. "Adversaries could use social-engineering and phishing campaigns in the leadup to the event to obtain access or use previously obtained access to implant malware to disrupt affected networks during the event," the FBI notification said.

The Federal Bureau of Investigation warns of threat actors potentially targeting the upcoming Olympic Games, although evidence of attacks planned against the Olympic Games Tokyo 2020 is yet to be uncovered. As the FBI explains, attacks coordinated by criminal or nation-state threat actors targeting the Tokyo 2020 Summer Olympics could involve distributed denial of service attacks, ransomware, social engineering, phishing campaigns, or insider threats.

Motherboard got its hands on one of those Anom phones that were really FBI honeypots. The details are interesting.

The Federal Bureau of Investigation warns cryptocurrency owners, exchanges, and third-party payment platforms of threat actors actively targeting virtual assets in attacks that can lead to significant financial losses. The FBI issued the warning via a TLP:GREEN Private Industry Notification designed to provide cybersecurity professionals with the information required to properly defend against these ongoing attacks.

The REvil cybergang is taking credit for Friday's massive ransomware attack against managed service provider Kaseya Ltd. The criminals behind the attack claim it infected 1 million systems tied to Kaseya services and are demanding $70 million in bitcoin in exchange for a decryption key. The attack is considered the single biggest global ransomware attack on record.

CISA and the Federal Bureau of Investigation have shared guidance for managed service providers and their customers impacted by the REvil supply-chain ransomware attack that hit the systems of Kaseya's cloud-based MSP platform. The two federal agencies advise MSPs affected by the Friday REvil attack to further check their systems for signs of compromise using a detection tool provided by Kaseya over the weekend and enable multi-factor authentication on as many accounts as possible.