Unit 42 recently reported that it has identified “Jumpy Pisces, a North Korean state-sponsored threat group associated with the Reconnaissance General Bureau of the Korean People’s Army, as a key player in a recent ransomware incident.” Its investigation indicates “with moderate confidence that Jumpy Pisces, or a faction of the group, is now collaborating with
malware
Microsoft Report Highlights Attacks Against Healthcare Organizations
On October 22, 2024, Microsoft issued a threat trend research report entitled “US Healthcare at risk: Strengthening resilience against ransomware attacks.” In it, Microsoft declares that ransomware attacks against the healthcare sector are “emerging as one of the most significant” cybersecurity threats to healthcare organizations. The attack surface of hospitals “grows more complex” with digital…
SharpRhino Malware Targeting IT Professionals
Information technology professionals—beware of SharpRhino—a malware variant attributed to threat actor cybercriminals associated with Hunters International. It is being reported that Hunters International is the “10th most active ransomware group in 2024.” Hunters International has “claimed responsibility for 134 attacks in the first seven months of 2024.” It has been linked to the defunct…
NYAG Settles with Personal Touch for $350,000 over Phishing Incident
According to a press release, Personal Touch, a home health company located on Long Island, has reached a settlement with New York Attorney General Letitia James for $350,000 for a data breach that occurred in January of 2021 when a Personal Touch employee “opened a malware-infected file attached to a phishing email that allowed…
AI and Cybersecurity
There is a lot of chatter out there around the uses of artificial intelligence (AI) for cybersecurity. For example, Applied Sciences published a paper on how AI can be used for mobile malware detection, and Gartner has published on AI Security Management.
According to an article published in Forbes, entitled “A Primer on Artificial Intelligence…
Hackers Experimenting with Deploying Destructive Malware
It’s a cold, hard fact that hackers don’t really care about their victims or their victims’ data or business. They are greedy, evil human beings that just want the money.
The newest trend for hackers is to develop and launch cyber-attacks that deploy destructive malware. This means that when a threat actor infiltrates a business’…
Privacy Tip #338 – Be Aware of Apps Infected with Malware
Like all technology, mobile apps can be infected with malicious code, or malware, which is intended to gain access to your mobile phone when you download the app. Although app stores try their best to not allow malicious apps to get into the store, monitor apps once they are included in the store, and delete…
Cloaked Ursa Using Trusted Online Storage Services to Evade Detection
According to research by Palo Alto’s Unit 42, the most recent campaign by advanced persistent threat Cloaked Ursa (aka APT 20, Nobelium, or Cozy Bear), “demonstrate[s] sophistication and the ability to rapidly integrate popular cloud storage services to avoid detection.” Cloaked Ursa is believed to be affiliated with the Russian government.
Unit 42 found that…
State Department Offers $10M Reward for Information on Russian Officers Involved in Malicious Cyber Activities
The U.S. Department of State has announced a $10 million reward for “information leading to the identification or location of any person who, while acting at the direction or under the control of a foreign government, participates in malicious cyber activities against U.S. critical infrastructure in violation of the Computer Fraud and Abuse Act (CFAA).”…
CISA/FBI Advisory Warns of Destructive Malware Used Against Ukraine
The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI issued a joint advisory this week alerting organizations of destructive malware that is being used to target organizations in Ukraine, with the ongoing warnings of increased cyber-attacks against U.S. organizations.
The malware, WhisperGate and HermeticWiper, is used to “destroy computer systems and render them inoperable.”…