New Variation Of The PayPal Phishing Attack Sends Malicious Invoices Victims to Steal Personal Credentials

Posted in Commentary with tags on February 16, 2023 by itnerd

In July 2022, researchers at Avanan, a Check Point Software Company, wrote about a new campaign where hackers are sending phishing emails and malicious invoices directly from PayPal. Avanan has released its latest blog discussing how threat actors are continuing to take advantage of PayPal in a variety of ways to send malicious invoices directly to users. 

In this attack, victims are presented with emails, coming directly from PayPal, regarding fraudulent charges or renewal notifications. These notifications encourage users to take action by calling the provided number to reverse the charges. They are then prompted to provide personal information in which hackers save and use for future attacks. 

You can read the blog here.

Leave a comment »

Multilingual BEC Groups Use Auto Translate Tools for Payment Fraud, Payroll Diversion, And Executive Impersonation

Posted in Commentary with tags on February 16, 2023 by itnerd

Abnormal Security has identified two groups using executive impersonation to execute BEC attacks on companies worldwide. In a new report, the company provides details on Midnight Hedgehog, a group engaging in payment fraud, and Mandarin Capybara, a group performing payroll diversion attacks. This new report provides insight into the impact of multilingual BEC attacks, in-depth analysis of the tactics and techniques used by these groups, and offers actionable advice to organizations to defend against multilingual email-based attacks.

These groups use executive impersonation to deceive recipients into making payments for bogus services or changing payroll account details, often posing as a company’s CEO. The report highlights that by leveraging commercial online services and widely available marketing technology, BEC actors can rapidly scale their efforts, maximizing their reach and wreaking havoc across the globe.

You can read the report here.

Leave a comment »

Nozomi Networks Expands Strategic Partnership with Mandiant 

Posted in Commentary with tags on February 16, 2023 by itnerd

Nozomi Networks, the leader in OT and IoT security, today announced an expanded global strategic partnership with Mandiant to help industrial and enterprise customers anticipate, diagnose and respond to IT and OT cyber threats in their critical business operations.

As part of the strategic partnership, Mandiant expanded the number of certified Nozomi Networks experts on its global OT incident response team and will utilize Nozomi Networks’ solutions to further forensic analysis and incident assessments. The companies are also investing in a new initiative that will include threat intelligence sharing and joint security research, and plan to introduce custom-designed incident response and assessment programs for joint customers. These new efforts reinforce a trusted partnership that began in 2016 and continues to expand with the shared mission to strengthen the security of industrial control systems.

Recognized as a market leader in OT and IoT security, Nozomi Networks is valued for superior operational visibility, advanced OT and IoT threat detection and strength across deployments. Nozomi Networks solutions support more than 89 million devices in thousands of installations across energy, manufacturing, mining, transportation, utilities, building automation, smart cities, and critical infrastructure. Nozomi Networks products are deployable onsite and in the cloud, and span IT, OT and IoT to automate the hard work of inventorying, visualizing and monitoring industrial control networks through the innovative use of artificial intelligence. Use cases stretch beyond cybersecurity, and include troubleshooting, asset management and predictive maintenance.

By combining their market leadership in OT, IT & IoT cybersecurity, Nozomi Networks and Mandiant are bringing a new level of cyber defenses to critical infrastructure organizations worldwide.

Leave a comment »

Guest Post: Ukraine suffered 29 state-sponsored cyberattacks in 2022

Posted in Commentary with tags on February 16, 2023 by itnerd

In recent years, state-sponsored cyberattacks have become a growing concern for governments, businesses, and individuals alike.

According to the data analyzed by the Atlas VPN team, Ukraine was a victim of 29 state-sponsored attacks in 2022. Behind most of the government-backed attacks stand China and Russia, with 44 and 38 cyberattacks, respectively.

The United States suffered 14 state-sponsored cyberattacks. Most of these attacks came from Iran or China-backed hackers who launched phishing and malware campaigns against US companies or government entities.

