TrickBot Botnet Survives Takedown Attempt

Sadly, the TrickBot Botnet was back and operational just days after it had been “taken down” by a combined effort of technology, security, and financial services companies. The operators clearly have skilled team members and practice all the business continuity skills that legal companies are encouraged to implement. 

 

https://www.securityweek.com/trickbot-botnet-survives-takedown-attempt

 

If clicking the link does not take you to the proper page, copy and paste the link into your browser.


Security Firms & Financial Group Team Up to Take Down Trickbot

Trickbot is a popular ransomware delivery mechanism. It also is used to control a sophisticated C2, Command and Control, network of bots. A coordinated effort by financial services firms teaming with Microsoft, ESET, Black Lotus Labs, and Symantec cyber security firms, took down the infrastructure of the C2 network.

 

https://www.darkreading.com/vulnerabilities---threats/advanced-threats/security-firms-and-financial-group-team-up-to-take-down-trickbot/d/d-id/1339155?fbclid=IwAR1K1qbBkWJjas5uutGIoUSsmoRQemfYYY08cf9x92taMVZ55X2Fqg0DazQ

 

If clicking the link does not take you to the proper page, copy and paste the link into your browser.


25% of BEC Cybercriminals Based in the US

Business email compromise is a pervasive and devious attack method employed by many cyber criminals to deliver malware. But the popular belief was that the perpetrators were all overseas. And many are. But a study showed that 25% are based in the United States. 

 

https://www.darkreading.com/threat-intelligence/25--of-bec-cybercriminals-based-in-the-us/d/d-id/1339168

 

If clicking the link does not take you to the proper page, copy and paste the link into your browser.


Risk Management Shortfalls Lead to $400 Million Citibank Fine

The Office of the Controller of the Currency, OCC, has fined Citibank $400 million for failing to have proper risk management at the enterprise level, in compliance, internal controls, and data controls. 

 

This is a substantial fine and meant to send a message. 

 

https://www.bankinfosecurity.com/risk-management-shortfalls-lead-to-400-million-citibank-fine-a-15171?rf=2020-10-14_ENEWS_SUB_BIS__Slot1_ART15171&mkt_tok=eyJpIjoiWVRGbE9XWTVaRFpsT1dObCIsInQiOiJhN2VsUXZXcHpEcUhua01ERis1Qit1UDZCZDVlOWo4ZmNSTTdVS2lMYkFoTTU1cG00YXJmNitcL0tcL1lUeFQyY3NQOVA1eTdIZmwxaE5VQnpXZGdPOTlyS3dnU29Rb0xIdE8yYzFNZUF4RUJcL3F4dTg0Q21WQlwvWlBPeDJSVUprTWQifQ%3D%3D

 

If clicking the link does not take you to the proper page, copy and paste the link into your browser.


Emotet 101: How the Ransomware Works -- and Why It's So Darn Effective

51% of firms have been hit by ransomware attacks according to research by Sophos and published in The State of Ransomware 2020. Emotet is a trojan used to deliver highly effective payloads and is available as Malware As A Service. This means for a few hundred dollars or a monthly fee people with little to no technical knowledge can be in the malware and ransomware business. Emotet infects numerous things on the network before activating the attack, making it hard to detect and difficult to stop. 

 

https://www.darkreading.com/edge/theedge/emotet-101-how-the-ransomware-works----and-why-its-so-darn-effective/b/d-id/1339124

 

If clicking the link does not take you to the proper page, copy and paste the link into your browser.


Microsoft Office 365 Accounts a Big Target for Attackers

Microsoft Office 365 is a dominant force in the market with over 258 million users being active each month. But while advantageous for Microsoft it makes 365 a prime target for hackers. Office 365 has some of the same features as Windows designed to simplify repetitive tasks. And these features are used by cybercriminals to infiltrate and expand their presence in the network. The use of these features makes them virtually invisible to the tools used to detect hackers.  

 

https://www.darkreading.com/vulnerabilities---threats/microsoft-office-365-accounts-a-big-target-for-attackers/d/d-id/1339186?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

 

If clicking the link does not take you to the proper page, copy and paste the link into your browser.


Cloud and Open Source: The New Attack Vectors

The cloud has delivered many benefits for companies with the pandemic accelerating the move to the cloud for many companies. But the cloud has also become a major target for cyber criminals. Now the criminals have traded own servers for the cloud and their proprietary tools for open source ones. This makes it far more difficult for the cloud vendors to differentiate between legitimate users and cyber criminals. 

 

https://apscdn.nyc3.digitaloceanspaces.com/resources/pdf/insights/Cloud%20and%20Open%20Source%20-%20The%20New%20Attack%20Vectors%202020-10-08.pdf

 

If clicking the link does not take you to the proper page, copy and paste the link into your browser.

 


Rise in Remote MacOS Workers Driving Cybersecurity 'Rethink'

Working from home has brought has created a large remote workforce and with it many more Apple Macs on company networks. And this has made home workers a prominent target of cyber criminals. IT departments have had to quickly adjust to managing a remote workforce where they can not walk over to the machine. The addition of Macs means IT needs to become familiar with managing Macs as well as Windows machines. 

 

https://www.darkreading.com/endpoint/rise-in-remote-macos-workers-driving-cybersecurity-rethink/d/d-id/1339054?fbclid=IwAR3z1XfN_qXsrWdhtesWg4446tMLX8WaMsTnNNJx9--SmWfoJcR0tqaA-QE

 

If clicking the link does not take you to the proper page, copy and paste the link into your browser.


Treasury Dept: Ransomware Payment Facilitation Could Be Sanction Risk

In an Advisory, the Treasury department warned companies that act as go-betweens helping ransomware victims pay the ransom, that they may be subject to sanctions for violating Office of Foreign Asset Control regulations. 

 

https://healthitsecurity.com/news/treasury-dept-ransomware-payment-facilitation-could-be-sanction-risk?eid=CXTEL000000268526&elqCampaignId=16250&utm_source=nl&utm_medium=email&utm_campaign=newsletter&elqTrackId=86d7db7580924030985582e76d4a62d7&elq=3c410c03be3348158828313220dab43c&elqaid=17003&elqat=1&elqCampaignId=16250

 

If clicking the link does not take you to the proper page, copy and paste the link into your browser.


Malware for Ad Fraud Gets More Sophisticated

Online advertising is a $125 billion market. So it is not surprising that cyber criminals want their unfair share. Facebook found an attack that stole session cookies and then logged in from an IP address that was geographically close to the user whose session cookies had been stolen. Warning to users were disabled making the cyber-criminals harder to detect. 

 

https://www.darkreading.com/vulnerabilities---threats/malware-for-ad-fraud-gets-more-sophisticated/d/d-id/1339094?fbclid=IwAR2e8Dh3oScVFmWUkwGQlGibfuqIQM72bEhkDSjmPIhudvozHfQn5Dw-sxY

 

If clicking the link does not take you to the proper page, copy and paste the link into your browser.