Hackers Shift from Malware to Credential Hijacking

Adversaries are relying less on malware to conduct attacks that are consequently more difficult to detect, according to an annual report released by cybersecurity firm CrowdStrike.

“According to data from our customer base indexed by Threat Graph, 68% of detections from the last three months were not malware-based,” reads the report released Wednesday. “Attackers are increasingly attempting to accomplish their objectives without writing malware to the endpoint, using legitimate credentials and built-in tools (living off the land)—which are deliberate efforts to evade detection by traditional antivirus products.”

continue reading: https://www.nextgov.com/cybersecurity/2021/09/report-hackers-shift-malware-credential-hacking/185209/

Attacker Breakout Time Now Less Than 30 Minutes

The average time it takes threat actors to move from initial access to lateral movement has fallen by 67% over the past year, putting extra pressure on security operations (SecOps) teams, according to CrowdStrike.

The findings come from the security firm’s own investigations with customers across around 248,000 unique global endpoints.

continue reading: https://www.infosecurity-magazine.com/news/attacker-breakout-time-now-less/

Virginia National Guard confirms cyberattack

Email accounts connected to the Virginia Defense Force and the Virginia Department of Military Affairs were impacted by a cyberattack in July, according to a spokesperson from the Virginia National Guard.

A. A. Puryear, chief of public affairs for the Virginia National Guard, told ZDNet that the organization was notified in July about a possible cyber threat against the Virginia Defense Force and began an investigation immediately in coordination with state and federal cybersecurity and law enforcement authorities to determine what was impacted

continue reading: https://www.zdnet.com/article/virginia-national-guard-confirms-cyberattack-hit-virginia-defense-force-email-accounts/?&web_view=true

Russian Ransomware Group REvil Back Online After 2-Month Hiatus

The operators behind the REvil ransomware-as-a-service (RaaS) staged a surprise return after a two-month hiatus following the widely publicized attack on technology services provider Kaseya on July 4.

Two of the dark web portals, including the gang’s Happy Blog data leak site and its payment/negotiation site, have resurfaced online, with the most recent victim added on July 8, five days before the sites mysteriously went off the grid on July 13. It’s not immediately clear if REvil is back in the game or if they have launched new attacks.

“Unfortunately, the Happy Blog is back online,” Emsisoft threat researcher Brett Callow tweeted on Tuesday.

continue reading: https://thehackernews.com/2021/09/russian-ransomware-group-revil-back.html

Read more Cyber Security News at https://que.com/tag/cybersecurity/