March 2021

Modern Approach to Website Defacement  Recently, in the course of their regular investigations, Cyble researchers have come across a modern approach to website defacement.   Website Defacement is a type of cyberattack in which a threat actor hacks your website and leaves a mark through digital vandalism. This appears in the form of an appearance change with pictures and/or words scrawled across the defaced website. Most cyber-attacks conducted today like ransomware attacks are driven by financial gain. However, in the case of defacement, the attacker is not motivated by financial gain and instead wants to leave their mark with specific messages that

With COVID-19 as a threat vector, cybercriminals have devised multiple ways to abuse sensitive medical data and medical services. One such recent example is the selling of fake COVID Vaccination Certificates/ Passports on cybercrime forums and darkweb markets.  The image below is a screenshot from one the cybercrime forums in which a seller has advertised COVID-19 vaccination certificates with deliveries available for specified Russian cities, priced at 6000 Ruble, or approx. 79 USD.  Possessing a vaccination passport allows citizens to avoid going into self-isolation.

On March 2, 2021, the Microsoft Security Response Center released various security updates for the Microsoft Exchange server. These updates are directed at tackling server vulnerabilities targeted by cyberattacks. We have already advised our customers to update the affected systems as soon as possible to prevent future abuse.  Vulnerabilities that have affected Microsoft Exchange Servers 2013, 2016, and 2019 are CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and

Social Security Numbers (SSNs) are nine-digit numbers issued to U.S. citizens by the Social Security Administration of the United States government. In the course of our routine dark web monitoring, we discovered 16 million SSN data disclosed on a cybercrime forum by a Russian-speaking threat actor. The data has been allegedly collected over a period of two years, from 2018 to 2020.   An SSN does not contain a biometric identifier, thereby making it easier for a person with malicious intent to misuse the information. The risk of identity theft is a primary concern associated with the leak of these

Ransomware attacks have become one of the most common cybersecurity attacks in the recent years. The ongoing pandemic has significantly contributed to the spike in ransomware. With more employees working from home, there has been an explosion of ransomware attacks in 2020. Following the league, we now have a new ransomware on the market, Sarbloh Ransomware.  Recently, the research team at Cyble found a wild malicious document that delivers the Sarbloh Ransomware. Unlike other ransomware that demands