Author: Josh Breaker-rolfe

The US Federal Bureau of Investigation (FBI) has issued a warning regarding the BlackCat ransonware-as-a-service (RaaS).

The ransomware is reported to have hit at least 60 entities globally since its emergence in November of last year to March 2022.

Also known as ALPHV and Noberus, BlackCat is notable for being the first malware ever written in the Rust programming language. The language is known for being memory safe and offering improved performance.

“Many of the developers and money launderers for BlackCat/ALPHV are linked to DarkSide/BlackMatter, indicating they have extensive networks and experience with ransomware operations,” the FBI said in an advisory issued last week.

 

The post FBI sounds alarm on BlackCat ransomware appeared first on IT Security Guru.

An expert at the United Nations has called for an increased focus on North Korean cyber activity, as they believe it is being used to fund the country’s banned nuclear weapons program.

Eric Penton-Voak, a co-ordinator of the the UN group tasked with monitoring the enforcement of sanctions on North Korea made the statement on Wednesday.

North Korea is currently operating under most stringent UN sanctions ever imposed on the country. Penton-Voak said that despite this North Korea has actually accelerated its missile testing, even testing an intercontinental ballistic missile (ICBM) for the first time since 2017.

Penton-Voak recently spoke at a discussion hosted by Washington’s Centre for a New American Security think tank, arguing that cyber activity is now “absolutely fundamental” to North Korea’s ability to evade UN sanctions and generate funding for its nuclear and missile programs.

“We rely on UN member states to inform us about breaches in order to investigate. But many, many member states are quite cautious about their own cyber capabilities,” he said.

“Victims for their part are often very reluctant to discuss how hacks happened and how extensive they were … I do hope and expect that our reports in the future will rather better reflect the central importance of cyber-enabled financial crime to (North Korea),”  he continued.

The post North Korea funding nuclear program with cyber campaigns appeared first on IT Security Guru.

The Five-Eyes joint advisory board has warned that Russia is considering cyber attacks on Western nations as part of its war in Ukraine.

Five-Eyes agencies have said several Russian government and military organisations, including the Federal Security Service (FSB), the Foreign Intelligence Service (SVR) and the General Staff Main Intelligence Directorate (GRU), have conducted malicious cyber operations against information and operational technology networks.

It’s believed that multiple advanced persistent threat (APT) actors operating out of Russia are targeting government, critical national infrastructure, military and private sector organisations, alongside cybersecurity companies and journalists.

 

The post Five-Eyes issues Russian cyberattack warning appeared first on IT Security Guru.

New research from Comparitech has revealed that UK government employees received 2.4 billion malicious emails in 2021. This equates to around 2400 emails per employee, per year.

The tech research firm acquired this information through Freedom of Information Requests.

Perhaps more concerning, it’s estimated that employees across 260 organisations clicked 57,000 suspicious links over 2021.

Assessed by employee, NHS Digital recorded by far the highest number of malicious emails in 2021 (89,353), followed by the government of Northern Ireland (34,561) and the Financial Reporting Council (25,992).

Paul Bischoff, Privacy Advocate at Comparitech and the author of the study, added:

“Seventy-one government departments were also happy to report that they hadn’t suffered a ransomware attack in 2021 (the remainder – 187 – didn’t disclose whether they had or not). Only two government organizations revealed that they had suffered a successful ransomware attack in 2021.”

The post UK government staff hit with billions of malicious emails in 2021 appeared first on IT Security Guru.

Research carried out by Check Point Research (CPR) has revealed that LinkedIn is the most impersonated brand for phishing attacks.

In its 2022 Q1 Brand Phishing Report, CPR revealed that phishing attacks impersonating LinkedIn made up 52% of all attempts globally in the first quarter of 2022. This is a 44% increase when compared to Q4 2021, during which LinkedIn was the fifth most impersonated brand.

ollowing LinkedIn, the most frequently impersonated brands in phishing attacks were DHL (14%), Google (7%), Microsoft (6%), FedEx (6%), WhatsApp (4%), Amazon (2%), Maersk (1%), AliExpress (0.8%) and Apple (0.8%).

CPR has said that the findings reflect a trend in social engineering threats shifting away from shipping companies and tech giants toward social media networls.

LinkedIn has become by far the most impersonated brand for phishing attacks, according to new research by Check Point Research (CPR).

