Security News

States across the country are increasingly realizing that more needs to be done to prepare in advance of cyberattacks, according to Louisiana Gov. John Bel Edwards, who spoke at the National Governors Association's biennial National Summit on State Cybersecurity. "Two of the most critical actions that I took as governor were establishing the Louisiana Cybersecurity Commission and developing a statewide incident response plan. One of the most critical things you can do as a state is to have a cyber emergency preparedness plan that has been battle-tested and validated," he said.

The FBI is cautioning companies to beware of a slew of voice phishing attacks aimed at capturing the login credentials of employees. In an advisory released last Thursday, the FBI revealed that as of December 2019, cybercriminals have been working together on social engineering campaigns targeting employees at large firms both in the US and abroad. The criminals are taking advantage of VoIP platforms to launch voice phishing, or vishing, attacks.

The Federal Bureau of Investigation has issued a Private Industry Notification to warn of attacks targeting enterprises, in which threat actors attempt to obtain employee credentials through vishing or chat rooms. An observed shift in tactics, the FBI says, is the targeting of all employee credentials, not exclusively of those individuals who might have higher access and privileges based on their corporate position.

The Federal Bureau of Investigation has issued a notification warning of ongoing vishing attacks attempting to steal corporate accounts and credentials for network access and privilege escalation from US and international-based employees. In multiple cases, once they gained access to the company's network, the threat actors gained greater network access than expected allowing them to escalate privileges using the compromised employees' accounts.

The FBI has alerted companies in the private sector to a spate of attacks using the Egregor ransomware. Egregor - the name of which refers to an occult term meant to signify the collective energy or force of a group of individuals-is indeed the work of a "Large number of actors" and is operating as a ransomware-as-a-service model, according to the FBI. "Because of the large number of actors involved in deploying Egregor, the tactics, techniques and procedures used in its deployment can vary widely, creating significant challenges for defense and mitigation," the FBI said.

Offered under a Ransomware-as-a-Service business model, the Egregor ransomware poses a great threat to businesses due to the use of double extortion, a recent private industry notification from the Federal Bureau of Investigation warns. Initially observed by the FBI in September 2020, Egregor has claimed more than 150 victims to date, all around the world.

The US Federal Bureau of Investigation has sent a security alert warning private sector companies that the Egregor ransomware operation is actively targeting and extorting businesses worldwide. The FBI says in a TLP:WHITE Private Industry Notification shared on Wednesday that Egregor claims to have already hit and compromised more than over 150 victims since the agency first observed this malicious activity in September 2020.

The U.S. government on Tuesday formally pointed fingers at the Russian government for orchestrating the massive SolarWinds supply chain attack that came to light early last month. The FBI, CISA, ODNI, and NSA are members of the Cyber Unified Coordination Group, a newly-formed task force put in place by the White House National Security Council to investigate and lead the response efforts to remediate the SolarWinds breach.

By accessing a targeted home security device an attacker can initiate a call for help to authorities and watch remotely as the swat occurs. The FBI points out that by initiating a call for help from the actual security device lends authenticity and anonymity to the hacker.

A warning issued this week by the FBI warns owners of smart home devices with voice and video capabilities that these types of systems have been targeted by individuals who launch so-called "Swatting" attacks. "Smart home device manufacturers recently notified law enforcement that offenders have been using stolen e-mail passwords to access smart devices with cameras and voice capabilities and carry out swatting attacks," the FBI said.