Exploiting Microsoft Exchange ProxyLogon & ProxyShell vulnerabilities, attackers are malspamming replies in existing threads and slipping past malicious-email filters.
Posts tagged "attackers"
Keep Attackers Out of VPNs: Feds Offer Guidance
The NSA and CISA issued recommendations on choosing and hardening VPNs to prevent nation-state APTs from weaponizing flaws & CVEs to break into protected networks.
Attackers Impersonate DoT in Two-Day Phishing Scam
Threat actors dangled the lure of receiving funds from the $ 1 trillion infrastructure bill and created new domains mimicking the real federal site.
Threatpost
HPE Warns Sudo Bug Gives Attackers Root Privileges to Aruba Platform
HPE joins Apple in warning customers of a high-severity Sudo vulnerability.
Threatpost
LinkedIn’s 1.2B Data-Scrape Victims Already Being Targeted by Attackers
A refined database of 88K U.S. business owners on LinkedIn has been posted in a hacker forum.
Threatpost
WP Statistics Bug Allows Attackers to Lift Data from WordPress Sites
The plugin, installed on hundreds of thousands of sites, allows anyone to filch database info without having to be logged in.
Threatpost
Hacked WordPress sites are being defended by their attackers
Threat actors are password protecting the exploitable PHP file on compromised WordPress sites to fend off other attackers.
FBI: Over $140 million handed over to ransomware attackers
By analyzing bitcoin wallets and ransom notes, the FBI has determined that cybercrime victims paid over $ 140m to ransomware operators over the past six years.
At this year's RSA security conference, FBI Special Agent Joel DeCapua presented in his findings during two sessions in which he explained how he was able to use bitcoin wallets and ransom notes collected by the FBI, shared by private partners or found on VirusTotal to figure out how much victims paid in ransom payments.
According to DeCapua, between October 2013 and November 2019, approximately $ 144,350,000 was paid in bitcoins to ransomware actors. However, this figure does not include operation costs related to these attacks but just the ransom payments that were made.
- New York wants to ban paying ransomware demands
- Donald Trump ransomware spreads dangerous malware
- FBI warns that hackers are targeting software supply chain providers
When it came to the most profitable ransomware families, Ryuk brought in the most money for ransomware operators at $ 61.26m followed by Crysis/Dharma at $ 24.48m and Bitpaymer at $ 8.04m. It's worth noting that the actual amount of payments made over these six years is likely much higher as the FBI does not have access to all of the data surrounding ransomware attacks, as many businesses keep them secret to prevent hurting their stock prices.
Defending against ransomware
During his sessions at RSA, DeCapua also provided some tips on how companies and individuals can avoid falling victim to ransomware attacks.
DeCapua revealed that the Windows Remote Desktop Protocol (RDP) is the most common method that ransomware attackers are able to gain access to a network before deploying ransomware. In fact, RDP accounts for 70-80 percent of network breaches which is why he recommends that organizations use Network Level Authentication (NLA) for additional protection.
With NLA, clients are required to authenticate themselves with the network before they can actually connect to the remote desktop server. This provides increased security against preauthentication exploits though, DeCapua also suggested that unique and complex passwords should be used for RDP accounts.
Additionally, DeCapua suggests that businesses and individuals be careful of phishing attacks, install software and operating system updates, use complex passwords, monitor their networks and have a contingency plan with backups to prevent falling victim to a ransomware attack.
- We've also highlighted the best antivirus software
Via BleepingComputer