Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days.
Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back each Friday for highlights of the goings-on each week!
In our latest report on Pawn Storm, researchers expose the scope and scale of the cyber espionage group’s attacks but more importantly their cyber tradecraft. Our researchers have observed activity going back seven years targeting government, military, media, and political organizations around the world.
The latest in a long line of our collaborative efforts with INTERPOL was revealed by the organization on Monday. We helped support a major operation to crack down on cybercrime in the ASEAN region, resulting in the identification of nearly 9,000 Command and Control (C&C) servers and websites.
Pawn Storm is an active and aggressive espionage actor group that has been operating since 2004. The group uses different methods and strategies to gain information from their targets, which are covered in our latest research. However, they are particularly known for dangerous credential phishing campaigns.
App-based guides for games, including Fifa and Pokemon Go, were used to target more than 500,000 Android users with malware, a cyber-security company has said. The apps, discovered on the Google Play Store, were designed to take control of devices before downloading malware.
A Hertfordshire man has been jailed for two years after netting nearly £400,000 from the malware he wrote as a 15-year-old student. Adam Mudd, now 20, was sentenced to two years in a young offenders’ institute this afternoon.
Windows’ system files were flagged as malicious, and Facebook was marked as a phishing site. A malware signature update issued by the company on Monday triggered the software into mistakenly flagging Windows system files as malware, melting down millions of managed systems around the world.
These actors often use multi-angle bombardment attacks on the same target, implementing multiple methods to reach their goals and relying on practiced (proven) techniques, especially when it comes to phishing attacks.
A new mysterious malware that builds a vast peer-to-peer botnet to infect the Internet of Things (IoT) worldwide has been identified with almost 300,000 devices under its control, ready to perform a large-scale DDoS attack.
The number of emails containing ransomware rose 6,000 percent since 2015, and in 2016, 40 percent of all spam emails had one of these malicious programs hidden within, according to IBM. Thankfully, new approaches like machine learning are blazing a trail in the fight against ransomware.
It is very important to not confuse vulnerabilities with threats. While there may be fewer known threats for Linux, if you look at the National Vulnerability Database, there are a similar number of vulnerabilities reported for both Linux, and Windows operating systems.
Please add your thoughts in the comments below or follow me on Twitter; @JonLClay.