At a glance.
- Trends in data breaches.
- TrickBot resurfaces.
- British Mensa suffers data breach.
Breach report study sheds light on cyberattack trends.
SecurityWeek summarizes a study conducted by threat intelligence startup HackNotice analyzing over 60,000 breach reports from 2018 to 2020. They categorized the breaches into five categories based on the source of the report:
- Over 41,000 leaks were disclosed by the hackers themselves.
- About 15,000 leaks were reported by news sources. As 2.7 times more breaches were reported by hackers, the dark web appears to be a better source of information than the media.
- Nearly one thousand leaks were the result of a ransomware attack in which the targeted organization refused to pay the ransom, an extortion tactic that first surfaced just last year.
- Over two thousand breaches were revealed when the hacker defaces the content of the victim’s website. This strategy often has political or ethical motivations and the increase over the past two years reflects the turbulent geopolitical landscape.
- About 9,000 were reported directly to an official source such as the Department of Justice.
Overall, the report indicated that there has been a steady increase in successful cyberattacks, possibly targeted organizations are more focused on purchasing expensive cybersecurity tools than on educating their employees about threats. Secondly, the study showed a decrease in the reporting of attacks through official sources, perhaps because organizations are waiting to disclose a breach until they’ve already begun investigating it, so they can address issues before they become public knowledge.
The resurrection of TrickBot.
Readily used by the infamous Ryuk ransomware gang, Trickbot botnet malware first appeared in 2016 and became so threatening that last October the US Military Cyber Command and Microsoft launched campaigns to disrupt its operations. It appeared their actions worked, but now CSO Online reports that researchers at Menlo Security have found evidence of the reemergence of Trickbot in the form of a campaign targeting North American law firms and insurance companies. The phishing scam convinces the victim to open a malicious email masquerading as a driving infraction notice, but when the target attempts to download evidence of the offense, a file containing heavily obfuscated JavaScript code infiltrates their system. HotHardware explains that, unlike past Trickbot campaigns that utilized weaponized documents, the new operation sends victims to a compromised server.
Despite Trickbot’s reappearance, CyberScoop hopes that two new interventions aimed at Emotet and NetWalker malware will be more effective. US and European authorities have seized servers used by Emotet, while US and Bulgarian forces confiscated almost half a million dollars’ worth of the NetWalker gang’s cryptocurrency.
Mensa’s geniuses are no match for hackers.
If you’re smart enough to hack into Mensa, do you get an automatic membership? The British branch of Mensa’s website has been taken offline due to a cyberattack, reports Computing. A spokesperson stated that the attack seemed “designed to discredit Mensa's systems” and “involved considerable resources.” Graham Cluley notes that the incident was followed by the exit of two Mensa board members. Mensa’s former director and technology officer Eugene Hopkinson resigned after writing an open letter disparaging the organization’s cybersecurity practices, specifically mentioning that member passwords are stored in plain text and that he has “no faith that the board will take adequate action to investigate this possible data security breach.” Mensa stated that the Information Commissioner’s Office has been notified and that an investigation is, in fact, underway.