NetStandard’s Security Minute Series
If you want to see how attackers are using phishing to get into victims’ mailboxes, Microsoft has a good writeup: Behind the scenes of business email compromise: Using cross-domain threat data to disrupt a large BEC campaign | Microsoft Security Blog
Or, if you want to see how ransomware gangs get into the network after the initial phish, here’s a good article on the market for buying access: Researchers: Booming Cyber-Underground Market for Initial-Access Brokers | Threatpost
Fujifilm was hit with ransomware earlier this month – And didn’t pay the ransom!! Fujifilm resumes normal operations after ransomware attack (bleepingcomputer.com)
A US nuclear weapons contractor was also hit – And also apparently didn’t pay: REvil ransomware hits US nuclear weapons contractor (bleepingcomputer.com)
For those of you who are interested in reverse-engineering malware, here’s an analysis of DarkSide (the ransomware that hit Colonial Pipeline): A step-by-step analysis of a new version of Darkside Ransomware (v. 2.1.2.3) – CYBER GEEKS
On another note…
- Ukraine arrested six people connected to the Cl0p ransomware gang, which was heavily targeting organizations using Accellion equipment: Krebs on Security – In-depth security news and investigation
- Carnival Cruise Lines recently disclosed a data breach affecting many of its customers: Carnival-March-bc-data-breach-notice – DocumentCloud