Round Up of Major Breaches and Scams
UK-based cyber-security vendor Sophos is currently notifying customers via email about a security breach the company suffered earlier this week. Exposed information included details such as customer first and last names, email addresses, and phone numbers (if provided).
The number of DDoS attacks targeting e-commerce in Europe has increased four-fold over the last eight months. According to research by Stormwall, between February and October 2020, the number of DDoS attacks targeted at online retail services quadrupled compared to the same period last year.
Security expert Tolijan Trajanovski analyzed an SSH-backdoor Botnet that implements an interesting ‘Research’ infection technique. In a recent tweet, the malware researcher @0xrb shared a list containing URLs of recently captured IoT botnet samples. Among the links, there was an uncommon example, a URL behind a Discord CDN, which as pointed by the IoT malware researcher @_lubiedo, may be difficult to block.
Round Up of Major Malware and Ransomware Incidents
Canon has finally confirmed publicly that the cyberattack suffered in early August was caused by ransomware and that the hackers stole data from company servers. On August 5, Canon USA sent out a company-wide notification informing employees of extensive system issues that made multiple applications – Teams and email among them, unavailable.
Security experts are warning that a new ransomware group is rapidly escalating threat activity, with double extortion attacks on scores of victims so far in Q4. The Egregor group first came to light with an attack on Barnes & Noble and video game developers Ubisoft and Crytek back in October. In fact, the group has been active since September, when it compromised 15 victims. Then came a massive 240% spike in numbers, with 51 organizations hit the following month. As of November 17, it had added a further 21 victims.