The Grief ransomware operation's dedicated data leak site (victims' names redacted)

Ransomware Changes: DoppelPaymer Rebrands; Babuk Evolves

Mathew J. Schwartz • July 30, 2021

The ransomware landscape changes constantly as groups disappear, change approaches or rebrand. The DoppelPaymer operation, for example, appears to have reinvented itself as Grief, while the administrator of Babuk has launched a ransomware-friendly cybercrime forum called RAMP.

Fraud Management & Cybercrime

Alert for Ransomware Attack Victims: Here's How to Respond

Latest

3rd Party Risk Management

SolarWinds Attackers Accessed US Attorneys' Office Emails

Scott Ferguson • August 1, 2021

The Russian-linked group that targeted SolarWinds using a supply chain attack compromised at least one email account at 27 U.S. Attorneys' Offices in 15 states and Washington D.C. throughout 2020, according to an update posted by the Justice Department.

Account Takeover Fraud

Researchers Uncover New Android Banking Malware

Akshaya Asokan • July 31, 2021

A newly uncovered banking Trojan dubbed "Vultur" is targeting Android users through screen recording to capture the victim's banking credentials, a new report by security firm ThreatFabric says.

Artificial Intelligence & Machine Learning

NIST Works to Create AI Risk Management Framework

Dan Gunderman • July 31, 2021

Citing a need to secure artificial intelligence technologies, NIST is working to create risk management guidance around the usage of AI and machine learning, the agency announced this week. Specifically, NIST seeks feedback to address governance challenges.

Cyberwarfare / Nation-State Attacks

Researchers Find More Servers Tied to Russian-Linked Attacks

Scott Ferguson • July 30, 2021

Researchers at the security firm RiskIQ have uncovered about 35 active command-and-control servers connected with an ongoing malware campaign that has been linked to a Russian-speaking attack group known as APT29 or Cozy Bear.

Governance & Risk Management

Patching Woes: Most Frequently Exploited CVEs Listed

Dan Gunderman • July 30, 2021

A joint cybersecurity advisory issued by several agencies this week highlighting the ongoing exploits of longstanding software vulnerabilities illustrates the woeful state of patch management, security experts say.

Fraud Management & Cybercrime

ISMG Editors’ Panel: Ransomware Update

Anna Delaney • July 30, 2021

In the latest weekly update, three editors at Information Security Media Group discuss important cybersecurity issues, including the latest ransomware trends, plus an update on NIST's "zero trust" initiative.

Critical Infrastructure Security

Wiper Malware Used in Attack Against Iran's Train System

Jeremy Kirk • July 30, 2021

Nearly three weeks ago, Iran's state railway company was hit with a cyberattack that was disruptive and - somewhat unusually - also playful. Security firm SentinelOne says analyzing the wiper malware involved offers tantalizing clues about the attackers' skills, but no clear attribution.

Governance & Risk Management

Flaw Found in Moodle Online Learning Platform

Akshaya Asokan • July 30, 2021

The bug hunting team at pentesting firm Haxolot.com uncovered a remote code execution vulnerability in Moodle, an open-source online learning platform widely used by universities worldwide. The flaw has since been patched.

Critical Infrastructure Security

Analysis: Keeping Track of Ransomware Gangs

Anna Delaney • July 30, 2021

The latest edition of the ISMG Security Report features an analysis of the disappearance of ransomware-as-a-service groups, such as REvil and Darkside, and how that impacts the wider cybercrime ecosystem. Also featured: ransomware recovery tips; regulating cyber surveillance tools.

Cybercrime

Insurer: Size of Claims Paid for Ransomware Attacks Declines

Doug Olenick • July 29, 2021

Cyber insurance provider Coalition Inc. says its clients' average claims for losses when they were hit by a ransomware attack totaled $184,000 in the first half of this year, down 45% compared to the second half of 2020. Negotiating lower ransoms and more efficient recovery were key factors.

Cyberwarfare / Nation-State Attacks

Israeli Government Visits NSO Group Amid Spyware Claims

Jeremy Kirk • July 29, 2021

The Israeli government paid a visit on Wednesday to NSO Group, the company whose spyware is alleged to have been covertly installed on the mobile devices of journalists and activists. The visit comes as Israel faces growing pressure to see if NSO Group's spyware, called Pegasus, has been misused.

Business Continuity Management / Disaster Recovery

Kaseya's Unitrends Technology Has Zero-Day Flaws

Prajeet Nair • July 28, 2021

Researchers are warning of three zero-day vulnerabilities in Kaseya's Unitrends cloud-based enterprise backup and disaster recovery technology. The news comes after a July 2 ransomware attack exploiting flaws in Kaseya's VSA software had a major impact.