In the UK’s move to phase out physical immigration documents by 2025, the UK’s Home Office claims the implementation of e-Visas to be not only for convenience and cost safety but also for ‘enhanced security’.
Although not much information is known on the newly implemented e-visa, the UK Home Office claims the e-visa to be securely linked with biometric information for enhanced security measures.
According to a report by Qrator Labs, blocked IP addresses associated with malicious activity increased by 116% in Q3 2023. The increase in blocked IP addresses is credited to threat actors attempting to bypass geo-blocking.
Top top 5 countries originating these blocked IP addresses consist of the United States (5.66 million), China (4.97 million), Germany (1.39 million), Indonesia (1.32 million), and Singapore (1.03 million).
According to Chainalysis, the estimated total value received by ransomware attackers reached $1.1B in 2023.
The Chainalysis report also states that the estimated $1.1B only pertains to ransomware demands collected, and does not account for operational and third-party disruption costs.
Specialists from the Netherlands’ Military Intelligence and Security Service (MIVD) and the General Intelligence and Security Service (AIVD) announced a Chinese nation-state-sponsored malware ‘Coathanger’ and its breach on the Dutch Ministry of Defense (MoD).
The stealthy ‘Coathanger’ malware’s code revealed a remote access trojan (RAT) specifically built to infiltrate Fortinet’s FortiGate firewalls through the ‘CVE-2022-42475’ vulnerability, which resulted in stolen user account credentials from the Dutch MoD’s servers.
CISA and EPA Launch Water Sector Cyber Toolkit Amid the recent string of critical water infrastructure cyber attacks, the Cybersecurity and Infrastructure Security Agency (CISA) and the Environmental Protection Agency (EPA) co-launched a toolkit to fortify the cybersecurity posture of water and wastewater systems in the United States. The water sector cyber toolkit serves as […]
Last year saw exponential growth in the number of organizations impacted by supply-chain attacks, although the increase in the number of organizations targeted has remained slow. According to the 2023 data breach report from the Identity Theft Resource Center (ITRC) the number of organizations impacted has surged by more than 2,600 percent since 2018, affecting over 54 million victims.
“We must acknowledge the significant impact of Supply Chain Attacks and their effect on all organizations. A single supply chain attack can directly or indirectly impact hundreds or thousands of businesses that rely on the same vendor,” warns the ITRC.
While supply chain attacks have been around for many years, the ability to automate and launch the attacks at scale accelerated in 2018. The MOVEit attack last year shows the scope and scale a Supply Chain Attack can have. According to the report, 102 entities were directly impacted by threat actors exploiting a MOVEit product. However, 1,271 organizations were indirectly affected when information stored in or accessed by a MOVEit product or service was compromised via a vendor or vendors.
According to the UK’s National Cyber Security Centre (NCSC), AI-generated malware built to avoid detection could be a serious threat inflicted by nation-state threat actors this year.
The NCSC further stated that based on their investigations, they believe nation-state groups hold repositories of malware large enough to effectively train an AI model to bolster ransomware attack capabilities.
On an analysis published by Trellix security researcher Gurumoorthi Ramanathan, the “NS-STEALER” malware distributed via a hidden ZIP file could lead to captured data automatically displayed on the Discord bot channel “EventListener”.
The hidden malware “NS-STEALER” when deployed onto a user’s system, can automatically collect screenshots, cookies, credentials, autofill data, and system information from web browsers.
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) released a joint cybersecurity advisory (CSA) containing the Indicators of Compromise (IOC) associated with the Androxgh0st malware.
The joint CSA also contained the dangerous Androxgh0st malware tactics, techniques, and procedures associated with the malware’s threat actors. The malware establishes a botnet for victim identification, exploits vulnerable networks, targets the theft of sensitive data, and may lead to remote code execution.
Albania’s Parliament announced it was hit by a cyberattack targeting its data system, resulting in halting the Parliament’s services.
The Albanian Parliament assured that although disrupted, the data was not encrypted by the threat actors and that their services would go back online soon.
Links to Rockstar Games’ ‘GTA V’ source code were posted on a Telegram group, later posted on Discord servers and a dark web site.
The Rockstar Games leak ensued a year after threat actor group, Lapsus$ claimed a cyberattack on the gaming giant. Lapsus$ hacker, Arion Kurtaj is the suspected source of the video game’s code distribution.
