Microsoft Takes Down Russia’s Strontium Allies Attacking Ukraine
Need additional evidence that private organizations are playing a defining role in curbing and preventing nation-state cyberattacks? Just look at the actions Microsoft recently took to disrupt Russian GRU-connected Strontium’s attacks on Ukrainian targets. Tom Burt, Microsoft corporate vice president of customer service, wrote in a blog post that the ... Read More
Borat RAT: Funny Name, Serious Threat
It may be named after a popular, irreverent mockumentary, but the new Borat remote access trojan (RAT), a malware strain recently spotted in the wild, is a serious threat to organizations. The versatile Borat, now available on the darknet, not only deploys ransomware but features DDoS attacks and UAC bypass ... Read More
Another Log4Shell? Not Quite-But Spring4Shell is Serious
As more details emerge on a Spring4Shell, a recently discovered remote code execution (RCE) flaw affecting Spring Framework, security researchers are urging affected users to immediately implement a patch issued by Spring. Spring’s popularity among Java frameworks rivals that of Struts, Sonatype Field CTO Ikka Turunen said, and the vulnerability ... Read More
Anonymous Claimed Data Leak to Force Nestlé Out of Russia
Multinational companies around the world voluntarily pulled their business out of Russia after president Vladimir Putin launched an unprovoked invasion of Ukraine, but the hacker group Anonymous is determined to give any stragglers a nudge. The hacktivist group recently leaked data, emails and passwords of food giant Nestlé’s customers and ... Read More
Teen Mastermind Behind Lapsus$ Ransomware Attacks
Just when it looked like a tired hacker stereotype was fading, it seems that a teenager orchestrated Lapsus$ attacks against high-profile targets like Microsoft and Nvidia—all from the comfort of the home he shares with his mother in Oxford, England. Security researchers hunting the Lapsus$ ransomware gang told Bloomberg they ... Read More
LokiLocker Ransomware Poised to Proliferate
LokiLocker, a new ransomware family discovered by BlackBerry, is distinguishing itself by threatening to overwrite the Master Boot Record (MBR) of a victim’s system, leading to the wiping of all files. That, of course, leaves the infected machine unusable, BlackBerry said of the ransomware-as-a-service (RaaS). But there’s a twist—or two ... Read More
RagnarLocker Targets Critical Infrastructure, Sidestepping Security
Threat actors have pressed RagnarLocker into action to target critical infrastructure (CI)—with the FBI identifying at least 52 entities across 10 CI sectors, including manufacturing, energy and government, since January. The agency warned in an alert that “RagnarLocker ransomware actors work as part of a ransomware family, frequently changing obfuscation ... Read More
IsaacWiper Followed HermeticWiper Attack on Ukraine Orgs
In the hours before Russia invaded Ukraine, a destructive malware campaign used HermeticWiper to attack several Ukrainian organizations and, just a day after the invasion began, another wiper, dubbed IsaacWiper by ESET, was pressed into service against a Ukraine government network. The attackers were not finished, though; perhaps because they ... Read More
Cybercriminals Have yet to Exploit Russia-Ukraine Tensions
Financially motivated actors appear to have stayed out of the Russia-Ukraine tensions—so far. Those actors “have yet to show their inclination to leverage the conflict for personal gain,” according to researchers at Intel471 who have been monitoring how the current conflict between the two countries is affecting the cybercriminal underground ... Read More
Ice Phishing Takes Advantage of Tectonic Shift to Web3
The Badger DAO attack last November and December—during which an attacker stole about $121 million from users—is a good example of “ice phishing” on the blockchain. If that term conjures up images of plaid and puffy coat-clad folks huddled around a hole atop a frozen Minnesota lake, well, that image ... Read More