Phishing and ransomware incidents are increasingly grabbing headlines in today’s digital landscape. Here we are again with another cybersecurity update sharing the latest news on phishing, ransomware, and email security.
FBI Investigates Papercut Attacks: Educational Organizations Targeted by Bl00dy Ransomware
The FBI (Federal Bureau of Investigation) and CISA (Cybersecurity and Infrastructure Security Agency) issued a joint advisory warning about the emergence of Bl00dy Ransomware’s new tactics.
Bl00dy ransomware gang exploits a new RCE (Remote Code Execution) vulnerability in its attacks to gain initial access to enterprise networks. With the recent attacks focused on the education sector, academic institutions need to stay vigilant against this new threat.
The Bl00dy ransomware gang gained access to multiple educational networks where PaperCut servers vulnerable to the CVE-2023-27350 were exposed. The PaperCut flaw is an RCE vulnerability that impacts the PaperCut M.F. and PaperCut N.G., used by over 70,000 organizations worldwide.
Even though the vulnerability has been fixed in the latest versions, enterprises have been slow in updating them, opening them up to a Bl00dy ransomware attack. Organizations, especially educational institutions, are urged to watch for malicious activities and quickly update PaperCut N.G. and M.F. versions.
Dark Web Monitoring Now Available for All U.S. Gmail Users, Thanks to Google
Google announced that all Gmail users in the U.S. can use a dark web report security feature to protect their email addresses.
Using the new feature, Gmail users can check if their email addresses are found on the dark web. The feature will be available in the coming weeks in the US and will soon be available to individuals worldwide.
Gmail users will be able to scan the dark web to check for the presence of their email addresses and take actions to safeguard their data as per Google’s guidance, such as turning on 2-step authentication. Google will also send regular notifications to Gmail users to check if their email is linked to any data breach.
The feature is the right step and will help individuals protect their emails and online information. Google One subscribers can turn the feature on by creating a monitoring profile, navigating to Set Up, and turning on Dark Web Report.
Black Basta Ransomware Attack Strikes ABB, a Multinational Tech Firm
ABB, a Swiss multinational enterprise, was the victim of a Black Basta ransomware attack that impacted its business operations.
The organization is headquartered in Zurich and develops ICS (Industrial Control Systems) and SCADA systems as its services. On May 7, 2023, the enterprise fell victim to a Black Basta ransomware attack, affecting the organization’s Windows Active Directory and spreading to multiple devices.
ABB detected the ransomware attack and terminated all VPN (Virtual Private Network) connections to its customers to contain the ransomware from spreading. However, the incident affected the organization severely and delayed enterprise projects, and impacted factories.
ABB has taken multiple measures to contain the attack, and most of its systems and factories are running. Black Basta launched a RaaS (Ransomware as a Service) operation in April last year, quickly gaining popularity among threat actors for double-extortion attacks.
San Diego Computer Users Face New Challenge With PayPal Phishing Scam
Computer users in San Diego are being targeted with PayPal and MetaMask phishing scams by threat actors and con artists for profits.
Individuals in the area might have witnessed unsolicited emails appearing to be from PayPal and MetaMask. However, the phishing scheme is updated and clever, where the threat actors use various social engineering tactics to lure the victim, such as warning them about an imminent account withdrawal.
The FTC (Federal Trade Commission) also issued an alert regarding phishing scams. Threat actors are changing tactics and seeking as much helpful information as possible.
There have been cases where con artists urge you to call a helpline number, often picked up by a threat actor who pretends to help but steals your account information or dupes you to steal funds.
Abnormal Security Research Reveals Increase in BEC Attacks Originating From Israel
Leading AI-based email security platform, Abnormal, released a new threat report outlining the increase in BEC (Business Email Compromise) attacks from Israel.
Researchers at Abnormal analyzed over 350 BEC campaigns. Whereas nearly 74% of last year’s BEC attacks originated from Nigeria, new research shows an Israel-based threat actor group conducting BEC attacks.
The malicious actors attack in two phases, switching between internal and external personas where an organization tries to acquire another. They ask the targeted employees for the initial payment required for the merger. The threat actors target employees by impersonating the CEO (Chief Executive Officer) and attack significant enterprises with an average annual revenue of over $10 billion.
Individuals should watch out for such emails and always double-check any information soliciting a payment via official emails within the organization.