A record-high 484 ransomware victims were posted on publicly available sites in November 2023, according to a Corvus Insurance report.
The spike in ransomware victims’ information being leaked reflects a 39.08% increase compared to October 2023 and a staggering 110.43% increase compared to November 2022.
Based on a Netwrix survey, the financial sector in 2023 experienced the most cyberattacks among any other sector in 2023.
Surveying 1,610 IT and security professionals from more than 100 countries, the survey also revealed phishing and malware to be the most common attacks across all sectors.
Kyivstar, Ukraine’s largest telecom provider announced it was hit by a devastating cyberattack, disrupting internet access for over 26 million users.
Kyivstar’s parent company, VEON Ltd confirmed the devastating cyberattack, claiming it to be “one of the largest cyberattacks in the history of the global telecom market.”
Researchers from the International Institute of Information Technology (IIIT) presented a new attack named ‘AutoSpill’ that enables attackers to steal account credentials on Android devices via an autofill operation, during the Black Hat Europe security conference.
IIIT researchers pinpointed WebView, the Android feature used to open external links through an internal browser view as the starting point of the security flaw, leaving autofilled usernames and passwords vulnerable.
The Department of Justice announced that the Russian national behind the malware tool Trickbot, used to launch ransomware attacks on American hospitals, pleaded guilty to his role in the malware tool’s development.
Trickbot was used to facilitate ransomware attacks on a string of American hospitals and health systems, disrupting care delivery and risking patient safety.
General Electric (GE) recognized the data theft from threat actor IntelBroker pertaining to a project involving the Defence Advanced Research Projects Agency, sparking national security concerns.
The GE Spokesperson commented on the data theft, saying they are thoroughly investigating the claims, will work on further protecting the integrity of their security systems, and that business operations will not be affected.
The verdict on artificial intelligence (AI) from the real experts is finally in; professional cybercriminal fraternities have judged AI to be “overrated, overhyped and redundant,” according to fresh research from cybersecurity firm Sophos.
It has, hitherto, been accepted wisdom in the cybersecurity industry that cybercriminals, free from any regulatory authority or moral scruples, were among the first to harness the awesome power of AI to create bespoke and virtually unstoppable malware. However, having infiltrated the Dark Web forums where top professional cybercriminals discuss their trade, Sophos reports that the cybercrime sector has thoroughly tested the capabilities of AI and found it wanting.
The UK’s National Cyber Security Center (NCSC), in partnership with the US’s Cybersecurity and Infrastructure Security Agency (CISA) launched the ‘Guidelines for Secure AI System Development’.
The guidelines are set to secure AI system development, to help developers make informed cybersecurity decisions at every step of the AI development process. These AI guidelines were also co-signed in cooperation with 21 other international agencies and ministries from across the world.
Europol released a statement directed to European law enforcement agencies to prepare for the impact quantum computing will have on the cybersecurity ecosystem.
This warning is based on Europol’s latest report, “The Second Quantum Revolution: The Impact of Quantum Computing and Quantum Technologies on Law Enforcement” which dives into the threats and opportunities of quantum computing to threat actors.
The Federal Bureau of Investigation (FBI) warns that cybercriminals and online blackmailers are targeting plastic surgeons to harvest electronically protected health information (ePHI) on their patients. Personal ePHI includes sensitive information and photographs, enabling the cybercriminals to extort money from the patients themselves as well as from plastic surgery practices, something that could prove lucrative to blackmailers targeting wealthy celebrities who are in the public eye.
Terrorist group Hamas, which was responsible for the recent atrocities committed in Israel, is reported to be using the smartphones of dead and captured Israeli hostages as entry points to monitor Israeli citizens in preparation for forthcoming cyber-strikes on Israel.
A stealthy malware known as SpyNote has made headlines because of its ability to steal data, record calls and access the cameras of devices it has infected.
The malware disguises itself as a phone operating system update, fooling targeted victims into allowing it access privileges
Reports show that phishing and malware attacks have spiked by 173% and 110% respectively in the third quarter of this year, compared with the second quarter of the year.
A staggering 493.2 million phishing attacks and 125.7 million malware attacks were logged during this period.
Discord continues to be used by threat actors to launch malware attacks. Researchers have warned the online platform continues to be used to distribute malware and exfiltrate data.