State-backed hackers launched 7 attacks on Russia in 2022. The majority of them were by the Ukrainian IT army in response to Kremlin’s started war on Ukraine.

South Korea was a victim of 6 government-backed cyberattacks. North Korean cybercriminals were behind most of the threats. In addition, they were responsible for all 5 attacks on cryptocurrency companies.

Finally, all other state-sponsored threats on countries not mentioned here made up 76 total cyberattacks.

​​Cybersecurity writer at Atlas VPN, Vilius Kardelis, shares his thoughts on state-sponsored attacks:

“The rise of state-sponsored cyberattacks poses a significant threat to the stability of our interconnected world. Governments must collaborate to establish clear rules of engagement in cyberspace to prevent the expansion of malicious cyber activities that undermine trust and confidence in the digital infrastructure.”

State-sponsored spying

Governments around the world are engaged in a race to gather as much intelligence as possible.

Nonetheless, out of all government-backed attacks in 2022, 110 were launched to spy on another country or organization. Financial theft was the reason behind 11 threats, while cybercriminals destroyed sensitive information in 8 cyberattacks.

Governments were the primary targets of state-backed hackers, as they launched 75 attacks on such entities. Businesses faced 55 nation-sponsored cyberattacks. Cybercriminals hacked journalists, human rights activists, or other citizens 48 times. Lastly, military objects suffered 8 state-sponsored cyberattacks.

To read the full article, head over to:

https://atlasvpn.com/blog/unveiling-the-invisible-war-ukraine-suffered-29-state-sponsored-cyberattacks-in-2022

Leave a comment »

A North Korean Espionage Group Is Using M2RAT Malware For Cyber Espionage

Posted in Commentary with tags on February 16, 2023 by itnerd

A new North Korean malware M2RAT, discovered by ASEC researchers (Translation here) is in the wild. It begins with a phishing attack, installing its malware via a downloaded jpeg using steganography. Then the malware performs keylogging, data theft, command execution, and the taking of screenshots from the desktop. As if that’s not intrusive enough, it locates any attached portable devices such as phones, scans them for documents and voice recording files and transfers them to the attacker’s servers.
 
The malware is being used by the RedEyes attack group (aka APT37, ScarCruft), a North Korean cyber espionage hacking group believed to be state-supported. The group targets personal PC information and mobile phone data of specific individuals, not companies. The malware is distributed through the Hangul word processor EPS vulnerability (CVE-2017-8291). The vulnerability used in the attack is old and has been patched in newer versions of the word processor. The attackers seemed to know in advance that the targets are using the older version of the word processor that supports the EPS.

James Lively, Endpoint Security Research Specialist for Tanium:

   “While M2RAT, the capabilities, and the delivery process are indicative of a state-sponsored APT, the initial access vectors are the real highlight here. Phishing and exploiting unpatched services and software are generally the easiest and most cost-effective methods to gain access to a target network.

   “APTs have a reputation for operating solely out of memory while using encrypted communications to their C2’s. It’s difficult to detect malicious activity within memory without escalating costs and business disruptions. Combined with encrypted C2 communications, network analyzers are often rendered ineffective since they cannot identify traffic.  Based on these factors, it’s extraordinarily difficult to identify a sophisticated attacker, such as an APT, once they have gained a foothold inside of a network.”

   “It’s important for organizations to employ phishing training and campaigns often, ideally monthly or quarterly, to raise employee awareness and help them identify and report phishing attempts. Unpatched services and software allow attackers to use even decade old vulnerabilities to gain access. Proper asset management, inventory, and patching are critical to fortifying an enterprise against attackers seeking low hanging fruit. It only takes one employee to click a malicious link or unpatched system to compromise a network and potentially the entire enterprise.

While this is highly targeted malware, I suspect it’s a matter of time before attacks become broader in nature. Thus my advice would be to ensure that every endpoint, server, mobile phone, etc is fully patch to defend against this and other threats.


