News broke this morning that a new variant of the BTCware ransomware is currently targeting victims and appending the .[email]-id-id.payday extension to encrypted files. This family of ransomware targets its victims by hacking into poorly protected remote desktop services and manually installing the ransomware. Marco Cova, Senior Security Researcher at Lastline commented below. Marco Cova, Senior Security Researcher at Lastline: “This is yet another entry for the ever-expanding ransomware zoo. The sample itself does not appear too interesting in itself: for example, it requires manual interaction via email with the attackers to decrypt files and it requests payment in bitcoin, just like a score of similar tools. What is…
ISBuzz Team
The chances are your organisation is adopting cloud computing in one way or another. Moving to the cloud can help you accelerate IT delivery, realize immediate productivity and financial efficiencies, and ultimately, drive business agility. But it can also open up the attack surface, leaving the entire organisation exposed to security threats. The adoption of cloud services is continuing its rapid upward trend, and the market is expected to rise 18 per cent this year to $246.8 billion. Networks are becoming more and more complex as the modern IT infrastructure adopts private and public cloud platforms to make better use of an…
It has been reported that the Australian Signals Directorate (ASD) was alerted by a “partner organisation” that an attacker had gained access to the network of a 50-person aerospace engineering firm that subcontracts to the Department of Defence. The attack was said to have happened in November 2016. Javvad Malik, Security Advocate at AlienVault commented below. Javvad Malik, Security Advocate at AlienVault: “This incident highlights fundamental security errors. Leaving internet-facing devices exposed with default credentials is a guaranteed way to be compromised quickly. Furthermore, the lack of any threat detection capabilities missed the attack coming in and exfiltrating a large amount of data.…
ESET researchers have discovered DoubleLocker, an innovative Android malware that combines a cunning infection mechanism with two powerful tools for extorting money from its victims. “DoubleLocker misuses Android accessibility services, which is a popular trick among cybercriminals. Its payload can change the device’s PIN, preventing the victim from accessing their device and encrypts the victim’s data. Such a combination hasn’t been seen yet in the Android ecosystem,” comments Lukas Stefanko, ESET Malware Researcher who discovered DoubleLocker. On top of being ransomware, DoubleLocker is based on the foundations of a particular, already documented banking Trojan. According to Stefanko, the functionality for harvesting users’ banking…
Speaking at CyberSec European Cybersecurity Forum in Krakow, Joel Brenner, senior research fellow at the Massachusetts Institute of Technology (MIT) spoke out, saying an effective attack on critical sectors such as energy, communications, finance and transport, which rely on industrial control systems (ICS), could have potentially shattering human and economic effects across all sectors. His top recommendation is that key ICS controls must be isolated from public networks if they are to be made reasonably secure. Justin Coker, Vice President at Skybox Security commented below. Justin Coker, Vice President at Skybox Security: “From a technology perspective, these networks are especially…
It has been reported that a new phishing scam targeting users of the popular streaming app has been spotted by security experts. The cybercriminals behind the campaign are targeting users’ personal as well as business emails, in hopes of harvesting their personal and corporate credentials. The phishing campaign also tricks users into divulging their credit card data, which can then be used by the scammers to steal money. The stolen credentials can be used by the cybercriminals to access other accounts, in case victims have reused passwords. The stolen data could also likely end up for sale on the dark…
It has been revealed that the number of financial scams have doubled in the past year on social media to almost 450,000. Javvad Malik, Security Advocate at AlienVault commented below. Javvad Malik, Security Advocate at AlienVault: “Social media is a low-cost and high impact medium for scammers. There is a huge audience to be targeted, so it is not surprising to see more and more scammers take advantage of this to push the fraudulent wares. Even if a small number of people fall victim, it is usually enough to provide a return on investment to the criminals. People should always remain…
Earlier this week, FireEye reported that it has detected and stopped spear phishing emails sent in September to U.S. electric companies by known cyber threat actors likely affiliated with the North Korean government. Moreno Carullo, Co-Founder & Chief Technical Officer at Nozomi Networks commented below. Moreno Carullo, Co-Founder & Chief Technical Officer at Nozomi Networks: “Reports of cyber threat actors targeting US electric companies with a spear phishing campaign are an indicator of a sinister development in cyber warfare. Rather than causing immediate disruption or liberating data, these criminal groups are able to demonstrate great skill, focus and determination during this intelligence…
Check Point’s latest Global Threat Impact Index reveals a major Locky campaign in September, making the ransomware the world’s second most-used malware. Check Point has revealed a massive increase in worldwide Locky attacks during September, with the ransomware impacting 11.5% of organizations globally, according to the company’s latest Global Threat Impact Index. Locky has not appeared in the company’s top ten ‘most wanted’ malware ranking since November 2016, but the ransomware rose sharply to second place in September, powered by the Necurs botnet, which in itself was ranked at number ten in the table. These attacks propelled Locky up 25…
According to Kaspersky’s Global IT Security Risks Survey 2017, DDoS attacks have increased in frequency in 2017, with 33 per cent of organisations having faced one this year compared to just 17 per cent in 2016. While DDoS attacks have been previously used to disable the operations of a target, the driving motivation to use it now is the theft of corporate data. Stephanie Weagle, VP at Corero Network Security commented below. Stephanie Weagle, VP at Corero Network Security: “Kaspersky’s research emphasises how any organisation, regardless of its size, type or location, can be seriously impacted by denial of service attacks. The…
