Verizon cybersecurity leaders evaluated which states’ businesses fare best after cyberattacks. To determine the odds of a business recovering from a cyberattack in any given state, they analyzed a host of factors, including internet privacy laws and the number of cyberattacks businesses within each state suffer each year. Here’s what they found.
Iranian cyber threat actors have been continuously improving their offensive cyber capabilities. They continue to engage in more conventional offensive cyber activities ranging from website defacement, distributed denial of service (DDoS) attacks, and theft of personally identifiable information (PII), to more advanced activities—including social media-driven influence operations, destructive malware, and, potentially, cyber-enabled kinetic attacks, warns the Cybersecurity and Infrastructure Security Agency (CISA).
ESET researchers recently discovered attempts to deploy Lazarus malware via a supply-chain attack (on less secure parts of the supply network) in South Korea. In order to deliver its malware, the attackers used an unusual supply-chain mechanism, abusing legitimate South Korean security software and digital certificates stolen from two different companies. The attack was made easier for Lazarus since South Korean internet users are often asked to install additional security software when visiting government or internet banking websites.
The Q3 2020 Threat Landscape Report by Nuspire demonstrates threat actors becoming even more ruthless. Throughout Q3, hackers shifted focus from home networks to overburdened public entities, including the education sector and the Election Assistance Commission (EAC). Malware campaigns, like Emotet, utilized these events as phishing lure themes to assist in delivery.
In the energy sector, the stakes are high when it comes to cybersecurity. Unlike other fields where malware could cause havoc and delay services, attacks within the energy sector could potentially cut off electricity to millions of customers in the United States and around the world. Leo Simonovich, VP and Global Head of Industrial Cyber and Digital Security at Siemens Energy, is focused on ensuring that doesn’t happen.
Operators used four different DLL side-loading scenarios to install and execute new malware after removing a resident PlugX Backdoor
November 4, 2020
Sophos uncovered attackers using DLL side-loading to execute malicious code and install backdoors in the networks of targeted organizations. A report published, “A New APT uses DLL Side-loads to Killl Someone,” outlines the discovery of four different DLL side-loading scenarios, which all share the same program database path and some of which carry a file named “KilllSomeOne.”
Internet of Things (IoT) devices are now responsible for 32.72% of all infections observed in mobile networks, up from 16.17% in 2019, according to a new Nokia Threat Intelligence Report 2020. This trend lines up with the growing number of IoT devices that are now connected to mobile networks, says Nokia's Threat Intelligence Lab.
According to the Center for Internet Security (CIS), in September 2020, three malware returned to the Top 10: CoinMiner, CryptoWall, and Emotet. The Top 10 Malware variants composed 87% of Total Malware activity in September 2020, up from 78% in August 2020.
Emotet — a sophisticated Trojan commonly functioning as a downloader or dropper of other malware — resurged in July 2020, after a dormant period that began in February. Since August, CISA and MS-ISAC have seen a significant increase in malicious cyber actors targeting state and local governments with Emotet phishing emails. This increase has rendered Emotet one of the most prevalent ongoing threats.
The Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Defense (DOD) Cyber National Mission Force (CNMF) have identified a malware variant — referred to as SLOTHFULMEDIA — used by a sophisticated cyber actor. In addition, U.S. Cyber Command has released the malware sample to the malware aggregation tool and repository, VirusTotal.