You can’t stop the ‘next SolarWinds’ — but you can slow it down

It was one of the biggest questions in cybersecurity of 2021, and it’s sure to remain on the minds of countless businesses into 2022, too: How do you prevent a software supply chain attack?

Such attacks have soared by 650% since mid-2020, due in large part to infiltration of open source software, according to a recent study by Sonatype.

But an even bigger driver of the question, of course, has been the unprecedented attack on SolarWinds and customers of its Orion network monitoring platform. In the attack, threat actors compromised the platform with malicious code that was then distributed as an update to thousands of customers, including numerous federal agencies.

Find out more, HERE. 

Kaspersky finds that cryptomining malware was up, financial malware down in Q1 2021

Bitcoin prices rocketed in early 2021, and so did the number of cybercriminals distributing malware to force infected devices to mine them, with numbers quadrupling from February to March alone.
Kaspersky finds that case of cryptomining malware were up, while financial malware was down in Q1 2021.

Kaspersky has published two reports detailing the state of the cybersecurity threat landscape in the first quarter of 2021. The first report, details desktop attacks and found that cryptomining malware has exploded in popularity, while the second report covering mobile devices, revealed that a popular Trojan targeting gamers has made the leap from PC to Android. 

Read the article and access the reports HERE. 

 

What do YOU know about Malware?

So you think you know your malware? Here's a quick refresher from Roger A. Grimes at CSO Online to make sure you know what you're talking about — with basic advice for finding and removing malware when you've been hit. 

Read it here - 9 types of malware and how to recognize them

Concerns about SWIFT

The international payments-messaging system SWIFT, used by 11,000 banks, issued a mandatory software upgrade to users of its Alliance Access interface, as concern deepened about cyber-attacks on the banking system. The non-profit body said criminals were using malicious software to disguise fraudulent transactions. In February cyber-criminals stole $81m from Bangladesh’s central bank—one of the biggest heists in history.

Mobile Banking Threats – What’s on the cards?

The Latest Data on Mobile Banking Threats
From PYMNTS.com -

“Mobile financial threats are now among the ranks of the top ten malicious programs that were created to steal money, according to new data from Kaspersky Lab.

In its latest security bulletin about the trends in 2015, it dives into what it calls the “rapid spread of ransomware,” which Kaspersky Lab reported being found in 200 countries and territories alone in 2015. But that’s not to say traditional financial cybercrime has gone down. In general, its data showed that cyberattacks committed against businesses doubled in 2015.

Kaspersky’s data shows that its lab solutions blocked “almost 2 million” attempts to launch malware that the firm says is capable of stealing money through online banking using computers. This was a 2.8 percent increase from the year prior.”

Read more>> 

NCA in safety warning after millions stolen from UK bank accounts

From The Guardian –

“Law enforcement officials are hunting cyber attackers who have pulled off a series of internet “heists” on British bank accounts worth at least £20m.

British government ministers have been informed and the law enforcement effort involves the United Kingdom’s top secret electronic security centre at GCHQ, as well as the UK’s national Computer Emergency Response Team (CERT), which was set up in 2014.

In the US the FBI is involved, while in Europe the police agency Europol is also helping to investigate, as well as law enforcement in Germany and Moldova where it is believed the attackers may have links to.

The virus or malware, known as Dridex, may be responsible for worldwide losses of $100m so far.”

Read more>>

British banks lose £20 million to Dridex malware

From Finextra –

“UK internet users are being warned to take guard against a virulent strain of banking malware that has succeeded in siphoning £20 million from individual bank accounts.

The alert from the UK's national Crime Agency centres on Dridex malware, also known as Bugat and Cridex, which has been developed by technically skilled cyber criminals in Eastern Europe to harvest online banking details. The Agency is encouraging all internet users to ensure they have up to date operating systems and anti-virus software installed on their machines, to protect themselves from further cyber crime attacks.”

Read more>>