As daily life and business become more digitized, cybersecurity is increasingly a topic of global importance. Not just for cyber professionals, but for everyone. Cyber criminals continue to become faster and more sophisticated, trying to outmanoeuvre the organizations aiming to take them down, and have become increasingly difficult to contain. Organizations are struggling with evolving threats, a growing attack surface, and a serious cybersecurity skills shortage.
Phishing Attacks Shift Focus On Online Shoppers
Cyber criminals are upping their efforts to catch out online shoppers with phishing scams disguised as delivery emails. Cyber criminals are upping their efforts to catch out online shoppers with phishing scams disguised as delivery emails.
Researchers at Check Point have reported that there has been a 440% rise in shipping-related phishing emails in the last month, with Europe seeing the biggest increase.
The emails are reportedly designed to look like the ‘real deal’, encouraging victims to make payments and, most importantly for the criminal, to input your details which can then be stolen. There is also an example of a scam encouraging someone to ‘log in’, which hands over an email address and password for the account which the victim thinks they are accessing.
Xanthe Docker Aware Miner
Attackers are constantly reinventing ways of monetizing their tools. Cisco Talos recently discovered an interesting campaign affecting Linux systems employing a multi-modular botnet with several ways to spread and a payload focused on providing financial benefits for the attacker by mining Monero online currency.
The infection starts with the downloader module, which downloads the main installer module, which is also tasked with spreading to other systems on the local and remote networks. The main module attempts to spread to other known hosts by stealing the client-side certificates and connecting to them without the requirement for a password.
The main payload is a variant of the XMRig Monero mining program that is protected with a shared object developed to hide the presence of the miner's process from various tools for process enumeration.
Defenders need to be constantly vigilant and monitor the behavior of systems within their network. Attackers are like water — they look for the smallest crack to seep in, like we see in Xanthe's potential to spread using systems with exposed Docker API. While organizations need to be focused on protecting their most valuable assets, they should not ignore threats that are not specifically targeted at their infrastructure.
Up to 350000 Spotify Accounts Hacked
Security Researchers have found an unsecured internet-facing database containing over 380 million individual records, including login credentials that were leveraged for breaking into 300,000 to 350,000 Spotify accounts. The exposed records included a variety of sensitive information such as people’s usernames and passwords, email addresses, and countries of residence.
VPNMenton uncovered the treasure trove of data that was stored on an unsecured Elasticsearch server. Both the origin and owners of the database remain unknown.
For context, credential stuffing is an automated account takeover attack during which cybercriminals leverage bots to hammer sites with login attempts using stolen access credentials from data breaches that occurred at other sites until they find the right combination of “old” access credentials and a new website and gain access. Usually applying some form of multi-factor authentication mitigates the chances of accounts being compromised.
Validate your network’s security accuracy, cloud application usage and performance with our Cyber Threat Assessment.