Cybercrime forums give ransomware gangs the ability to purchase remote access credentials for a range of corporate networks. (Source: Trend Micro)

Top Ransomware Attack Vectors: RDP, Drive-By, Phishing

Mathew J. Schwartz • May 29, 2020

Ransomware-wielding attackers are typically breaking into victims' networks using remote desktop protocol access, phishing emails or malware that's sometimes used in drive-by attacks against browsers, experts warn, advising organizations to make sure they have the right defenses in place.

Breach Notification

RagnarLocker Deploys a Virtual Machine to Hide Ransomware

Latest

Account Takeover

Suspected Hacker Faces Money Laundering, Conspiracy Charges

Akshaya Asokan • May 30, 2020

A New York City man is facing federal charges after FBI agents arrested him at John F. Kennedy Airport with a PC allegedly containing thousands of stolen credit card numbers. Prosecutors also believe the suspect used bitcoin to launder millions in illicit funds.

Governance & Risk Management

Former IT Administrator Sentenced in Insider Threat Case

Scott Ferguson • May 30, 2020

A former IT administrator for an Atlanta-based building products distribution company has been sentenced to 18 months in federal prison after he sabotaged the firm by changing router passwords and damaging a critical command server. Overall, Charles E. Taylor caused more than $800,000 in damages.

Cybercrime

NSA: Russian Hackers Targeting Vulnerable Email Servers

Akshaya Asokan • May 29, 2020

A Russian government-backed hacking group that's been tied to a series of cyberespionage campaigns has been quietly exploiting a critical remote code execution vulnerability in Exim email servers since 2019, the U.S. National Security Agency warns in an alert.

Governance & Risk Management

Hackers Breached 6 Unpatched Cisco Internal Servers

Doug Olenick • May 29, 2020

Six internal servers that Cisco uses to support its virtual networking service were compromised earlier this month after the company failed to patch two SaltStack zero day vulnerabilities. The company did not describe the damage done, saying only that "a limited set of customers" was impacted.

Cybercrime

Revamped Valak Malware Targets Exchange Servers

Ishita Chigilli Palli • May 29, 2020

A recently revamped version of the Valak strain of malware is targeting Microsoft Exchange servers in the U.S. and Germany, according to recent research from Cybereason. The malware has been redesigned to act as an information stealer that can extract corporate data.

COVID-19

Analysis: Surge in Attacks Against Banks

Nick Holland • May 29, 2020

The latest edition of the ISMG Security Report analyzes why cyberattacks against banks have surged in recent weeks. Plus: The increasingly ruthless tactics of ransomware gangs; cybersecurity strategies for small businesses.

Breach Notification

LiveJournal Blog Platform Credential Leak: What Happened?

Doug Olenick • May 28, 2020

The Russian blogging platform LiveJournal confirmed this week that it suffered several brute-force attacks in 2011 and 2012. But it insists that the 26 million usernames and passwords that are now available for sale on darknet forums came from other sources.

Legislation & Litigation

Bipartisan Bill Would Boost Cybersecurity Research

Ishita Chigilli Palli • May 28, 2020

A bipartisan group of lawmakers has introduced a bill that calls for investing $100 billion in research on science and emerging technologies, including cybersecurity, quantum computing and artificial intelligence.

Governance & Risk Management

How Smaller Companies Can Set Cybersecurity Priorities

Anna Delaney • May 28, 2020

Small and midsize companies don't need to spend money on expensive security products, says cybersecurity consultant Nic Miller, but they must consider several critical factors as they devise their strategies.

COVID-19

Safeguarding COVID-19 Research, Other Intellectual Property

Marianne Kolbasuk McGee • May 28, 2020

As cyberthreats to medical research on COVID-19 - and other intellectual property - grow, organzations must take critical steps to prevent the theft of their "innovation capital," says Russell Koste, chief security officer of Alexion Pharmaceuticals.

Governance & Risk Management

Researcher Contends Trend Micro's RootkitBuster Busted

Jeremy Kirk • May 28, 2020

Last week, security researcher Bill Demirkapi said that Trend Micro used a trick to get one of its drivers to pass Microsoft's approval process. Trend Micro has withdrawn the driver and says it's working with Microsoft on incompatibility issues that are unrelated to the researcher's findings.

COVID-19

HHS's COVID-19 Response, Recovery Efforts to Be Scrutinized

Marianne Kolbasuk McGee • May 27, 2020

A federal watchdog agency has established key goals and objectives - including protecting the security of IT infrastructure as well as combating fraud - that drive its oversight of the Department of Health and Human Services' COVID-19 response and recovery activities.