Since cybercrime has made threat actors tens of billions of dollars over the past decade, the Federal Bureau of Investigation (FBI) has warned organizations to be on the lookout for Business Email Compromise (BEC) attempts. The FBI's Internet Crime Complaint Center (IC3) reported in a recent notice that over 305,000 BEC incidents cost US and global organizations nearly $55.5 billion between October 2013 and December 2023. This article continues to discuss the rising costs of BEC attacks and advice on how to mitigate BEC risk.

Transport for London (TfL) has recently confirmed that some customer data has been breached following a cyberattack on its systems.  The information accessed by the attackers includes names, email addresses, home addresses, and Oyster refund data, encompassing bank account numbers and sort codes for around 5000 customers.  The National Crime Agency (NCA) revealed it had arrested a 17-year-old male in Walsall, West Midlands, on suspicion of Computer Misuse Act offenses in relation to the TfL cyberattack.

According to security researchers at Sophos, schools, colleges, and universities face growing costs from ransomware attacks.  In a new study the researchers found that 44% of schools across 14 nations surveyed faced a ransom demand of $5m or more.  In higher education, 32% faced demands of between $1m and $5m, and 35% over $5m.  The researchers found that schools paid the highest median ransoms at $6.6m.  The researchers noted that the number of ransomware attacks against the education sector actually fell in 2024 compared with 2023.

Cisco recently announced patches for eight vulnerabilities in the IOS XR network operating system, including fixes for six high-severity bugs.  The most severe of the flaws is CVE-2024-20398 (CVSS score of 8.8), an insufficient validation of user arguments that IOS XR passes to specific CLI commands.  Cisco noted that an attacker with a low-privileged account could exploit this vulnerability by using crafted commands at the prompt.  A successful exploit could allow the attacker to elevate privileges to root.

According to ESET, the "CosmicBeetle" ransomware group, also known as "NONAME" or "Spacecolon," may now be affiliated with "RansomHub." ESET's recent report details the activities and tactics that CosmicBeetle has carried out since its discovery in 2023, though the group is suspected to have been active since at least 2020. In June 2024, ESET investigated an attack involving RansomHub's ransomware and Endpoint Detection and Response (EDR) killer, and discovered similarities to CosmicBeetle's previous activities.

A "simplified Chinese-speaking actor" is linked to a new Search Engine Optimization (SEO) rank manipulation campaign targeting countries in Asia and Europe. Cisco Talos calls the black hat SEO cluster "DragonRank," which has victims in Thailand, India, Korea, Belgium, the Netherlands, and China. According to security researcher Joey Chen, DragonRank exploits targets' web application services to deploy a web shell, which is then used to collect system information and launch malware.

According to the "2024 ISC2 Cybersecurity Workforce Study," the global cybersecurity workforce gap has grown by 19 percent in the past year, with an additional 4.8 million professionals needed to adequately secure organizations. The top cause of cybersecurity staffing shortages in 2024, according to ISC2 survey respondents, was a lack of budget, replacing a shortage of talent as the leading reason for these shortages in 2023. This article continues to discuss key findings from the 2024 ISC2 Cybersecurity Workforce Study.

Attackers have weaponized an "ancient" version of Microsoft Word in an attack dubbed "WordDrone." The wave of WordDrone attacks targeted Taiwanese drone manufacturers. The malware delivered in these attacks supports the performance of cyber espionage and disruption of military and satellite-related industrial supply chains. Researchers with the Acronis Threat Research Unit discovered the attack, which involves using a Dynamic Link Library (DLL) side-loading technique common in Microsoft Word installation.

Team82 security researchers at Claroty highlight that the uncontrolled use of Remote Access Tools (RATs) threatens Operational Technology (OT). According to the researchers, 55 percent of organizations have four or more RATs, and 33 percent use six or more. The team analyzed data from over 50,000 remote access-enabled devices. They found that businesses used non-enterprise-grade tools on OT network devices. These tools lack basic security features such as Multi-Factor Authentication (MFA) and privilege access management.

The Sekoia TDR team found more implants associated with the "Quad7" botnet, the operators of which are exploiting known and unknown vulnerabilities in targeting Small Office/Home Office (SOHO) and Virtual Private Network (VPN) devices. The botnet has evolved, targeting new SOHO devices, including Axentra media servers, Ruckus wireless routers, and Zyxel VPN appliances. This article continues to discuss the evolution of the Quad7 botnet's tactics.