State-sponsored hackers are having a field day; major museums’ get pwned; “can’t believe he’s gone” phishing attacks explode on Facebook; and more from the cybercriminal underbelly
We’ve got good news and bad news for you. The bad: it’s extremely hard for a small business to defend against a determined, well-financed state-sponsored hacking group (see stories below). The good? The vast majority of cybercriminal activity stems from private individuals or groups that are only concerned with money—and, usually, they’re not interested in working very hard to get it.
Common cybercriminals prefer repeatable if imprecise, high-volume attacks which will net a small percentage of unprepared users. The best defense against these types of attacks? Don’t get caught unprepared.
In this edition of Threat Matrix, we round up emerging digital security threats from around the world so you can keep your business safe.
Want to up your defenses more? Take a freecyber security risk assessment to highlight vulnerabilities in your digital network along with tips on addressing them. And be sure to subscribe to our monthly Level Up Security newsletter to get all the latest cyber threats, security tips, information about next-gen tools, and more—delivered right to your inbox.
VF Corp cyberattack could impact 35.5 million customers
VF Corp disclosed a December cyberattack that could have affected up to 35.5 million customers of brands like Vans, North Face, Timberland, and Dickies
The breach followed earlier operational disruptions due to "unauthorized occurrences" in VF Corp's IT systems, potentially involving theft of personal information
Specific details about the stolen data weren't provided, but VF Corp claimed it does not store extremely sensitive data like social security numbers, bank account details, or payment card information, and there's no evidence of password theft
Prominent museums like the MFA Boston, Rubin Museum of Art, and Crystal Bridges Museum have reported outages due to a cyberattack
Hackers encrypted computers running software from Gallery Systems, a cultural-institution-focused service provider—it’s not clear if ransomware was involved
The attack disrupted online services providing public access to digital collections and compromised databases that handle sensitive information including donor and artwork details
Inside that “I can’t believe he’s gone” phishing scam on Facebook
An emotionally manipulative phishing campaign using posts that claim "I can't believe he is gone," is tricking Facebook users into giving up their FB credentials
The scam, often capitalized by connections’ hacked accounts for a more believable appeal, has amassed a significant number of compromised accounts that further spread these fraudulent posts
The posts link mobile users to a false news site asking for their Facebook information to supposedly view a blurred video; desktop users are redirected to other scams or legitimate sites to obscure the attack
Despite Facebook's efforts to deactivate the malicious links when reported, this particular scam has persisted for about a year, continuously generating new deceptive posts
Iran-linked hacking group targets academics and researchers
The “Mint Sandstorm” group is attacking Middle Eastern affairs specialists across universities and research institutions to compromise systems and steal information
Tied to the Iranian military, Mint Sandstorm (AKA “APT35” and “Charming Kitten”) uses sophisticated social engineering emails to lure victims, often impersonating journalists or researchers
The attacks typically involve sending emails with malicious links under the guise of document collaboration, which leads to the installation of custom backdoor programs, enabling data theft and persistent access
Microsoft's recent advisory highlights the group's focus on collecting intelligence from experts on the Israel-Hamas conflict
Microsoft announced a breach by Russia-linked hacking group Midnight Blizzard, resulting in the theft of emails from senior executives and staff in cybersecurity and legal departments
The attack commenced in late November and resulted in unauthorized access and exfiltration of corporate emails and attachments
Upon discovery on Jan 12, Microsoft took immediate action to investigate, disrupt, and remediate the intrusion, claiming that no customer data or critical systems were affected
The targeted information suggests the attackers were seeking intelligence about themselves, with Microsoft asserting the compromise was not due to product vulnerabilities