Three ways threat actors have been using Discord include stealing passwords, abusing webhooks, and stealing passwords.
The Q3-2023 Ransomware Report of cyber threat intelligence company Cyble has shown that ransomware attacks have doubled over the past year.
The reports also show the healthcare sector to be the most targeted in these attacks, and the US as being the most targeted area.
Google has warned users of Android devices to take specific precautionary measures to prevent malware infection. This warning comes after a reported increase in malware aimed at stealing information and money.
Precautionary measures advised by the service provider include turning on Google Play Protect, updating software, and removing untrusted apps.
State security in Pennsylvania, US has warned against a new hacker scam targeting senior citizens, called Phantom Hacker.
The scam artists attempt to convince senior citizens that their accounts holding financial details have been hacked. They then suggest transferring money into an ‘alias’ account under the guise of being federal agency officials.
The LockBit ransomware gang has threatened to release data stolen from CDW Corp, a major IT reseller and services provider in the US, UK, and Canada after discussions over the ransom fee for the data commenced.
The notorious ransomware gang demanded $80 million, with CDW offering just $1.1 million as their ransom counteroffer.
Ancestry site 23andMe with nearly 1M users has acknowledged a hacker leak, with hackers listing stolen data relating to family genetics online for sale.
The hackers seemed to have targeted users of Ashkenazi Jewish heritage. The data includes the last name, sex, and 23andMe’s evaluation of where their ancestors came from. This is now being investigated, to find out who the threat actors are, along with the motive of the attack.
In response to the increasingly hostile cyber environment, Google will tighten bulk email sending regulations next year.
Reports say that the server plans to send new email sender guidelines in February, which will require senders of bulk email to authenticate their emails and adhere to stricter spam regulations.
A new malware threat, identified as BunnyLoader, is being sold in the cyber underground market.
This Malware-as-a-Service (MaaS) threat has various capabilities, including stealing browser credentials, and system information as well as executing a second-stage payload.
Crypto firms have been warned about the new Lazarus malware payload, called ‘LightlessCan’, which easily evades detection. The malware variant has since been used in fake job scams.
The ‘LightlessCan’ malware was discovered on 29 September, while researchers were investigating a fake employment scam attack leveled against a Spanish aerospace firm.
Chinese hacker group Budworm has been using cyber-espionage malware to target a telecommunications company in the Middle East and an Asian government organization.
Reports say attacks have been orchestrated through a new variant of the group’s SysUpdate backdoor malware, and that telecommunication companies have become a common target for hacking groups.
Travel itineraries and diplomatic deliberations were among the data within seized emails in a recent hacker breach of the US State Department systems. As many as 60,000 emails were compromised in the attack.
Allegedly, this attack had been done by threat actors linked with the Chinese government and reports say the incident is likely to raise concerns on Capitol Hill concerning the ramped-up efforts by Chinese hackers.
The Lazarus group is using two new remote access trojans to target health systems’ ManageEngine vulnerabilities.
The group recently made headlines after targeting healthcare entities in Europe and the US and has since evolved its malware to exploit the CVE-2022047966 vulnerability in the ManageEngine setup, allowing for remote code execution.
Its new RAT variants, QuiteRAT and CollectionRAT, allow for the attacker to run arbitrary commands, among other capabilities.
Singaporean police have warned Android phone users of a new malware variant that is capable of resetting Android phones to factory settings. Reports say that more than $7.3 million has been lost through threat actors using the malware variant. The malicious code is hidden in social media posts, advertising the sale of different items. It is then downloaded when the applicant clicks on the link to make a payment.
US corporations lose an average of 4.3 percent of their online revenues to malicious ‘bots,’ malware designed to resemble human communications. Malware attacks of this nature accounts for an average annual loss of $86.5 million a year for corporations with average annual online revenues of $1.9 billion, according to a new report from cybersecurity firm Netacea, “Death by a Billion Bots: The Accumulating Business Cost of Malicious Automation”.
It seems that no one and no business is immune to hacker activity. Recent reports say that Pizza Hut Australia has again been the victim of threat actors a year after its newsmaking Optus cyber attack.
Reports allege customers’ data has been compromised by the incident, which occurred in early September, with the fast food outlet having contacted clients to notify them of the data breach.
admin
