IcedID Banking Trojan: Expert Perspective

Cybersecurity expert provide an insight below on IcedID banking trojan and why it is an interesting malware. Experts Comments August 17, 2020 Chloé Messdaghi + Follow Me – UnFollow Me VP of Strategy Point3 Security IcedID is a particularly interesting malware in that it first checks to see if a victim is working in a […]

Five Factors That Form How Security Awareness Training Programs Are Developing

Among the wide range of reasons that cause cybersecurity incidents, inappropriate use of IT resources by employees remains a challenge for businesses. In 2019, half (52% enterprise, 50% SMBs) of companies faced a data breach because of this, as revealed in a Kaspersky survey of IT decision makers. Quite surprisingly, companies experienced this almost as often as their […]

Cyber Expert On Amazon Alexa Security Flaw

Cybersecurity expert provide an insight on the the news that a flaw in Amazon’s Alexa smart home devices could have allowed hackers access personal information and conversation history. More Information on the News: Experts Comments August 17, 2020 Phillip Hay + Follow Me – UnFollow Me Head of Threat Intelligence Analysis Mimecast As IoT smart […]

CEO Comment On NCSC Report On Celebrity-backed Investment Scams

Bank of Ireland and DHL scams detected

The NCSC announcement that in just four months, it has removed over 300,000 URLs linking to investment scams with fake celebrity endorsements. Experts Comments August 17, 2020 Jeremy Hendy + Follow Me – UnFollow Me CEO Skurio Consumer facing businesses have a duty to understand if their customers are being targeted by typo squatters by […]

Experts comments on Ritz hotel targeted by scammers

Scammers are tricking the world’s most famous hotels customer to give up their credit card details. Ritz London posted several tweets on the discovery of an apparent breach of its food and beverage reservation system that “may have compromised some of our clients’ personal data,” and are now investigating the matter. The cybersecurity experts commented […]

Securonix Threat Research: Detecting WastedLocker Ransomware

The Securonix Threat Research Team is actively investigating the details of the critical targeted Wastedlocker ransomware attacks that has reportedly already exploited more than 31 companies, with 8 of the victims being Fortune 500 companies. Here are the key details regarding the impact of the high-profile WastedLocker ransomware attacks/EviICorp malicious cyber threat actor(s)(MTA) involved: The WastedLocker ransomware is a relatively new malicious payload used by the high-profile EvilCorp MTA, which previously used the Dridex trojan to deploy BitPaymer ransomware in attacks targeting government organisations and enterprises in Europe and the United States. This MTA currently focuses on targeted °big game hunting” (BGH) ransomware attacks with multiple industry victims in recent months, with Garmin as one of the latest high-profile victims attacked (officially confirmed by Garmin on July 27).  The most recent ransom amount demanded was $10 million, and appears to be based on the victim’s financial data. Based on the available details, the ransom was likely paid. To date, this MTA appears to have been using a mono-extortion scheme (data encryption only, with no or minimal data leakage) vs. other MTAs who use the threat of leaking a victim’s data as part of a double-extortion scheme (e.g. Netwalker, Maze, and others).  Following the initial compromise, one of the early steps commonly taken by the malicious operators observed is to perform internal discovery and disable security/AV vendor tools such as Cisco AMP and/or Windows Defender. Here are some of the Securonix recommendations to help prevent and/or mitigate the attack: Review your backup version retention policies and make sure that your backups are stored in a location that cannot be accessed/encrypted by operator placed targeted ransomware, (e.g. consider remote write-only backup locations). Implement an end user security training program, since end users are ransomware targets. It is important for them to be aware of the threat of ransomware and how it occurs. Patch operating systems, software, and firmware on your infrastructure. Consider leveraging a centralised patch management system. Maintain regular air-gapped backups of critical corporate/infrastructure data. Implement security monitoring, particularly for high-value targets (HVT) in your environments, to detect possible malicious ransomware […]