Capitol riot suspect Aaron Mostofsky (Source: New York Post, as cited in criminal complaint)

Capitol Riot Suspects Identify Themselves

Mathew J. Schwartz • January 15, 2021

Many of the insurrectionists who marched on the Capitol on Jan. 6 and violently forced their way into the building livestreamed their activities or boasted about them via social media. Those self-identifying actions have helped law enforcement authorities identify some of the more than 70 individuals charged.

Cybercrime

Capitol Riot: Self-Surveillance Feeds Investigation

Latest

Card Not Present Fraud

Joker's Stash Reportedly Shutting Down Operations

Akshaya Asokan • January 16, 2021

Joker's Stash, the notorious underground marketplace that has specialized in the sale of stolen payment card data, is reportedly shutting down in February with its administrator claiming to "retire" at that time, according to Gemini Advisory. Researchers say business will quickly move to other sites.

Cybercrime

Hacker Blows Chance at Early Release By Hacking More

Doug Olenick • January 16, 2021

The U.S. Justice Department has charged Ardit Ferizi, a Kosovo citizen, with fraud and identity theft, accusing him of continuing to commit various cybercrimes while he was behind bars and serving a 20-year prison sentence for aiding and assisting Islamic State terrorist groups.

Cybercrime as-a-service

Magecart Groups Hide Behind 'Bulletproof' Hosting Service

Prajeet Nair • January 16, 2021

Several Magecart groups hide their JavaScript skimmers, phishing domains and other malicious tools behind a "bulletproof" hosting service called Media Land, according to researchers with RiskIQ. This particular service is notorious for catering to cybercriminals and hackers.

Anti-Phishing, DMARC

Iranian APT Group Revived Phishing Activities Over Holidays

Akshaya Asokan • January 16, 2021

A recent phishing campaign tied to an Iranian hacking group known as Charming Kitten used SMS and email messages to spread malicious links to steal the email credentials of potential victims in the U.S., Europe and the Persian Gulf region, security firm Certfa Lab reports.

Cyberwarfare / Nation-State Attacks

Biden Inauguration: Defending Against Cyberthreats

Doug Olenick • January 15, 2021

As thousands of National Guard troops pour into Washington to provide security for the Jan. 20 inauguration of Joe Biden as president, cybersecurity analysts are calling attention to the need to defend against cyber incidents as well.

Encryption & Key Management

NSA Offers Guidance on Adopting Encrypted DNS

Prajeet Nair • January 15, 2021

The NSA has released guidance on how organizations can adopt encrypted domain name system protocols to prevent eavesdropping and manipulation of DNS traffic. Although the agency's report is geared toward the military and defense contractors, its recommendations can be adopted in all sectors.

3rd Party Risk Management

SolarWinds Supply Chain Hack: Investigation Update

Anna Delaney • January 15, 2021

The latest edition of the ISMG Security Report describes new details emerging from the SolarWinds supply chain hack investigation. Also featured: A discussion of why security education is so crucial in 2021 and tips on how to retain security and operations center analysts.

Business Continuity Management / Disaster Recovery

CISA Warns of Surge in Attacks Targeting Cloud Services

Scott Ferguson • January 14, 2021

The U.S. Cybersecurity and Infrastructure Security Agency warns that hackers are increasingly targeting cloud services by waging phishing schemes and brute-force attacks. CISA recommends a number of defenses, including regularly reviewing Active Directory sign-in logs and enforcing multifactor authentication.

Forensics

How Conti Ransomware Works

Doug Olenick • January 14, 2021

Conti ransomware, which emerged eight months ago, poses a severe threat, according to Cybereason's Nocturnus Team, which offers an in-depth analysis of how the malware works.

Active Defense & Deception

Sizing Up the Role of Deception Technology

Anna Delaney • January 14, 2021

Chris Kubic, former CISO of the National Security Agency, describes how deception technology can change the defensive landscape: "Where deception comes into play is for the unknown threats, the things that are either an attack you haven't seen before or the attacker evolved their technique."

Business Continuity Management / Disaster Recovery

Capitol Breach: Cybersecurity Lessons to Apply

Mathew J. Schwartz • January 13, 2021

The physical breach of the U.S. Capitol by a violent mob, members of which allegedly accessed lawmakers' systems and stole devices, offers cybersecurity professional lessons to learn on authentication, encryption and more, says cybersecurity expert Brian Honan.

COVID-19

COVID-19 Vaccine Documents, Personal Data Leaked

Marianne Kolbasuk McGee • January 13, 2021

Documents on COVID-19 vaccines and medications - including some containing personal information - that were stolen in a cyberattack last month on the European Medicines Agency have been leaked on the internet.