Phishing Attack Targets CrowdStrike Users

CybersecurityHQ News

Welcome reader to your CybersecurityHQ report

Headlines

The US government, along with its allies Britain and South Korea, claim that North Korean hackers are stealing military secrets to be used in their nuclear weapons program. Called Anadriel (or APT45), the group is accused of being part of the North Korean intelligence agency Reconnaissance General Bureau—sanctioned by the US in 2015.

The list of claimed victims is extensive, including NASA, several hospitals, air force bases, and more. The unit has successfully breached computer systems at defense and engineering firms that manufacture tanks, submarines, naval vessels, missiles, radar systems, and more.

The CrowdStrike saga continues, with the company now warning users of a phishing attack in Germany using a false Crash Reporter. The threat actor, still unknown, made a website using CrowdStrike’s branding, purporting to be a solution to the recent IT outage the company caused with a recent Falcon Sensor update.

Upon clicking the Download button, the website uses JavaScript under the guise of JQuery v3.7.1. At that point, the installer requires a password, and then it continues to install the malware.

The European Central Bank (ECB) is calling on lenders to improve their response to cyber attacks after running their first financial sector cyber stress test. The test ran a scenario where hackers seriously disrupted core databases and systems. The simulation is part of the ECB’s attempt to respond to the growing wave of cyber attacks on Western banks.

Anneli Tuominen, part of ECB’s supervisory board, said Friday, “The results of the stress test are insightful and showed that while banks do have high-level response and recovery frameworks in place, there is still room for improvement.”

Interesting Read

Stalkerware is a strange, even unethical, concept to many—an entire genre of apps that allow you to spy on people in your life. It’s also a major security lapse. Any monitoring of activity places that data at risk. And while you’d think these companies would put cybersecurity first, there has been a string of hacks on stalkerware app makers.

Lorenzo Franceschi-Bicchierai, writing for TechCrunch, describes this bizarre software and the very big risks you take when dealing with it.

Cybersecurity Career Opportunities

Security Admin
- Donato Technologies, Inc.
- Austin, TX
Chief Information Security Officer
- City and County of Denver
- Denver, CO, US
Director Cyber Security
- Honeywell
- Miami, FL, US

Twitter Highlights

The importance of cyber resilience in protecting our banking sector cannot be overstated, writes Supervisory Board member Anneli Tuominen in a blog post.
The results of our recent stress test will help us strengthen the way banks manage cyber risk.
bankingsupervision.europa.eu/press/blog/202…
— European Central Bank (@ecb)
10:19 AM • Jul 26, 2024

Employment Tip: Focus on ICS Security

Industrial Control Systems (ICS) security focuses on protecting national infrastructure. For that reason, there is no shortage in demand for trained professionals looking to make a difference. At the same time, the complexity and connectivity of ICS are always on the rise—requiring ongoing education to stay on top of the field.

For the latest openings in cybersecurity careers, check CybersecurityHQ.

Stay Safe, Stay Secure.

The CybersecurityHQ Team

Reply

or to participate.