In the latest Cyber Security Brief, Brigid O Gorman and Dick O’Brien discuss some of the recent research published by Symantec’s Threat Hunter Team, including our blog about the activity of North Korean APT group Stonefly, and our latest whitepaper on the topic of Commodity Malware. We also talk about some stories that were in the news over the last week or so, including the possible return of the REvil/Sodinokibi ransomware gang, a new loader called Bumblebee that might be a successor to BazarLoader, and a China-on-Russia intelligence-gathering attack.
On this week’s Cyber Security Brief, Brigid O Gorman is joined by Symantec threat researchers John-Paul Power and Alan Neville. In this week’s podcast we discuss some recent research published by Symantec detailing new activity in the Dream Job campaign carried out by the North Korean Lazarus APT group, as well as continuing attacks aimed at Ukraine carried out by the Russia-linked APT group Shuckworm. Also, we talk about a critical vulnerability in the Windows Remote Procedure Call Runtime (RPC) protocol, the shut down of two well-known dark marketplaces, and the emergence of a new marketplace offering stolen data for sale.
This is the testing episode for the Arcot Newsletter podcast. After years of planning and preparation, we finally passed the FCA deadline on March 14th. Initial indications are that the transition has been a success with minimal impact on cardholders. Congratulations to all involved as the UK enters this new era of secure digital payments. Arcot will continue to monitor the situation and update you on developments. Elsewhere in the world, EMV3DS adoption continues to increase as 3-D Secure becomes the standard for digital payment security. This is particularly clear in the US where a number of high-profile merchants have recently activated EMV3DS. Listen in to the March Arcot Newsletter coverage by James Jenkins and Matt Cooke. Hope you enjoy this edition!
On this week’s Cyber Security Brief, Brigid O Gorman and Dick O’Brien discuss some of the research published by Symantec’s Threat Hunter team over the past couple of weeks, including a new Cicada/APT10 espionage campaign targeting government organizations and NGOs in multiple countries worldwide. We discuss the new Verblecon malware, which is being deployed in sophisticated campaigns that appear to have the relatively low-reward goal of cryptocurrency mining as their main objective. We also talk about the Spring4Shell vulnerability that briefly caused a lot of consternation last week, and give an update about the latest information that has emerged about the cyber activity that has been seen targeting organizations in Ukraine.
In this week’s Cyber Security Brief, Brigid O Gorman and Dick O’Brien talk about extortion hacking group Lapsus$, which has made headlines in recent weeks by claiming to have compromised numerous high-profile companies including Microsoft, Okta, and Nvidia. We tell you what we know so far about this controversial new actor. We also discuss the impact the Russian invasion of Ukraine has had in the world of cyber security, from Russia potentially running out of data storage facilities due to international cloud providers pulling out of the country, to warnings about attacks on critical infrastructure being issued by authorities in the U.S. and the UK. Finally, the BazarBackdoor malware is seen deploying some new tactics.