Vitali Kremez, Al Calleo, and Yelisey Boguslavskiy report: This report illustrates some of the new and existing Tactics, Techniques, and Procedures (TTPs) of the Ryuk ransomware variants that Advintel has witnessed throughout their investigations in 2021. Initial Attack Vector: RDP Brute Force / Other Means of Initial Attack Vector Ryuk operators gain initial access to…
Category: Commentaries and Analyses
In: In a game of Data Breach Hot Potato, companies deny being source of data for sale online
Earlier this week, OpIndia reported: After Facebook and Mobikwik, hackers have claimed to got access to another major tech giant in India. As per two posts by hackers on a hackers’ forum, they have gained access to Tata Communications servers. In the posts, the hackers are offering backdoor entry to anyone who is willing to…
Most imitated brands in phishing emails in first quarter of 2021: report
I don’t know about you, but we’re seeing a ton of new fraud attempts via messages. Keep yourself and your relatives safe (especially relatives who may not be particularly scam savvy), by telling them what to expect. Audrey Conklin reports: Microsoft and delivery service DHL led a list of the 10 most-imitated brands in global phishing attempts in…
Detecting Clop Ransomware
Splunk Threat Research Team reports: As ransomware campaigns continue, malicious actors introduce different modus operandi to target their victims. In this blog, we’ll be taking a look at the Clop ransomware. This crimeware was discovered in 2019 and is said to be used for an attack that demanded one of the highest ransom amounts in recorded history…
Brokerage firm agrees to $3 mln deal for New York cybersecurity rule violations
Sara Merken reports: Brokerage firm National Securities Corp has agreed to pay $3 million in a settlement with New York’s financial services regulator over shortfalls that resulted in four cybersecurity breaches involving unauthorized access to email accounts. Read more on Reuters. NY DFS’s press release: Superintendent of Financial Services Linda A. Lacewell announced today that…
Ca: Data Breach Class Actions: Canadian Courts Taking a Harder Look
Brent J. Arnold and Alexanda Psellas of Gowling WLG write: The recent Ontario decision in Karasik v. Yahoo! Inc.,[1] suggests that while many plaintiffs’ lawyers anticipated a future of massive payouts for data breach class actions in Canada, recent court decisions predict a different course. The beginning of what may be an emerging consensus across provinces and…