Virginia National Guard airmen guard the grounds of the U.S. Capitol. (U.S. Air National Guard photo by Staff Sgt. Bryan Myhr)

FBI: Disinformation Campaigns Seek to Exploit Capitol Siege

Mathew J. Schwartz • January 18, 2021

The U.S. Capitol siege and the impeachment of President Trump are being exploited for disinformation purposes ahead of inauguration day by Russia, Iran and China, a U.S. joint threat assessment reportedly warns. But in terms of violence, domestic extremists are the principal threat.

Card Not Present Fraud

Capitol Riot: Self-Surveillance Feeds Investigation

Latest

NZ Reserve Bank Governor Says He 'Owns' Breach

Jeremy Kirk • January 18, 2021

The governor of New Zealand's Reserve Bank says he "personally owns" responsibility for a data breach that exposed private and sensitive stakeholder information. The breach came after a serious vulnerability was disclosed in December in Accellion's File Transfer Appliance, which the bank uses.

Cybercrime as-a-service

Magecart Groups Hide Behind 'Bulletproof' Hosting Service

Prajeet Nair • January 16, 2021

Several Magecart groups hide their JavaScript skimmers, phishing domains and other malicious tools behind a "bulletproof" hosting service called Media Land, according to researchers with RiskIQ. This particular service is notorious for catering to cybercriminals and hackers.

Anti-Phishing, DMARC

Iranian APT Group Revived Phishing Activities Over Holidays

Akshaya Asokan • January 16, 2021

A recent phishing campaign tied to an Iranian hacking group known as Charming Kitten used SMS and email messages to spread malicious links to steal the email credentials of potential victims in the U.S., Europe and the Persian Gulf region, security firm Certfa Lab reports.

Cyberwarfare / Nation-State Attacks

Biden Inauguration: Defending Against Cyberthreats

Doug Olenick • January 15, 2021

As thousands of National Guard troops pour into Washington to provide security for the Jan. 20 inauguration of Joe Biden as president, cybersecurity analysts are calling attention to the need to defend against cyber incidents as well.

Cybercrime

Ransomware Disrupts Scottish Environment Protection Agency

Mathew J. Schwartz • January 15, 2021

The Scottish Environment Protection Agency says a ransomware attack last month continues to cause serious outages and warns that ransom-demanding attackers also stole some data. The Conti ransomware-as-a-service operation has claimed credit for the attack and begun to leak the stolen data.

Identity & Access Management

The Critical Role of Dynamic Authentication

Suparna Goswami • January 15, 2021

Organizations with largely remote workforces must strengthen their dynamic authentication processes to enhance security, says Sridhar Sidhu, senior vice president and head of the information security services group at Wells Fargo.

Cybercrime

'Scam-as-a-Service' Scheme Spreads

Akshaya Asokan • January 15, 2021

A Russian-speaking "scam-as-a-service" operation dubbed "Classiscam" is expanding globally, with 40 interconnected gangs in about a dozen countries using fake product advertisements to launch phishing schemes, the security firm Group-IB reports.

Encryption & Key Management

NSA Offers Guidance on Adopting Encrypted DNS

Prajeet Nair • January 15, 2021

The NSA has released guidance on how organizations can adopt encrypted domain name system protocols to prevent eavesdropping and manipulation of DNS traffic. Although the agency's report is geared toward the military and defense contractors, its recommendations can be adopted in all sectors.

3rd Party Risk Management

SolarWinds Supply Chain Hack: Investigation Update

Anna Delaney • January 15, 2021

The latest edition of the ISMG Security Report describes new details emerging from the SolarWinds supply chain hack investigation. Also featured: A discussion of why security education is so crucial in 2021 and tips on how to retain security and operations center analysts.

Business Continuity Management / Disaster Recovery

CISA Warns of Surge in Attacks Targeting Cloud Services

Scott Ferguson • January 14, 2021

The U.S. Cybersecurity and Infrastructure Security Agency warns that hackers are increasingly targeting cloud services by waging phishing schemes and brute-force attacks. CISA recommends a number of defenses, including regularly reviewing Active Directory sign-in logs and enforcing multifactor authentication.

Forensics

How Conti Ransomware Works

Doug Olenick • January 14, 2021

Conti ransomware, which emerged eight months ago, poses a severe threat, according to Cybereason's Nocturnus Team, which offers an in-depth analysis of how the malware works.

Active Defense & Deception

Sizing Up the Role of Deception Technology

Anna Delaney • January 14, 2021

Chris Kubic, former CISO of the National Security Agency, describes how deception technology can change the defensive landscape: "Where deception comes into play is for the unknown threats, the things that are either an attack you haven't seen before or the attacker evolved their technique."