Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Cyberattacks

Managed Security Awareness: Beyond the Breach | Ransomware Infected Thumb Drives

The FBI has warned of a FIN7 cybercrime campaign in which attackers mail USB thumb drives to American organizations with the goal of delivering ransomware into their environments. Our latest Arctic Wolf Managed Security Awareness session, Beyond the Breach, breaks down what to look for and how to respond, shares background on this new cybercrime, and offers guidance on how to protect your organization.

Latest FBI Warning: Don't Trust Thumb Drives

The FBI recently warned and advised on a current scam in which bad actors mail malicious thumb drives in packages and trick recipients into thinking there is a legitimate reason for connecting the thumb drive to their computer. Let’s be clear. DON’T. Don’t stick that thing in your computer. You don’t know where it’s been!

Russia's FSB Takes Down REvil Cyber Gang in an Unprecedented Series of Raids

Reuters reported on Friday that the Russian Federal Security Service (FSB) and local police launched a series of raids against members of the REvil/Sodinokibi ransomware gang at the request of the United States. More than a dozen arrests were made with millions in cash and goods being confiscated by authorities. This unprecedented action from the Russian Federal Security Service aligns with the fear that we've observed while conducting cybercriminal chatter reconnaissance on the Dark Web.

Malicious USB drives are being posted to businesses

A notorious cybercrime gang, involved in a series of high profile ransomware attacks, has in recent months been sending out poisoned USB devices to US organisations. As The Record reports, the FBI has warned that FIN7 – the well-organised cybercrime group believed to behind the Darkside and BlackMatter ransomware operations – has been mailing out malicious USB sticks in the hope that workers will plug them into their computers.

Malicious modifications to open source projects affecting thousands - Sysdig Secure

In the early days of 2022, two extremely popular JavaScript open source packages, colors.js, and faker.js, were modified to the point of being unusable. The reason for this event can be traced to various motivations, but what is worth mentioning is that several applications that employed those dependencies were involved. The two impacted packages can be used for different purposes in JavaScript applications. colors.js enables color and style customization in the node.js console.

The 5 Stages of a Credential Stuffing Attack

Many of us are fond of collecting things, but not everyone is excited about Collections #1-5. In 2019, these Collections, composed of ca. 932 GB of data containing billions of email addresses and their passwords, made their way around the Internet. These collections weren’t breaches but compilations of emails and passwords that had been gathered. Even after repeat entries were whittled down, the collection still contained billions of distinct address and password combinations.

7 Best Security Practices to Protect Against the Main Types of Attacks on Web Applications

As the world becomes more digital and interconnected, futuristic technologies such as IoT, 5G technology, quantum computing, and AI are bringing in limitless opportunities along with a whole range of threats and risks. The result – web application attacks are commonplace today with businesses being affected every day. About Indusface: Indusface is a SaaS company that secures critical Web applications of 2000+ global customers using its award-winning platform that integrates Web application scanner, Web application firewall, CDN, and threat information engine.

FIN7 Sends BadUSB Devices to U.S. Businesses as Part of Targeted Ransomware Campaign

First reported by The Record, the FBI has issued a new security Flash Alert warning organizations that the cybercrime gang FIN7 is again sending malicious USB drives to U.S. business targets in the transportation, insurance and defense industries through the U.S. Postal Service and United Parcel Service. This latest wave of attacks began in August 2021 with FIN7, which is also known as Carbanak Group and Navigator Group. The drives can be recognized by the LilyGo label on the case.

Laptop running slow? You might have been cryptojacked.

It’s always frustrating when your laptop starts to slow down. The more you click, the more it seems to stutter and have a good think about everything you ask it to do. Joining video calls and even opening documents becomes a chore. Normally, this is a sign to free up some storage space or request a new device/component from the IT department. However, an unusually slow laptop can also be the sign of something more sinister – cryptojacking.

What is Domain Hijacking? Tips to Protect Yourself

Domain hijacking is the act of domain name theft. It can happen to individuals or organisations and it’s increasing in frequency. The name may be hijacked by someone else who passes themselves off as you, tricks your domain registrar into transferring your domain to them, or hacks into your account (sometimes through phishing) and transfers it themselves.