Microsoft Disrupts Business Email Compromise Domains

Doug Olenick • July 21, 2021

Microsoft has announced the takedown of 17 domains that an unnamed threat group operating out of West Africa used to host fake Microsoft websites when conducting business email compromise attacks.

Blockchain & Cryptocurrency

Battling P2P Payments Fraud: A Team Approach

Latest

Cyberwarfare / Nation-State Attacks

ISMG Editors’ Panel: Examining the Pegasus Project

Anna Delaney • July 23, 2021

In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including the use of commercially available spyware and security risk management in the telecom sector.

Cybercrime

Alert for Ransomware Attack Victims: Here's How to Respond

Mathew J. Schwartz • July 23, 2021

As ransomware continues to pummel organizations, if they do get hit, then from an incident response standpoint, what are the essential steps they should take to smooth their recovery? Veteran ransomware-battler Fabian Wosar, CTO of Emsisoft, shares essential steps and guidance for recovery.

Application Security

Analysis: Implications of the Pegasus Spyware Investigation

Anna Delaney • July 23, 2021

This edition of the ISMG Security Report features an analysis of ongoing investigations into the use of NSO Group's Pegasus spyware to spy on dissidents, journalists, political rivals, business leaders and even heads of state - and discussion of whether the commercial spyware business model should be banned.

Business Continuity Management / Disaster Recovery

Kaseya Obtains Decryption Tool After REvil Ransomware Hit

Jeremy Kirk , Doug Olenick , Mathew J. Schwartz • July 22, 2021

Remote management software vendor Kaseya has obtained a decryption tool for all organizations affected by the massive ransomware attack launched via its software. The tool should especially help the many small businesses still struggling to recover. Kaseya declined to comment on how it obtained the decryptor.

Cybercrime as-a-service

Dutch Police Arrest 2 Tied to Phishing Operation

Dan Gunderman • July 22, 2021

Dutch police made two arrests this week in an effort to break up the alleged fraud-as-a-service syndicate known as "Fraud Family," which they say developed, sold and rented phishing frameworks to fraudsters who stole financial information.

Cyberwarfare / Nation-State Attacks

Spyware Zero-Day Hits Show Apple Ecosystem's Imperfections

Mathew J. Schwartz • July 21, 2021

Following revelations that commercial spyware vendor NSO Group was able to exploit the latest model of the Apple iPhone to install surveillance software, experts describe how Apple could be doing more to lock down its iOS mobile operating system as well as curtail attacks by making them much costlier to run.

Cyberwarfare / Nation-State Attacks

World Leaders Included on Alleged Spyware Targeting List

Mathew J. Schwartz • July 21, 2021

Can NSO Group and other commercial spyware vendors survive the latest revelations into how their tools get used? The Israeli firm is again being accused of selling spyware to repressive regimes, facilitating the surveillance of journalists, political opponents, business executives and even world leaders.

Cyberwarfare / Nation-State Attacks

US: Chinese Government Waged Microsoft Exchange Attacks

Scott Ferguson • July 19, 2021

The Biden administration formally accused China's Ministry of State Security of conducting a series of attacks against vulnerable Microsoft Exchange servers earlier this year that affected thousands of organizations. This group is also accused of carrying out ransomware and other cyber operations.

Business Continuity Management / Disaster Recovery

What's Next Step for REvil Ransomware Victims?

Doug Olenick • July 16, 2021

Now that the REvil ransomware gang has apparently shut down, victims are in a precarious situation. They must either rely on backups to restore data access or wait for the release of a decryptor, making sure they retain all encrypted files.

3rd Party Risk Management

ISMG Editors’ Panel: Challenges for New CISA Leader

Anna Delaney • July 16, 2021

In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including the challenges ahead for the new director of the U.S. Cybersecurity and Infrastructure Security Agency and vendor security risk management in the healthcare sector.

3rd Party Risk Management

Analysis: Changing Nature of Ransomware Attacks

Anna Delaney • July 16, 2021

This edition of the ISMG Security Report features an analysis of comments from the former head of Britain's GCHQ intelligence agency, Robert Hannigan, on the changing nature of ransomware attacks. Also featured: Disrupting the ransomware-as-a-service business model; supply chain security management tips.

Blockchain & Cryptocurrency

Is Cryptocurrency-Mining Malware Due for a Comeback?

Mathew J. Schwartz • July 16, 2021

The world is now focused on ransomware, perhaps more so than any previous cybersecurity threat in history. But if the viability of ransomware as a criminal business model should decline, expect those attackers to quickly embrace something else, such as illicitly mining for cryptocurrency.