The cybersecurity vendor’s 2022 Q1 Brand Phishing Report revealed that phishing attacks impersonating the professional social networking site made up over half (52%) of all attempts globally in the first quarter of 2022. This represents a 44% increase compared to the previous quarter, Q4 2021, when LinkedIn was the fifth most impersonated brand.

CPR said the findings reflected an emerging trend of social engineering scams shifting away from shipping companies and tech giants toward social media networks. In Q1 2022, social networks were the most targeted category, followed by shipping.

Omer Dembinsky, data research group manager at Check Point Software, said: “These phishing attempts are attacks of opportunity, plain and simple. Criminal groups orchestrate these phishing attempts on a grand scale, with a view to getting as many people to part with their personal data as possible. Some attacks will attempt to gain leverage over individuals or steal their information, such as those we’re seeing with LinkedIn. Others will be attempts to deploy malware on company networks, such as the fake emails containing spoof carrier documents that we’re seeing with the likes of Maersk.

The post LinkedIn the most impersonated brand for phishing attacks appeared first on IT Security Guru.

The US Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation and the Treasury Department have all warned of new, ongoing attacks targeting blockchain companies, carried out by the Lazarus Group.

The activity cluster has been dubbed TraderTraitor, involving the North Korean state-sponsored advanced persistent threat (APT) actor striking entities operating in the Web 3.0 industry since at least 2020.

Lazarus Group typically targets cryptocurrency exchanges, decentralised finance (DeFi) protocols, play-to-earn cryptocurrency video games, cryptocurrency trading companies, venture capital funds investing in cryptocurrency and even individual holders of large amounts of cryptocurrency or valuable NFTs.

 

The post Blockchain companies warned of North Korean hackers appeared first on IT Security Guru.

The UK Prime Minister’s Office has been targeted by Pegasus spyware over the past two years.

Citizen Lab, a Canadian non-profit, has been tracking the use of the spyware, produced by Israel’s NSO group, in recent years.

NSO Group is being sued by WhatsApp and Apple as their customers were targeted by the covert malware. It also emerged last year that the iPhones of nine US State Department officials were compromised by the spyware.

Citizen Lab revealed yesterday that in 2020 and 2021 it was forced to notify the UK government after identifying “multiple suspected instances of Pegasus spyware infections within official UK networks.”

Citizen Lab director, Ron Deibert has said:

“Given that a UK-based lawyer involved in a lawsuit against NSO Group was hacked with Pegasus in 2019, we felt compelled to ensure that the UK government was aware of the ongoing spyware threat, and took appropriate action to mitigate it.”

The post Researchers say Pegasus spyware targeted UK PM appeared first on IT Security Guru.

A global consortium of cybersecurity companies have collaborated with Microsoft to disrupt the Zloader botnet.

The operation succeeded in seizing control of 65 domains used to control and communicate with infected hosts.

“ZLoader is made up of computing devices in businesses, hospitals, schools, and homes around the world and is run by a global internet-based organized crime gang operating malware as a service that is designed to steal and extort money,” Amy Hogan-Burney, general manager of Microsoft’s Digital Crimes Unit (DCU), said.

Microsoft has said that the operation was carried out in partnership with ESET, Lumen’s Black Lotus Labs, Palo Alto Networks Unit 42, Avast, Financial Services Information Sharing and Analysis Center (FS-ISAC) and Health Information Sharing and Analysis Center (H-ISAC).

The seized domains are now redirected to a sinkhole, effectively preventing the botnet’s operators from contacting compromised devices.

 

 

The post Microsoft disrupts ZLoader Cybercrime Botnet appeared first on IT Security Guru.

The post Wind turbine giant hacked appeared first on IT Security Guru.

Authorities in Pinellas Park, Florida have arrested 27-year old Aaron Daniel Motta after he allegedly stole a client’s Trezor hardware wallet and its password while providing security assistance.

Motta is a “certified ethical hacker”, and has been charged with grand theft and other computer offenses.

The accused is currently self employed and owns Motta Management and Mitigation Services, alongside actively participating in Apple’s bug bounty program.

Motta was taken to Pinellas County Jail on April 8th, but was released the following Saturday after paying a $60,000 bail.

The post 600k worth of crypto stolen by ethical hacker appeared first on IT Security Guru.