CyberSecure Specialist

26 Feb

When Low-Tech Hacks Cause High-Impact Breaches

Information, Insights

Web hosting giant GoDaddy made headlines this month when it disclosed that a multi-year breach allowed intruders to steal company source code, siphon customer and employee login credentials, and foist malware on customer websites. Media coverage understandably focused on GoDaddy’s admission that it suffered three different cyberattacks over as many years at the hands of the same hacking group.  But it’s worth revisiting how this group typically got in to targeted companies: By calling employees…

Read More
25 Feb

A year of wiper attacks in Ukraine

Information

ESET Research has compiled a timeline of cyberattacks that used wiper malware and have occurred since Russia’s invasion of Ukraine in 2022 This blogpost presents a compiled overview of the disruptive wiper attacks that we have observed in Ukraine since the beginning of 2022, shortly before the Russian military invasion started. We were able to attribute the majority of these attacks to Sandworm, with varying degrees of confidence. The compilation includes attacks seen by ESET,…

Read More
25 Feb

One year on, how is the war playing out in cyberspace? – Week in security with Tony Anscombe

Information

With the conflict in Ukraine passing the one-year mark, have its cyber-war elements turned out as expected? It’s been twelve months since Russia invaded Ukraine, and it’s a good time to pause and reflect on a few pertinent issues, including: How is the war playing out in cyberspace? Have the cyber-elements turned out as expected? More broadly, why is cyber a significant component of modern warfare? Importantly, make sure to check out our timeline of…

Read More
24 Feb

US warns of cyberattacks by Russia on anniversary of Ukraine war

Data Breaches, Malware, Social Engineering

The US Cybersecurity and Infrastructure Security Agency has issued an advisory urging organizations to increase cybersecurity vigilance today, the anniversary of Russia’s invasion of Ukraine, in the wake of a cyberattack against several Ukrainian government websites. “The United States and European nations may experience disruptive and defacement attacks against websites in an attempt to sow chaos and societal discord,” the CISA advisory said. The cyberattack in Ukraine, detected yesterday, hit the websites of a number…

Read More
24 Feb

Who’s Behind the Botnet-Based Service BHProxies?

Information, Insights

A security firm has discovered that a six-year-old crafty botnet known as Mylobot appears to be powering a residential proxy service called BHProxies, which offers paying customers the ability to route their web traffic anonymously through compromised computers. Here’s a closer look at Mylobot, and a deep dive into who may be responsible for operating the BHProxies service. The BHProxies website. First identified in 2017 by the security firm Deep Instinct, Mylobot employs a number…

Read More
24 Feb

Microsoft tells Exchange admins to revert previously recommended antivirus exclusions

Data Breaches, Malware, Social Engineering

Microsoft is advising Exchange Server administrators to remove some of the endpoint antivirus exclusions that the company’s own documentation recommended in the past. The rules are no longer needed for server stability and their presence could prevent the detection of backdoors deployed by attackers. “Times have changed, and so has the cybersecurity landscape,” the Exchange Server team said in a blog post. “We’ve found that some existing exclusions — namely the Temporary ASP.NET Files and…

Read More
24 Feb

Dutch Police Arrest Three Ransomware Group Members

Attacks, Malware

The threat of leaking data if a ransom is not paid is a common tactic amongst ransomware actors. In this case, the group would still leak data even if ransom was paid. By using this model, the group was setting themselves up to not get paid by anyone because there would be no benefit to paying. Although this is a risk taken by companies paying a ransom, most groups do not follow this model to…

Read More
24 Feb

Microsoft Urges Exchange Administrators to Remove Some Antivirus Exclusions

Attacks, Malware

This new recommendation from Microsoft demonstrates how adding over-encompassing AV exclusions can negatively impact and organization’s security. Especially in the current threat landscape, many actors make use of PowerShell and malicious IIS extensions to perform their attacks. Having these exclusions in place allows for a large gap in visibility where the threat actors can go unnoticed. On top of removing these exclusions and following the other recommendations from Microsoft, it is also recommended to frequently…

Read More
24 Feb

Watch on Demand: Attack Surface Management Summit

Information, News

As security teams look to foundational strategies to protect corporate assets, the reduction of attack surface throughout the organization has taken center stage. All sessions from SecurityWeek’s 2023 Attack Surface Management Summit are now available to watch on demand. If you missed any sessions, you can watch them now in the virtual conference center: Fireside Chat With Jason Chan, Former Netflix Security Chief What Our 2022 Data Reveals About the Most Pressing Exposures on Your Attack…

Read More