Researchers are warning that IoT products and mobile devices are actively abused to facilitate partner coercion. According to the information provided by cybersecurity experts during the Black Hat cybersecurity conference in Las Vegas this week, the rapid increase in the frequency of use of stalkerware in gender-based violence and intimate partner violence is attributable to the coronavirus pandemic. Stalkerware may be defined as the software enabling users to monitor the activities of another user on his devices without any authorization from their side. Unlike spyware that is actively used by law enforcement or government agencies, stalkerware is mostly used by individuals.
Stalkerware may be used to remotely monitor phone calls, track location, steal images and video from the infected device, and, generally, perform any other malicious tracking activities. In most cases, physical access to the handset takes place before the installation of this malicious software. Although the remote installation of stalkarware does not often take place, in some cases, malicious SMS messages, as well as phishing emails, are used by actors to infect the targeted victim’s devices.
Security researchers are putting a spotlight on hidden workers who are one of the core elements of the cybercriminal ecosystem. At the same time, many of these unknown actors do not even know that they are engaged in malicious activities. The cybersecurity research on these groups of people has been conducted by Czech Technical University in cooperation with cybersec companies SecureWorks and GoSecure. Often, people enter into malicious schemes due to the opportunity to make easy money. However, the participation of hidden workers allows big malicious actors to launch huge hacking campaigns.
The security specialists working on preparing this research revealed a group of hidden workers involved in a botnet and Android malware campaigns affecting hundreds of thousands of users. Although these hidden workers are located at the bottom of the schemes behind malicious campaigns, they perform very useful activities for cybercriminals allowing the latter to spread phishing malware. Most hidden workers are invited to participate in malicious schemes through online forums and different discussion platforms.
The first half of 2021 is associated with the rapid intensification of ransomware cybercrimes worldwide. Compared to the first half of 2020, the number of ransomware attacks committed for the first 6 months of 2021 has increased by a colossal 151 per cent. According to the information provided in the FBI warning, there are 100 different strains circulating worldwide. SonicWall Capture Lab has logged 304.7 million ransomware attacks for the first 6 months of 2021. According to the recent data provided by SonicWall, the three most widespread strains are SamSam, Cerber, and Ryuk.
The first place in the list of the most widespread strains is held by Ryuk with 93.9 million recorded attempts, a figure that is 3 times higher compared to the same period in 2020. The second place is held by Cerber with 52.5 million recorded attempts and Cerber ransomware is on the rapid rise. When speaking about SamSam, the number of recorded attempts for the first 6 months in 2021 equalled 49.7 million that is two times more than for the entire year of 2020. Every month is setting new records when speaking about the number of committed ransomware attacks.
Mitsubishi safety programmable logic controllers (PLCs) contain a number of unpatched vulnerabilities that could be exploited by malicious actors to acquire legitimate user names by carrying out brute force attacks. The malicious activities could even result in denial-of-service conditions. Nozomi Networks has disclosed weakness in the Mitsubishi systems related to authentication mechanism implementation in the MELSEC communication protocol.
The CVSS score of the revealed weaknesses ranges between 3.7 and 7.4. Some of the identified flaws are likely to be strung together enabling attackers to cause serious damage to the targeted systems by locking users out of PLC and even changing their existing passwords. The researchers have not disclosed any further details on the revealed vulnerabilities. Mitsubishi Electric has published a series of mitigations to address the security issues caused by the exploitation of the identified flaws.
In today’s K-12 cybersecurity landscape, school ransomware has become an extremely important topic. School leaders don’t always connect school ransomware and student safety that is a serious mistake from their side. K-12 ransomware is changing rapidly and now malicious actors can steal data before and after committing ransomware attacks. Previously, hackers attacked schools to force them to pay a ransom but today malicious actors start using the stolen data in radically new ways.
For example, in Johnston, Iowa, malicious actors were sending text messages to students and their parents threatening to kill them. The schools were forced to temporarily close their doors. School admins need to pay greater attention to the protection of personally identifiable information such as names, physical addresses, telephone numbers, etc. By stealing these data malicious actors get the opportunity to commit further attacks. That is why the protection of cloud applications containing these data should become a top priority for school admins.
Enter your email address to subscribe to Hacken Reseach and receive notifications of new posts by email.