BlackMatter ransom note (Source: Bleeping Computer)

Secrets and Lies: The Games Ransomware Attackers Play

Mathew J. Schwartz • August 5, 2021

A seemingly nonstop number of ransomware-wielding attackers have been granting tell-all media interviews. One perhaps inadvertent takeaway from these interviews is the extent to which - surprise - so many criminals use lies in an attempt to compel more victims to pay a ransom.

►

Cybercrime

Kaseya Obtains Decryption Tool After REvil Ransomware Hit

Latest

Cyberwarfare / Nation-State Attacks

Chinese APT Groups Targeted Asian Telecoms

Dan Gunderman • August 3, 2021

Chinese APT groups compromised networks of telecom providers across Southeast Asia in an effort to harvest customers' sensitive communications, according to Cybereason. As in other Chinese cyberattacks, these APT campaigns exploited flaws in Microsoft Exchange servers.

Fraud Management & Cybercrime

Global Incident Response: The Rise of Integrity Attacks

Tom Field • August 3, 2021

Tom Kellermann calls it a new "Twilight Zone" - an era in which cybersecurity adversaries can unleash destructive attacks that manipulate time, data, audio and video. The cybersecurity strategist shares insights and analysis from his latest Global Incident Response Threat Report.

Fraud Management & Cybercrime

Ransomware Actors Set Up a Call Center to Lure Victims

Jeremy Kirk • August 3, 2021

Ransomware actors have taken a page from the playbooks of tech support scammers of yore by guiding victims to download malware through persuasion over the phone. Microsoft says the technique is more dangerous than it first realized.

Fraud Management & Cybercrime

Phishing Campaign Uses Live Chat, Leverages PayPal Brand

Prajeet Nair • August 3, 2021

In a new phishing scam that leverages the PayPal brand, attackers are using automated scripts and live chat as a way of compromising devices and bypassing secure email gateways.

Fraud Management & Cybercrime

Ransomware Attackers Eying 'Pure Data-Leakage Model'

Mathew J. Schwartz • August 2, 2021

A funny thing happened on the way to the nonstop ransomware payday: Some groups hit the wrong targets - Ireland's health system, a major U.S. fuel pipeline - resulting in the U.S. moving to much more aggressively disrupt their business model, says Bob McArdle, director of cybercrime research at Trend Micro.

Cybercrime

FatalRAT Exploits Telegram to Deliver Malicious Links

Prajeet Nair • August 2, 2021

A remote access Trojan is being distributed via download links for software or media articles on Telegram channels, according to researchers at AT&T Alien Labs.

ATM / POS Fraud

Polish Police Arrest Two Belarusians for ATM Hacking

Prajeet Nair • August 2, 2021

Coordinated police operations across seven European countries resulted in the arrest of two Belarusian hackers by Polish authorities for allegedly committing black box attacks against ATMs. Such attacks cause an ATM cash dispenser to dispense cash on demand.

Fraud Management & Cybercrime

BlackMatter Ransomware Appears to Be Spawn of DarkSide

Mathew J. Schwartz • August 2, 2021

The new BlackMatter ransomware operation claimed to have incorporated "the best features of DarkSide, REvil and LockBit." Now, a security expert who obtained a BlackMatter decryptor reports that code similarities suggest "that we are dealing with a Darkside rebrand here."

Account Takeover Fraud

Researchers Uncover New Android Banking Malware

Akshaya Asokan • July 31, 2021

A newly uncovered banking Trojan dubbed Vultur is targeting Android users through screen recording to capture the victims' banking credentials, a new report by security firm ThreatFabric says.

Cyberwarfare / Nation-State Attacks

Researchers Find More Servers Tied to Russian-Linked Attacks

Scott Ferguson • July 30, 2021

Researchers at the security firm RiskIQ have uncovered about 35 active command-and-control servers connected with an ongoing malware campaign that has been linked to a Russian-speaking attack group known as APT29 or Cozy Bear.

Governance & Risk Management

Patching Woes: Most Frequently Exploited CVEs Listed

Dan Gunderman • July 30, 2021

A joint cybersecurity advisory issued by several agencies this week highlighting the ongoing exploits of longstanding software vulnerabilities illustrates the woeful state of patch management, security experts say.

Fraud Management & Cybercrime

ISMG Editors’ Panel: Ransomware Update

Anna Delaney • July 30, 2021

In the latest weekly update, three editors at Information Security Media Group discuss important cybersecurity issues, including the latest ransomware trends, plus an update on NIST's "zero trust" initiative.