This week, the Polish Central Cybercrime Bureau (Centralne Biuro Zwalczania Cyberprzestępczości) under the supervision of the Regional Prosecutor’s Office in Katowice (Prokuratura Regionalna w Katowicach) took action against LolekHosted.net, a bulletproof hosting service used by criminals to launch cyber-attacks across the world. Five of its administrators were arrested, and all of its servers seized, rendering…
Category: Of Note
CISA: Review Of The Attacks Associated with Lapsus$ And Related Threat Groups Report
Executive Summary Beginning in late 2021 and continuing late into 2022, a globally active, extortion-focused cyber threat actor group attacked dozens of well-known companies and government agencies around the world. It penetrated corporate networks, stole source code, demanded payments while rarely following up, lodged political messages in shadowy online forums, and swiftly moved on to…
HHS HC3: Multi-Factor Authentication & Smishing
HHS Health Center Cybersecurity Center (HC3) has published a new informational handout and guidance on multi-factor authentication (MFA) and smishing. It includes statistics and suggestions for dealing with common obstacles to implementation. Access the handout on HHS’s site (pdf).
Notorious phishing platform shut down, arrests in international police operation
From Interpol, this week: SINGAPORE – A notorious ‘phishing-as-a-service’ (PaaS) platform known as ‘16shop’ has been shut down in a global investigation coordinated by INTERPOL, with Indonesian authorities arresting its operator and one of its facilitators, with another arrested in Japan. The three arrests, which concluded with actions against a suspect last month, was made…
White House Announces Efforts to Strengthen K-12 Schools’ Cybersecurity
Joseph J. Lazzarotti of JacksonLewis writes: In a 2019 post about increasing cyber risks in K-12 schools, we cited a report, “The State of K-12 Cybersecurity: 2018 Year in Review,” that contained sobering information about cybersecurity in local school districts across the country. According to that report, in 2018, there were 122 publicly-disclosed cybersecurity incidents…
HC3: Sector Alert: Rhysida Ransomware
August 4, 2023 TLP:CLEAR Report: 202308041500 Executive Summary Rhysida is a new ransomware-as-a-service (RaaS) group that has emerged since May 2023. The group drops an eponymous ransomware via phishing attacks and Cobalt Strike to breach targets’ networks and deploy their payloads. The group threatens to publicly distribute the exfiltrated data if the ransom is not…