 

Leave a comment »

Twitter Took Another Dirt Nap Today…. Not That I’m Shocked By That

Posted in Commentary with tags on February 15, 2023 by itnerd

Twitter continues to have issues as we had another round of outages as evidenced by Down Detector

And this time around, the official Twitter Support account acknowledges that they had a problem:

During the outage people on the iOS Twitter app seemed to be most affected. refreshing the “For you” feed for example resulted in a message that says “tweets aren’t loading right now.” Also the“Following” feed loaded for me once but showed the same error message later.

What’s becoming clear is that Twitter is becoming more and more unstable and Elon Musk can’t keep it from tanking every few days. Right now, the man who lost $200 billion since buying Twitter must be reconsidering his life choices. In the meantime, I’m not shocked by this outage, and any outages that are sure to follow as they just illustrate how badly Elon has handled his leadership of Twitter.

1 Comment »

Dragos Report Shows How Much Ransomware Attacks Has Surged In The Last Year

Posted in Commentary with tags on February 15, 2023 by itnerd

According to cybersecurity firm Dragos, ransomware attacks on industrial infrastructure more than doubled last year. Of the 600 industrial sector ransomware attacks tracked by Dragos in 2022, three-quarters of them (437) targeted manufacturing in 104 subsectors. That was a 92% increase over the 315 attacks the firm detected in 2021.

The Dragos report also highlighted the emergence of a new, highly dangerous threat group, Chernovite, which developed a modular ICS toolset designed to cause destruction against critical infrastructure companies in the US and Europe.

International conflicts and wars have exacerbated the use of cyber attacks as compliments to political pressure. During 2022, Ukraine saw increased threat group activity targeting its energy and critical industrial infrastructure sectors. Russia’s 2022 invasion of Ukraine provide opportunities for Russia-aligned actors to use their cyber offensive capabilities preemptively and in parallel to its kinetic attacks.

Top 10 Ransomware Group attributions from study:

  1. LOCKBIT: 169
  2. CONTI: 58
  3. BLACK BASTA: 54
  4. ALPHA V: 43
  5. HIVE: 33
  6. KARAKURT: 30
  7. ROYAL: 22
  8. SNATCH: 17
  9. AVOS LOCKER: 14
  10. BIANLIAN: 14

Morten Gammelgard EVP, EMEA at BullWall has this perspective:

“Anyone who’s looking at Ransomware as strictly a financial play by criminal enterprises is missing the bigger picture. We are, in most senses, in a war. North Korea, China and Russia are the biggest players in the Ransomware game and as tensions and armed conflicts with these nations continue to escalate the threat actors are shifting their focus to industries that will harm the US and its allies the most: Infrastructure, communications, supply chain, manufacturing and even the government itself. 

“Countless government agencies have been under attack and some, particularly tax assessor offices, have been inoperable for months due to successful ransomware events. We will continue to see maximum focus on these parts of our economy as China, Russia and North Korea attempt to exacerbate our already record inflation to do maximum damage on our economy. The Ransom is only part of a longer game.

“With Russia, China and North Korea so focused on hurting our supply chain and production capability these organizations have to realize they won’t be able to stop those ransomware events from a determined nation-state actor. They MUST also have a solid response and containment strategy, including automated ransomware containment.

What’s clear from this report is ransomware is not going away anytime soon. Thus organizations need to ensure that they are fully protected from the threat that ransomware poses, or be prepared to suffer the consequences if they aren’t.

Leave a comment »

TELUS Friendly Future Foundation Is Offering $1 Million To Address The Most Critical Issues Facing Youth Today 

Posted in Commentary with tags on February 15, 2023 by itnerd

Today, TELUS Friendly Future Foundation launched the “Livable Communities for our Youth” Innovation Challenge, a $1 million funding opportunity to help address some of the most pressing social challenges youth in Canada are facing today, including lack of access to mental health support and housing, low academic achievement and barriers to employment. “Liveable Communities for our Youth” encourages out-of-the-box thinking and collaboration between innovators, entrepreneurs and youth focused charities, connecting them to help meet the needs of Canadian charities overwhelmed with demand. 

