With mere access to one corporate account, hackers can move laterally across the network and disrupt the broader operations of the company. Recently, cybercriminals launched such spyware campaigns to collect credentials from industrial enterprises. A relatively new ransomware family could be the next big threat, warned the FBI, as it belongs to a well-established cybercrime group. On the brighter side, you’ll now be prompted with an alert before you open a harmful file in Google Drive. Let’s now scroll down for today’s cybersecurity roundup from the last 24 hours.
01
Kaspersky ICS CERT spotted multiple spyware campaigns, named anomalous, aimed at industrial enterprises to harvest email account credentials of employees for financial fraud or to sell them to another group.
02
The FBI formally established a connection between the Wizard Spider cybercrime group and the Diavol ransomware family. It has shared IOCs associated with the group and urged organizations to watch out for the threat.
03
Crypto scammers are reportedly tricking BTC enthusiasts by promoting a fraud scheme that claims Amazon will launch its own digital token.
04
Kaspersky unearthed MoonBounce, a custom UEFI firmware implant, which can hide in the system across disk formatting or replacement. It appears to be the brainwork of the Chinese Winnti group.
05
Barracuda Networks observed a 521% spike in phishing attacks leveraging the highly transmissible Omicron variant of the COVID-19 virus.
06
According to BlackBerry, a subscription-based service Prometheus TDS has played a major role in the successful attacks by Russian actors. They have been using it to redirect online users to phishing pages.
07
FortiGuard Labs found threat actors abusing shipping services to deliver the STRRAT malware by impersonating fake invoices, notices related to changes in the shipping address, or fictitious purchases.
08
SafeBreach discovered VirusTotal Hacking, a way to extract millions of credentials using a licensed version of the VirusTotal platform only by executing a simple search and with the aid of a few malware tools.
09
Google rolled out a new feature that warns users when they open potentially suspicious or malicious PDF files hosted on Google Drive.
10
Canadian password manager 1Password raised $620 million in Series C round led by investment firm ICONIQ Growth with participation from other investors.
