Wade Mackey
Hackers targeted the Federal Bureau of Investigation’s (FBI) email servers, sending out thousands of phony messages that say its recipients have become the victims of a “sophisticated chain attack.
A flaw in the FBI’s website allowed hackers to use the FBI’s legitimate email address
Link: https://www.nbcnews.com/tech/security/hacker-takes-fbi-email-server-blasts-spam-thousands-rcna5530
Google said it found no fewer than 15,000 accounts behind the phishing messages and 1,011 domains that were purpose-built to deliver the fraudulent software responsible for executing cookie stealing malware designed to extract passwords and authentication cookies from the victim’s machine and upload them to the actor’s command-and-control servers. The hackers would then use the session cookies to take control of a YouTube creator’s account, effectively circumventing two-factor authentication (2FA), as well as take steps to change passwords and the account’s recovery email and phone numbers.
Link: https://thehackernews.com/2021/10/hackers-stealing-browser-cookies-to.html
A recent phishing campaign targeting Coinbase users shows thieves are getting smarter about phishing one-time passwords (OTPs) needed to complete the login process. It also shows that phishers are attempting to sign up for new Coinbase accounts by the millions as part of an effort to identify email addresses that are already associated with active accounts.
Link: https://krebsonsecurity.com/2021/10/how-coinbase-phishers-steal-one-time-passwords/#more-57245
Ransomware remained the standout threat in the first half of the year as cybercriminals continued to target big-name victims. Working with third parties to gain access to targeted networks, cybercriminals used Advanced Persistent Threat tools and techniques to steal and encrypt victims’ data, the report shows.
The banking industry was disproportionately affected, experiencing a 1,318% year-on-year increase in ransomware attacks in the first half of 2021. Other key findings include:
I found this trending article about how three former American intelligence officers hired by the United Arab Emirates to carry out sophisticated cyberoperations admitted to hacking crimes and to violating U.S. export laws that restrict the transfer of military technology to foreign governments.
The men helped the Emirates, a close American ally, gain unauthorized access to “acquire data from computers, electronic devices and servers around the world, including on computers and servers in the United States.
The three men worked for DarkMatter, a company that is effectively an arm of the Emirati government. They are part of a trend of former American intelligence officers accepting lucrative jobs from foreign governments hoping to bolster their abilities to mount cyberoperations.
Link: https://apnews.com/article/technology-united-states-hacking-5700a1fa8b1b4612477658b883e58f31