Archive for category: Security Info

As the Russian invasion of Ukraine unfolds, experts are urging American businesses to double down on their cybersecurity protocols. 

In mid-February, the Cybersecurity and Infrastructure Security Agency issued an advisory to U.S. organizations to put their “shields up” as tensions between Russia and Ukraine escalate. The shields up initiative encourages organizations of all sizes to take steps to reduce their chances of a cyberattack and ensure that they’re prepared in the case of a breach. The recommendations include assessing unusual behavior, assembling a crisis-response team, and shoring up vulnerabilities that might exist in your network. 

“T]he reason why there are these bulletins coming out, especially directed at small and medium-sized businesses, is that we have learned the hard way about the fragility of the global supply chain,” says Theresa Payton, a former White House Chief Information Officer under George W. Bush.

Watch out for your email inbox because one of the biggest ransomware botnets is back

By Dave James

“After being taken down by Microsoft and the Pentagon ahead of the 2020 presidential election, the group behind Trickbot is up and running again.

The Russian-speaking ransomware group taken down by Microsoft and the Pentagon last year is back up and running and ready to infect a whole new tranche of machines. So yeah, time to be really careful about what links and attachments you click on in unsolicited emails.

The group, known by the moniker of its Trickbot malware, was targeted by the Pentagon’s Cyber Command because of fears that it might decide to interfere with the presidential election. A series of coordinated attacks were launched against infected systems in September 2020, pointing them at a local address rather than a Trickbot control server, and it looked like the debilitating efforts had succeeded.

At least temporarily.

Microsoft also got in on the action, apparently on its own cognisance, tracking down the servers actually being used by the Trickbot botnet. Working with ISPs in Latin America, Microsoft was able to obtain court orders which meant they could disable the IP addresses plumbed into those servers.

Because of the decentralised nature of the group, reportedly spread out across Russia, Ukraine, Belarus, and other locales in Eastern Europe, it’s almost impossible to put these sorts of groups out of action for good. And, despite the arrest of one 55-year-old for apparently facilitating the spread of the Trickbot operation, there’s a lot of evidence that it’s winding back up again.
Indeed, there are reports as far back as January, that malware attacks bearing all the essential hallmarks of a Trickbot campaign were happening across North America. Menlo Security said that: “While Microsoft and its partners’ actions were commendable and Trickbot activity has come down to a trickle, the threat actors seem to be motivated enough to restore operations and cash in on the current threat environment.”

LINK: https://www.pcgamer.com/russian-ransomware-trickbot-is-back-in-action/

The ransomware landscape continues to thrive. Incident volumes, average ransom demands—these factors and more are increasing.

The menace of Ransomware-as-a-service (RaaS) affiliate models makes it easy for threat actors to scale their operations and target any industry or business regardless of size. In fact, these attacks can devastate even the largest global conglomerates.

And ransomware accounts for over half of the incidents reported by Secureworks. It is the number-one threat our customers face daily.

However, it’s far from the only threat plaguing businesses. As companies work to solidify their defenses, adversaries do everything in their power to circumvent them.

In our 2021 report, we explore some of the most recent, hard-hitting cyberattacks. With this resource, we’ve developed a comprehensive view of the threat landscape across the security industry to date.