AdGuard, a popular ad blocker for Android, iOS, Windows, and Mac, has reset all user passwords, the company’s CTO Andrey Meshkov announced. The company took this decision after suffering a brute-force attack during which an unknown attacker tried to log into user accounts by guessing their passwords. Meshkov said the attacker used emails and passwords that were previously leaked into the public domain after breaches at other companies.
This type of attack –using leaked usernames and passwords to hack into accounts at other services– is known as credential stuffing. The AdGuard CTO said attackers were successful in their assault and gained access to some AdGuard accounts, used for storing ad blocker settings.
Read more about the AdGuard credential stuffing attack on ZDNet.
The FBI’s Internet Crime Complaint Center (IC3) reports a wave of social engineering attacks aiming to steal employees’ login credentials so they can break into online payroll accounts.
Attackers send their targets phishing emails designed to capture login credentials, the IC3 states. They use these to access employees’ payroll, change their bank account data, and add rules so the victim doesn’t receive alerts regarding direct deposit changes. From that point, money is redirected to an account controlled by the attacker; usually a prepaid card.
Read more about the new wave of social engineering scams on DarkReading.
Website security service provider SiteLock analyzed data from 6 million customer websites for the second quarter of 2018 and found that a website, on average, suffers 58 attack attempts per day – or one every 25 minutes – an increase of 16% since the first quarter of this year. That jump comes after a dip in attack attempts from the fourth quarter of 2017 (63 attempts each day) to Q1 of this year (50 per day).
Read more about the findings of the new SiteLock report on DarkReading.
In the first half of 2018, more than 120,000 modifications in malware attacked Internet of Things (IoT) devices — triple the total in 2017 and more than 10 times for 2016, according to a new report by researchers at Kaspersky Labs.
The report shows that simple, brute-force attacks on passwords were still the most commonly used techniques to breach IoT security, making up at least part of 93% of the attacks seen. Those attacks compromised a wide variety of devices, which were then used for malicious cryptocurrency mining, DDoS attacks, the inclusion of devices in botnet threats, and more.
Read more about the findings of the new report on DarkReading.
Flight information screens were blacked out over the weekend at the Bristol Airport in the UK. Airport officials blamed the incident on a ransomware infection that affected the computers running the airport’s in-house TV screens displaying arrival and departure flight information.
The infection appears to have taken root on Friday morning, local time, according to the Bristol Airport’s social media accounts. Airport officials said they did not intend to pay the attacker’s ransom demand and opted to take down their systems while they serviced affected computers. Functionality to affected systems was restored on Sunday morning, local time.
Read more about the ransomware attack on Bristol Airport on ZDNet
The computer systems in a Florida Keys school district were down for a week due to a ransomware attack. The problems were made worse as right as district was bringing up some administration and school computers, Comcast suffered a day-long outage due to a cut fiber.
Monroe Country School District was the victim of a GandCrab ransomware attack. GandCrab, first spotted in January, was dubbed the leading ransomware threat in July. A school district employee working on payroll discovered undisclosed problems on Sunday, September 9, and submitted an IT ticket. IT contacted Symantec and was advised to bring it all down and secure the system.
Read more about the recent GandCrab ransomware attack on CSO.
A concentrated spam campaign pushing ransomware is targeting businesses in Europe, encrypting files and demanding victims pay a ransom in order to retrieve them. Dubbed PyLocky by researchers, the malware claims to be Locky, but it’s totally unrelated to what was one of the most prolific ransomware families of last year.
The new ransomware, which first appeared in July by researchers at Trend Micro shows that the ransomware is focused on targets in Europe, with France a particular target for the malware – by late August, almost two thirds of PyLocky spam was being sent to victims in France.
Read more about the new PyLocky ransomware campaign on ZDNet.
The attackers who infected Palestinian law enforcement agencies with the MICROPSIA remote access Trojan (RAT) last spring have now been detected running surveillance attacks against the Palestinian Authority and other targets in the Middle East.
According to Check Point researchers, the attackers are sending phishing emails purporting to be from the Palestinian Political and National Guidance Commission. Attached to each messages is a self-extracting archive file that contains a malicious executable and a Word document serving as a decoy.
Read more about the new attack campaign by the threat actor, which is now dubbed “Big Bang”, on DarkReading.
Data breaches, successful cyberattacks, and hacking events are often shrouded in silence. Beyond the bare-bones facts, it is often difficult for companies which have become victims of such crimes — as well as the external cybersecurity experts which perform forensics and damage control after — to admit to more than they have to.
If we are going learn how to better defend corporate networks from cyberattacks in the present and the future, communication and being able to learn from each others’ mistakes are key. While anonymized, Verizon’s new 2018 Data Breach Digest (DBD) contributes towards this goal and also gives us a look into how cyberforensics teams tackle data breaches.
Read more about the new report that gives us a glimpse of the tactics hackers are using today in the name of data exfiltration, on ZDNet.
As companies work to protect their cloud environments, they need to know which types of attacks are most likely to hit. “Cloud has been around for years, but cloud security has only within the past year or so become a formal discipline,” says Matthew Chiodi, vice president of cloud security at RedLock. And as the cloud evolves, attackers are finding new, advanced ways to break into enterprise environments.
Public cloud security incidents often stem from a poor understanding of the shared responsibility model, which governs how cloud users and providers both shoulder the burden of security, Chiodi says.
Read about different types of cyberattacks that are affecting cloud environments on DarkReading.