Security News

UPDATE. The FBI and the Cybersecurity and Infrastructure Security Agency are warning that advanced persistent threat nation-state actors are actively exploiting known security vulnerabilities in the Fortinet FortiOS cybersecurity operating system, affecting the company's SSL VPN products. The bug tracked as CVE-2018-13379 is a path-traversal issue in Fortinet FortiOS, where the SSL VPN web portal allows an unauthenticated attacker to download system files via specially crafted HTTP resource requests.

The Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency warn of advanced persistent threat actors targeting Fortinet FortiOS servers using multiple exploits. In the Joint Cybersecurity Advisory published today, the agencies warn admins and users that the state-sponsored hacking groups are "Likely" exploiting Fortinet FortiOS vulnerabilities CVE-2018-13379, CVE-2020-12812, and CVE-2019-5591.

The FBI warns that Mamba ransomware attacks have been directed at entities in the public and private sector, including local governments, transportation agencies, legal services, technology services, industrial, commercial, manufacturing, and construction businesses. Mamba ransomware relies on an open-source software solution named DiskCryptor to encrypt victim computers in the background with a key defined by the attacker.

The Federal Bureau of Investigation this week published an alert to warn of the fact that the Mamba ransomware is abusing the DiskCryptor open source tool to encrypt entire drives, including the operating system. The Mamba ransomware is abusing the open source application for malicious purposes, and has been doing so in a multitude of attacks.

The Federal Bureau of Investigation is warning US private sector companies about an increase in business email compromise attacks targeting state, local, tribal, and territorial government entities. "From 2018 through 2020, the FBI observed increases in business email compromise actors targeting state, local, tribal, and territorial government entities for financial gain due to vulnerability exploitation and transparency requirements," the FBI said.

Attacks employing the TrickBot malware continue, leveraging phishing emails as the initial infection vector, the Cybersecurity and Infrastructure Security Agency and Federal Bureau of Investigation warn. In a joint advisory published on Wednesday, the two agencies revealed that a sophisticated group of cybercrime actors is leveraging a traffic infringement phishing scheme to lure victims into downloading the TrickBot malware.

The FBI this week published its Internet Crime Report for 2020, and the agency said it received nearly 800,000 cybercrime complaints last year, with reported losses totaling $4.2 billion. The number of complaints received by the FBI in 2020 increased significantly compared to the previous year, when it got roughly 467,000 complaints.

The Federal Bureau of Investigation has published its annual report on cybercrime affecting victims in the U.S., noting a record number of complaints and financial losses in 2020 compared to the previous year. The Internet Crime Complaint Center received last year 791,790 complaints - up by 69% from 2019 - of suspected internet crime causing more than $4 billion in losses.

An alert issued on Tuesday by the FBI warns about an increase in PYSA ransomware attacks on education institutions in the United States and the United Kingdom. According to the FBI, PYSA attacks have been launched by "Unidentified cyber actors" against higher education, K-12 schools and seminaries in a dozen U.S. states, as well as the U.K. The threat actors behind PYSA attacks are known to encrypt data on compromised systems, but they also steal information from victims and threaten to leak it in an effort to increase their chances of getting paid.

"Since March 2020, the FBI has become aware of PYSA ransomware attacks against US and foreign government entities, educational institutions, private companies, and the healthcare sector by unidentified cyber actors," the FBI says in the TLP:WHITE flash alert. The FBI recommends not paying Pysa ransomware's ransoms since giving in to their demands will most likely fund future ransomware attacks and encourage them to target other potential victims.