The Innovation Challenge uses a unique crowdsourcing platform, HeroX.com, that encourages entrepreneurs and innovators to come forward with new approaches that can help make communities across Canada more livable for youth, in one or more of the following areas: 

  • Youth mental health
  • Youth homelessness
  • Barriers to youth education and employment 
  • Making our communities safer and more inclusive for youth

Entrepreneurs, innovators and charities are invited to apply to the “Livable Communities for our Youth” Innovation Challenge until March 31. Up to five winners will be chosen to partner with a registered charity in Canada, with the total prize purse of $1 million being awarded to fund the most compelling approaches.

To learn more visit herox.com/SolutionsForYouth.

Leave a comment »

HP Engineers Extreme Performance with Z By HP

Posted in Commentary with tags on February 15, 2023 by itnerd

HP Inc. announced its new Z by HP high-performance workstation desktop lineup, engineered to change what is possible within complex, data rich workflows. HP is advancing hybrid workforce management with the HP Anyware Remote System Controller, a device that gives IT departments the management capabilities to support high performance devices from anywhere.

The complex workflows in industries spanning media and entertainment, data science, and engineering mean increased time pressure and the need for more compute power to deliver faster results. They also highlight a need to iterate with remote teams and push creative boundaries to deliver more accurate results. The new Z by HP Z4, Z6, Z8, and Z8 Fury desktops, powered by Intel®, deliver the scalable balance of CPU and GPU compute needed to fuel new levels of speed, accuracy, and creativity.

Extreme Workstation Performance

Z by HP innovations start with the customer to deliver the performance benefits needed whether it’s importing and working with large models and assemblies, running complex simulations, or training complex deep learning and machine learning models faster. The latest Z workstation desktops include up to 56 CPU cores and four high-end GPUs in the Z8 Fury G5. The Z4, Z6, Z8, and our all-new Z8 Fury, provide a variety of configurations to meet every workflow challenge for each of these segments. From our best-selling workhorse, the Z4, to the extreme performance of the Z8 Fury, Z by HP has the right workstation for every workflow.

  • The Z8 Fury G5 delivers powerful performance while staying cool and quiet under high-performance workflows with up to 56 cores in a single CPU and unleashing the power of four high-end double-wide GPUs with 2TB of DDR5 memory due to transformative single socket technology. Now you can breeze through even the most complex deep learning, virtual production, and VFX.
  • The HP Z4 G5 tackles advanced workflows from machine learning to advanced video editing with an evolutionary advancement of up to a 24-core CPU, two high-end GPUs, up to 512GB of RAM. The Z4 G5 accelerates a wide range of professional apps to advance intensive workflows and provides plenty of room to expand as workflows evolves.
  • The HP Z6 G5 accelerates graphics-intensive workflows with multiple GPUs based on the increased PCIe expandability of the latest Intel® Xeon® W-3400 processor architecture. With up to 36 processing cores, three high-end graphics cards, and 1TB of DDR5 memory, the Z6 G5 delivers significant performance for users demanding a machine that scales with their increased model and dataset complexity.
  • The HP Z8 G5 is designed for users who demand the most processing compute for CPU-intensive workflows to accelerate rendering with real-time ray tracing, data visualization, and model training while also providing plenty of room to expand as demands change. With a dual-socket workstation, designed to utilize 4th Gen Intel Xeon, it delivers up to 64 system cores in addition to supporting 2x high-end graphics cards with 1TB of DDR5 memory.

Consolidate Workstation Fleet Management

The HP Anyware Remote System Controller provides IT administrators a single dashboard with the ability to launch a kernel-based virtual machine (KVM) session and perform out-out-of-band management tasks such as pre-boot access, BIOS updates and re-imaging from anywhere. Through a single interface, IT administrators can now manage a fleet of devices, access secure system information like model numbers and BIOS versions, receive reports, and develop insights, to optimize their infrastructure to resolve issues before they affect users. HP is designing this hardware and software based on strong security industry standards, completing extensive testing, third-party reviews, and certifications to ensure maximum security.

