Latest

Cyberwarfare / Nation-State Attacks

Researchers Find More Servers Tied to Russian-Linked Attacks

Scott Ferguson  •  July 30, 2021

Researchers at the security firm RiskIQ have uncovered about 35 active command-and-control servers connected with an ongoing malware campaign that has been linked to a Russian-speaking attack group known as APT29 or Cozy Bear.

Governance & Risk Management

Patching Woes: Most Frequently Exploited CVEs Listed

Dan Gunderman  •  July 30, 2021

A joint cybersecurity advisory issued by several agencies this week highlighting the ongoing exploits of longstanding software vulnerabilities illustrates the woeful state of patch management, security experts say.

Business Continuity Management / Disaster Recovery

Ransomware Changes: DoppelPaymer Rebrands; Babuk Evolves

Mathew J. Schwartz  •  July 30, 2021

The ransomware landscape changes constantly as groups disappear, change approaches or rebrand. The DoppelPaymer operation, for example, appears to have reinvented itself as Grief, while the administrator of Babuk has launched a ransomware-friendly cybercrime forum called RAMP.

►

Fraud Management & Cybercrime

ISMG Editors’ Panel: Ransomware Update

Anna Delaney  •  July 30, 2021

In the latest weekly update, three editors at Information Security Media Group discuss important cybersecurity issues, including the latest ransomware trends, plus an update on NIST's "zero trust" initiative.

Critical Infrastructure Security

Wiper Malware Used in Attack Against Iran's Train System

Jeremy Kirk  •  July 30, 2021

Nearly three weeks ago, Iran's state railway company was hit with a cyberattack that was disruptive and - somewhat unusually - also playful. Security firm SentinelOne says analyzing the wiper malware involved offers tantalizing clues about the attackers' skills, but no clear attribution.

Critical Infrastructure Security

Analysis: Keeping Track of Ransomware Gangs

Anna Delaney  •  July 30, 2021

The latest edition of the ISMG Security Report features an analysis of the disappearance of ransomware-as-a-service groups, such as REvil and Darkside, and how that impacts the wider cybercrime ecosystem. Also featured: ransomware recovery tips; regulating cyber surveillance tools.

Fraud Management & Cybercrime

9 Ransomware Enablers - And Tactics for Combating Them

Mathew J. Schwartz  •  July 29, 2021

Ransomware operations continue to thrive thanks to a vibrant cybercrime-as-a-service ecosystem designed to support all manner of online attacks. Given that attackers first need remote access to victims' systems, robust patch management and remote desktop protocol security remain obvious must-have defenses.

Cyberwarfare / Nation-State Attacks

Israeli Government Visits NSO Group Amid Spyware Claims

Jeremy Kirk  •  July 29, 2021

The Israeli government paid a visit on Wednesday to NSO Group, the company whose spyware is alleged to have been covertly installed on the mobile devices of journalists and activists. The visit comes as Israel faces growing pressure to see if NSO Group's spyware, called Pegasus, has been misused.

Critical Infrastructure Security

BlackMatter Ransomware Claims to Be Best of REvil, DarkSide

Mathew J. Schwartz  •  July 28, 2021

A new ransomware group called BlackMatter has debuted, claiming to offer the best features of REvil and DarkSide - both apparently defunct - as well as LockBit. A new attack using REvil's code has also been spotted, but a security expert says it's likely the work of a former affiliate.

Business Continuity Management / Disaster Recovery

Measuring Success of 'No More Ransom' Project

Rashmi Ramesh  •  July 28, 2021

Europol says the "No More Ransom" project, a portal launched five years ago, so far has helped more than 6 million ransomware victims worldwide recover their files for free so they could avoid paying almost 1 billion euros ($1.2 billion) in ransoms.

Cyberwarfare / Nation-State Attacks

Pegasus Spyware: World Leaders Demand Israeli Probe

Mathew J. Schwartz  •  July 27, 2021

Calls are growing for an investigation into how commercial Pegasus spyware developed by Israel's NSO Group gets sold to autocratic governments and used to target journalists, lawyers, human rights advocates and others, with some lawmakers saying "the hacking-for-hire industry must be brought under control."

Governance & Risk Management

M&A Update: Deloitte and Sophos Make Acquisitions

Doug Olenick  •  July 27, 2021

Brisk M&A activity in the cybersecurity sector continues. Among the latest moves: Deloitte and Sophos each have announced two acquisitions.