A hacker group by the name of Dark Overlord threatened to release files it claims were stolen from a law firm — believed to have advised the insurance company responsible for handling claims related to the September 11 terrorist attack — unless the firm paid ransom in the form of bitcoin. According the group’s own announcement, stolen data includes:
The threat to release stolen information stems from a prior ransomware attack, where the law firm paid the initial ransom, but breached the hacker group’s “terms of agreement” by reporting the incident to law enforcement. The hacker group is now threatening to “bury” the law firm, unless they pay a second ransom.
This is not the first appearance of Dark Overlord — the group is also responsible for leaking stolen episode content of the popular Netflix series, Orange is the New Black, after Netflix refused to pay ransom.
Source: SC Magazine
A botnet and popular family of malware by the name of Emotet has emerged as an increasingly dangerous cyber threat to organizations over the past year as its operators beef up their tactics
Starting out as a bank Trojan, Emotet, when first deployed in 2014, was designed to steal banking credentials and other sensitive data. Emotet was frequently spread via phishing emails including malicious documents or links. Emotet has evolved rapidly, now utilizing business email compromise as a delivery mechanism, and arming the software with the ability to drop additional payloads.
In January 2019, the U.S. Department of Justice (DOJ) announced efforts to "map and further disrupt" a botnet tied to North Korea that has spent the last decade infecting computers running Microsoft Windows around the world.
Source: The Hacker News
The U.S. Director of National Intelligence, Dan Coats, with several of the nation’s top intelligence officials, warned the Senate Intelligence Committee in January of the top nation-state threats facing the country, including China, Russia, Iran and North Korea.
Source: Bank Info Security
In another case of malware-as-a-service, cybersecurity firm, FireEye Intelligence, recently identified two malicious documents capable of delivering Cobalt Strike’s “Beacon” payload, used in what FireEye believes to be a malware campaign targeting U.S. banks.
Hacktivist Martin Gottesfeld has been sentenced to over 10 years in prison for launching crippling cyberattacks on two healthcare organizations in 2014, in protest of reported patient mistreatment by both organizations. Gottesfeld’s sentencing is a continuation of efforts by the U.S. government to disrupt the “webstressers” market and punish those responsible for launching distributed denial of service (DDoS) attacks.
Major mobile service providers, such as AT&T, T-Mobile, and Sprint, have been actively collecting their customers' location data and selling it to the highest bidder for years — and this is not the first time abuses have been caught out:
Source: Bleeping Computer
Under financial strain due to ongoing sanctions, a cash-starved North Korea has turned to other means of generating revenue, namely, backing the exploitation of financial institutions around the world.
A recently disclosed attack on the Chilean interbank network, Redbanc, appears linked to the notorious Lazarus hacking group, a nation-state sponsored group linked to North Korea.
Source: Security Week
A server containing more than 24 million financial, banking and credit report documents for tens of thousands of loans and mortgages going back the last 10 years was not password protected, allowing unauthorized users access to the documents.
Sources: Security Discovery and Tech Crunch
Networking giant, Cisco, recently released a patch for significant vulnerabilities in two of its Small Business router models:
Described by an article in The Guardian as the “the largest collection ever of breached data found,” KrebsOnSecurity went digging for additional details regarding a massive collection of email addresses and plain text passwords, recently posted for sale on the dark web
Source: Krebs on Security
How safe is your organization? Take the Cyber Risk Scorecard survey to assess your current cybersecurity standing and find additional steps your organization can take to protect against common cyber threats.
Jake Omann specializes in providing clients with risk management and executive risk services that cover their liabilities as a corporation, as well as the personal liabilities of their directors and officers. He started his career over 10 years ago in sales at a multinational financial services co
Jake Omann specializes in providing clients with risk management and executive risk services that cover their liabilities as a corporation, as well as the personal liabilities of their directors and officers. He started his career over 10 years ago in sales at a multinational financial services corporation before beginning his broker career in managing executive risk programs for Fortune 500 companies. Jake currently sits on the board for ACES for Kids.
Wire transfer requests top the list of business email compromise (BEC) objectives, according to a study by Barracuda Networks. Additional objectives laid out by the report include duping users into clicking on malicious links, establishing rapport and stealing information, with the end goal of extorting millions of dollars from unsuspecting companies.
This month's Threat Intelligence Report is about a large hotel chain that reports an “unauthorized access” to its customer database since 2014, exposing data of 500 million guests; a vulnerability in a postal service site that left 60 million customers exposed for more than a year; a third-party vendor breach that exposes data of millions of healthcare patients; a new report that profiles notorious MageCart cyber criminals; court documents that reveal first-ever indictment on ransomware charges; and a bundled pack that makes SamSam and other ransomware easier for hackers to obtain and deploy.
Send a Message
Find a Location