Pricing and Availability

  • The HP Z4, Z6, Z8, Z8 Fury G5will be available for pre-order starting today on HP.com.
  • The HP Anyware Remote System Controller is expected to be available this spring. Pricing will be available closer to product availability.

Leave a comment »

Guest Post: Commvault Platform Release 2023: Continuing to efficiently expand secure data protection for hybrid multi-cloud environments

Posted in Commentary on February 15, 2023 by itnerd

By Ranga Rajagopalan – Senior Vice President Of Product For Commvault

The past year has been amazing — our data protection portfolio has won many accolades of technology leadership from industry analysts like Gartner, Forrester and GigaOm. These wins are no doubt driven by our relentless passion to protect our customers’ data in a difficult world and our fundamental belief that continuous customer collaboration is key to pragmatic innovation.

The next chapter of our 26-year journey of customer-driven innovation is now here — we are excited to announce the General Availability of Commvault Platform Release 2023!

Commvault PR 2023 introduces several new features and additions to strengthen our customers’ security posture, deepen our rich integration with all major hyperscalers and introduce more smart savings through operational efficiencies.

Hundreds of customers have already benefited from these new capabilities during the Technology Preview phase, that started on December 15, 2022.

Harnessing the power of multi-cloud

What differentiates our approach to the ecosystem — and yes, we continue to support the broadest ecosystem when it comes to data protection — is how our integrations are seamlessly built-in and not just clumsily bolted on for a quick mention. Deeper the integrations, greater the synergies enjoyed by our customers.

Commvault PR 2023 carries new deep integrations to make it easier for our customers to protect their data across Microsoft Azure, AWS Cloud, Google Cloud Platform and Oracle Cloud Infrastructure.

Take, for instance, our new integration with Microsoft Azure Restore Points. We worked closely with Microsoft to be the first data protection platform to support Azure Restore Points. While Azure has had incremental snapshot capabilities, this new integration allows for application consistency across disks, while reducing costs with the option to use more cost-efficient storage tiers for backups.

Commvault PR 2023 also introduces integration with Amazon FSx for NetApp which brings the same on-premises NetApp ONTAP policy-based protection to AWS. The new release also introduces support for Oracle Cloud Infrastructure (OCI) infrequent access and combined storage tiers to help reduce costs for protecting your cloud data.

Enhancing data security

Our trusted approach to data protection is shaped by the fundamental customer direction that data security is an integral and inseparable component of data protection. Building on our robust multi-layered ransomware detection, protection and recovery framework, Commvault PR 2023 introduces new integrations to drive data protection insights into the broader security ecosystem.

An important aspect of data protection is to leverage data awareness to proactively alert IT teams when threats arise. Commvault PR 2023 introduces a new Security Information and Event Management (SIEM) connector that makes it easy to feed alerts, events, and audit data to other platforms through webhooks APIs or even syslog. Leveraging standard protocols ensures we can work with virtually any SIEM or event management system giving security teams better visibility to anomalies and threats in their data.

Driving smart savings

With the uncertainty of a global recession looming, customers in every industry are looking to optimize costs in their budgets to make up for the increased spend for security and mission critical areas. We are continuing to help provide options to lower the cost for data.

New capabilities to use single region snapshots vs. multi-region snapshots for GCP can save 30 per cent of that cost to backup resources. Sometimes improving cost is as simple as reducing the time it takes to protect applications.

Our optimizations for Hadoop, leveraging snapdiff, can take what was hours long backup scans to just minutes thanks to the enhancements in how we scan for changed blocks.

These are just a few of the amazing features we have in Platform Release 2023. You can learn about more of the latest features in our What’s New page for Platform Releases. Connect with our product management team and others in our communities for all the latest news and release information.

Join us live on March 8th, 2023 at our Platform Release 2023 customer webinar. Register here.

Leave a comment »

« Older Entries
Newer Entries »