Security News

They also provided a set of extensive mitigation measures to be immediately implemented by think tank organizations' leaders, staff, and IT staff to strengthen their security posture and defend against ongoing attacks by nation-state hacking groups. The FBI also issued a 'TLP:WHITE' private industry notification in April 2020 regarding the continued targeting of US think tanks by state-backed APT groups since at least 2014, with the end goal of gaining access to and exfiltrating sensitive information.

The FBI is warning US companies about scammers actively abusing auto-forwarding rules on web-based email clients to increase the likelihood of successful Business Email Compromise attacks. BEC scammers used email rules added to the target' web-based email clients to hide their activity while impersonating employees or business partners.

In addition to spoofed domains, state-sponsored actors and cybercriminals are leveraging spoofed email accounts to trick unsuspecting victims into revealing sensitive, personal information. "Adversaries can use spoofed domains and email accounts to disseminate false information; gather valid usernames, passwords, and email addresses; collect personally identifiable information; and spread malware, leading to further compromises and potential financial losses," the FBI warns.

The U.S. Federal Bureau of Investigation is warning the general public of the risks behind recently registered FBI-related domains that spoof some of the federal law enforcement agency's official websites. "The FBI observed unattributed cyber actors registering numerous domains spoofing legitimate FBI websites, indicating the potential for future operational activity."

The U.S. Federal Bureau of Investigation Cyber Division has warned private industry partners of increased Ragnar Locker ransomware activity following a confirmed attack from April 2020. Ragnar Locker actors will manually deploy the ransomware payloads to encrypted the victims' systems after a reconnaissance stage to help them discover network resources, company backups, and various other sensitive files to be collected for data exfiltration.

The FBI and Spokane police are now investigating an incident in which the Gonzaga University Black Student Union was hacked during a Zoom meeting and bombarded with racial and homophobic slurs. The incident occurred last Sunday during a virtual call among members of the Black Student Union.

DHS CISA and the FBI today shared more info on how an Iranian state-sponsored hacking group was able to harvest voter registration info from U.S. state websites, including election sites. The attempts to download voter info from election websites took place between September 29 and October 17, 2020, according to the advisory.

The Federal Bureau of Investigation shared indicators of compromise associated with the Iranian state-sponsored threat group behind last week's Proud Boys voter intimidation emails that targeted Democratic voters. The threatening spoofed emails used the "Vote for Trump or Else" subject and warned voters registered as Democrats that they must vote for President Trump and change their party to Republican unless they want the Proud Boys far-right group to come after them.

Although it's a warning that's tailored for the healthcare sector, the report is nevertheless relevant to all of us, and we can all learn from it. Sure, some of the items in the AA20-302A report are specific to healthcare, such as contact details for cybersecurity bodies in the healthcare sector, and specific advice about security "Hardening" on medical devices, which operate under a special regulatory mechanism.

The FBI warns of a threat against the healthcare sector from Ryuk ransomware, and one that's already affected some hospitals. The healthcare industry continues to be a prime target for ransomware, so much so that the FBI and two other government agencies are now warning this sector of impending attacks using the infamous Ryuk ransomware.