In the spotlight this week: Since the recent airstrikes by the United States in Iran, which resulted in the death of General Qasem Soleimani, security researchers and media outlets have been focused on the potential of any Iran-associated response. The geopolitical tension that already existed between the United States and Iran has sometimes resulted in offensive cyber activity―mostly destructive, disruptive, and/or espionage campaigns. A cyber response from Iran is an option but in this case there is no guarantee, considering the nature and impact of the physical event. If any does occur, the Iranian threat actors’ capabilities, tool sophistication, and tactics, techniques, and procedures (TTPs), as well as impact of a successful cyber attack, would likely be similar to those previously exhibited, although the motive and attack focus may differ.
The cyber-extortion landscape has shown real signs of strength and advancement in the past three months...
Most Recent Flipbooks
Three state-linked threat groups have reportedly conducted cyber attacks aimed at the US Democratic and Republican presidential campaigns.
An operations security (OpSec) failure by the threat group “FIN7” led to an unintentional exposure of their new tools, campaigns, and underground affiliations.
A wave of extortion attacks has interrupted operations in the financial services and retail sectors with threats of distributed denial of service (DDoS) if ransom is not paid.
Remote workers have been falling victim to a voice-phishing (vishing) campaign that involves phone calls and custom phishing pages intended to solicit virtual private network (VPN) credentials.
Global technology firm Intel Corporation (Intel) confirmed a data leak after 20GB of its confidential proprietary data was made available online.
Since its first appearance, WastedLocker has been a successful tool for extorting millions of dollars from companies in a series of targeted attacks.
“Lazarus Group” has reportedly used their newly identified “MATA” malware framework and newly created “VHD” ransomware to target high-profile victims.
After exposing more than 300 million user records in May 2020, the “ShinyHunters” threat group has allegedly returned with a second stage of data leaks.
On 15 July 2020 threat actors compromised 130 Twitter accounts to promote a cryptocurrency scam, which reportedly garnered at least USD 121,000.
A cybercriminal-forum user claims to have accessed and exfiltrated 15 billion records pertaining to multiple companies by compromising Data Viper, a cyber-security firm that holds breached data.
Ransomware appeared on the horizon long before 2020, but has arguably taken the cyber-threat landscape by storm over the past six months.
A two-pronged approach in a new cyber-threat campaign revealed cooperation between the “InvisiMole” threat collective and pro-Russia group “Gamaredon”
A cyber-threat campaign was discovered exploiting an Adobe Campaign redirection flaw and abusing mail servers for heavily obfuscated phishing attacks.
Two malware variants used in simultaneous cyber-threat campaigns against United States utility entities have been linked to a single threat group.
The “Maze” group recently began collaborating with other ransomware operators by hosting their victims’ leaked data on the Maze News website.
The United States National Security Agency (NSA) released a cyber security advisory about the threat group “Sandworm”, likely a unit of the Russian GRU military intelligence agency.
A new ideologically motivated threat group, “CyberWare”, has been observed using ransomware in wiper attacks against companies it believes are conducting scams.
A threat group by the name of ShinyHunters has flooded dark web marketplaces and criminal forums with leaked databases belonging to at least 18 companies.
The apparent resurgence of advanced persistent threat (APT) group “Naikon” has established that “out of sight” does not mean “inactive”; despite scant reporting on the group in recent years, Naikon ha
Researchers have reported on active cyber-threat campaigns exploiting a cross-site scripting (XSS) vulnerability in a WordPress website theme.