BACKGROUND: In response to today’s Another Nobelium Attack report from Microsoft that threat actors affiliated with Russian intelligence conducted a phishing attack on the US Agency for International Development (USAID) to surveil human rights and other organizations critical of the Russian government, a cybersecurity expert with Gurucul offers perspective.
ISBuzz Team
It has been reported that a prolific phishing campaign is attempting to trick people into believing they’ve subscribed to a movie-streaming service to coerce them into calling a phone number to cancel – where someone will guide them through a procedure that infects their computer with BazaLoader malware. BazaLoader creates a backdoor onto Windows machines that can be used as an initial access vector for delivering additional malware attacks – including ransomware. The notorious Ryuk ransomware is commonly delivered via BazaLoader, meaning a successful compromise by cybercriminals could have extremely damaging consequences.
Klarna has experienced a data privacy incident that it says has affected 90,000 users. Some say they were able to see other users’ private information. Klarna is saying that the incident only compromised “non-sensitive data” as classified by GDPR.
British subscription site OnlyFans is failing to prevent underage users from selling and appearing in explicit videos, a BBC investigation has found. The platform has more than a million “creators” who share video clips, photos, and messages directly with subscribers for a monthly fee. In return for hosting the material, OnlyFans takes a 20% share of all payments.
BACKGROUND: Did Microsoft let the Belgian government down? The entire computer system of the federal home affairs ministry in Belgian was subject to a full, complicated cyber-attack as far back as April 2019, with all fingers pointing to China, according to Belgian daily De Standaard. Unlike many other cyber-attacks, this one was clearly aimed at the collection of information rather than money. The ministry is one of the central links in Belgium’s whole system of government, in charge of the population register, election management, police databases, crisis management and so on.
BACKGROUND: It has been reported that Canada Post has informed 44 of its large business customers that information relating to more than 950,000 customers was compromised after one of its suppliers fell victim to a malware attack late last week. Yesterday, the postal agency announced that Commport Communications, an electronic data interchange solution supplier, had notified them that manifest data held in their systems, which are associated with Canada Post customers, had been “compromised” in an attack on May 19. Commport Communications is used by Canada Post to manage the shipping manifest data of large parcel business customers.
The majority (67%) fear that big tech firms know their location, and 53% have turned off data sharing because they fear big tech companies are spying on them The overwhelming majority (87%) of UK consumers fear big tech firms such as Google and Facebook are listening in to their personal devices because they receive targeted online or social media advertisement, according to a survey of 500 UK consumers conducted by pCloud, Europe’s leading cloud storage and file sharing solution. The poll highlighted how the majority of Brits (51%) do not know how to turn off data sharing. “There is clear…
The UK’s National Crime Agency has published its annual National Strategic Assessment (NSA) of Serious and Organised Crime and it details how the overall threat from cybercrime has increased over the last year, with more severe and high profile attacks against victims. The report notes that ransomware attacks have grown in frequency and impact over the course of the last year, to such an extent they rank alongside other major crimes “causing harm to our citizens and communities on a significant scale”. In response to the report, please see below comments from security experts.
Offices of multiple Japanese agencies were breached via Fujitsu’s “ProjectWEB” information sharing tool. Fujitsu states that attackers gained unauthorized access to projects that used ProjectWEB, and stole some customer data. It is not yet clear if this breach occurred because of a vulnerability exploit, or a targeted supply-chain attack, and an investigation is ongoing.
A massive phishing campaign is distributing what looks like ransomware but is in fact trojan malware that creates a backdoor into Windows systems to steal usernames, passwords and other information from victims. Detailed by cybersecurity researchers at Microsoft, the latest version of the Java-based STRRAT malware is being sent out via a large email campaign, which uses compromised email accounts to distribute messages claiming to be related to payments, alongside an image posing as a PDF attachment that looks like it has information about the supposed transfer.