US Pulls Back Curtain on Russian Cyber Operations

Scott Ferguson • April 16, 2021

While the Biden administration is betting that the latest round of sanctions aimed at Russia and its economy will help deter the country's cyber operations, several U.S. agencies used the sanctions announcement as an opportunity to pull back the curtain on the tactics of Russia's Foreign Intelligence Service.

►

Biometrics

Fraudsters Flooding Collaboration Tools With Malware

Latest

Breach Notification

Attackers Continue to Target UK Universities

Akshaya Asokan • April 17, 2021

The University of Hertfordshire has sustained a cyber incident that severely impacted students' online classes and assignment submission portal. The university, however, notes the incident did not cause data theft

Cybercrime as-a-service

Houston Rockets Investigate Ransomware Attack

Doug Olenick • April 16, 2021

The NBA's Houston Rockets reported on Wednesday that the organization was recently hit with a ransomware attack for which the Babuk cyber gang has taken responsibility. Babuk ransomware is known to be buggy and cannot always be decrypted - even with the proper key.

Breach Notification

ISMG Editors’ Panel: The Facebook Breach and More

Anna Delaney • April 16, 2021

Four editors at Information Security Media Group discuss important cybersecurity issues, including Facebook’s latest data leak and how adversaries continue to innovate and evolve.

3rd Party Risk Management

Attack on Codecov Affects Customers

Doug Olenick • April 16, 2021

Codecov, a company that tests software code prior to release, has notified customers that attackers had access to its network for a month and placed malware in one of its systems, which may have led to the exfiltration of customers' information.

3rd Party Risk Management

Does FBI Exchange Remediation Action Set a Precedent?

Anna Delaney • April 16, 2021

The latest edition of the ISMG Security Report features an analysis of whether the FBI removing malicious web shells from hundreds of compromised Microsoft Exchange Servers could set a precedent. Also featured is a description of an unusual fraud scam plus an update on security product development trends.

Fraud Management & Cybercrime

Ireland’s Privacy Watchdog Launches GDPR Probe of Facebook

Mathew J. Schwartz • April 16, 2021

Ireland's privacy regulator has launched an investigation into Facebook after personal information for 533 million of the social network's users appeared for sale online. It will analyze whether Facebook violated the country's data protection law or the EU's General Data Protection Regulation.

Cryptocurrency Fraud

Lazarus E-Commerce Attackers Also Targeted Cryptocurrency

Mathew J. Schwartz • April 15, 2021

Hackers with apparent ties to North Korea who hit e-commerce shops via Magecart-style attacks to steal payment card data also tested malicious tools for stealing cryptocurrency, reports cybersecurity firm Group-IB. Such functionality could trick customers into paying with cryptocurrency.

COVID-19

Phishing Campaign Targeting COVID Vaccine 'Cold Chain' Expands

Marianne Kolbasuk McGee • April 14, 2021

Cybercriminals, likely backed by nation-states, are expanding global spear-phishing campaigns targeting the COVID-19 vaccine "cold chain" in an attempt to steal credentials so they can gain "privileged insight" into sensitive information, the IBM Security X-Force says in an updated report.

Advanced SOC Operations / CSOC

SOC Automation: The Road Ahead

Suparna Goswami • April 14, 2021

To ensure adequate protection against emerging threat, organizations should automate more functions within their SOCs, says Huzefa Motiwala, director, system engineering, India and SARRC at Palo Alto Networks.

Endpoint Protection Platforms (EPP)

Developing an Effective Incident Response Plan

Suparna Goswami • April 14, 2021

An incidence response plan is worthless unless it's customized to meet an organization's needs and tested on a regular basis, says Mark Goudie, regional director services, APJ, at CrowdStrike.

Governance & Risk Management

FBI Removing Web Shells From Infected Exchange Servers

Jeremy Kirk • April 14, 2021

In an unprecedented action, the FBI is removing web shells from on-premises Microsoft Exchange servers at organizations in at least eight states that were infected in a wave of attacks earlier this year. Security experts offer an analysis of the bold move that the FBI took without notifying the organizations.

Cyberwarfare / Nation-State Attacks

Sweden: Russians Behind Sports Confederation Hack

Akshaya Asokan • April 14, 2021

The Russian state-sponsored group Fancy Bear was responsible for breaches at the Swedish Sports Confederation that resulted in hackers accessing sensitive athlete information, including doping test results, according to the Swedish Prosecution Authority. But Sweden will not pursue legal action in the case.