How Are Attackers Using Phishing to Get Into Victims’ Mailboxes?
NetStandard’s Security Minute Series
If you want to see how attackers are using phishing to get into victims’ mailboxes, Microsoft has a good writeup: Behind the scenes of business email compromise: Using cross-domain threat data to disrupt a large BEC campaign | Microsoft Security Blog
Or, if you want to see how ransomware gangs get into the network after the initial phish, here’s a good article on the market for buying access: Researchers: Booming Cyber-Underground Market for Initial-Access Brokers | Threatpost
Fujifilm was hit with ransomware earlier this month – And didn’t pay the ransom!! Fujifilm resumes normal operations after ransomware attack (bleepingcomputer.com)
A US nuclear weapons contractor was also hit – And also apparently didn’t pay: REvil ransomware hits US nuclear weapons contractor (bleepingcomputer.com)
For those of you who are interested in reverse-engineering malware, here’s an analysis of DarkSide (the ransomware that hit Colonial Pipeline): A step-by-step analysis of a new version of Darkside Ransomware (v. 2.1.2.3) – CYBER GEEKS
On another note…
- Ukraine arrested six people connected to the Cl0p ransomware gang, which was heavily targeting organizations using Accellion equipment: Krebs on Security – In-depth security news and investigation
- Carnival Cruise Lines recently disclosed a data breach affecting many of its customers: Carnival-March-bc-data-breach-notice – DocumentCloud