SAN MATEO, CA, August 1, 2022 — Cybersecurity news weekly roundup. Stories, news, politics and events impacting the network security industry during the last week. Brought to you by NetworkTigers.
- SMS phishing attacks on the rise
- Congress seeks information on 2021 federal court breach
- Hackers scan for vulnerabilities 15 seconds after they’re announced
- Leading cybersecurity firm hacked
- Cybercrime becoming easier to engage in
- Hackers weaponizing messaging services to launch attacks
- Phishing scheme on LinkedIn targets Facebook Ads managers
- Cyberattacks on Port of LA have doubled
SMS phishing attacks on the rise
The US government has issued a warning regarding the increasing frequency of SMS phishing attacks. Some data suggests that billions of these attacks are carried out each month. Scammers use tempting lures like texts about shipment arrivals or financial issues to bait victims into clicking links that lead to malicious code. Read more.
Congress seeks information on 2021 federal court breach
The US federal courts document system was breached more than 18 months ago, according to a statement made by the chairman of the House Judiciary Committee. The courts are being accused of covering up the breadth of the breach, said to have been undertaken by three hostile foreign actors who were able to view confidential court documentation. The courts are also being accused of resisting changes that would modernize their security as well as withholding information related to the attack. Read more.
Hackers scan for vulnerabilities 15 seconds after they’re announced
Data from Palo Alto’s 2022 Unit 42 Incident Response Report shows that threat actors begin scanning for exploits and vulnerabilities within 15 seconds after they have been publicly disclosed. Even unsophisticated hackers are able to employ tools that can search for vulnerable systems and then sell the information to those who are capable of initiating an attack. System administrators have very little time to patch before hackers get to work. Read more.
Leading cybersecurity firm hacked
Cybersecurity vendor Entrust has disclosed to customers that it suffered a data breach in June. The company has thus far declined to report if customer data was stolen. They have also neither confirmed or denied if the attack was carried out via ransomware, although no criminal outfit has taken credit at this point. The company’s operations have not been affected. Read more.
Cybercrime becoming easier to engage in
With ransomware-as-a-service providers and cheap malware, the barrier for entry with regard to cybercrime has never been easier to cross. As the black market for malicious tools as become saturated, competition has increased and driven prices down. Cybercrime is surging because of how inexpensive and easy it has become to launch attacks. Read more.
Hackers weaponizing messaging services to launch attacks
Popular messaging services like Discord and Telegram are becoming increasingly favored by hackers who use already existing features to launch cyberattacks. From bots that steal passwords to content delivery networks that host malware, the platforms provide infrastructure that criminals can use to trick victims into clicking malicious links and create phishing campaigns. Read more.
Phishing scheme on LinkedIn targets Facebook Ads managers
A phishing campaign taking place via LinkedIn has been discovered. Codenamed “Ducktail,” the campaign targets employees that have access to companies’ social media login credentials. Researchers believe that the campaign has been active for up to four years now and may be associated with Vietnamese threat actors. Read more.
Cyberattacks on Port of LA have doubled
The Port of LA has asked the FBI for assistance, as it has seen attempted cyberattacks double since the onset of the COVID-19 pandemic. According to the port, about 40 million cyberattacks are launched against it every month. A Cyber Resilience Center was created to improve security and more easily share information with the FBI related to malicious activity. Read more.