State-sponsored hackers are having a field day; major museums’ get pwned; “can’t believe he’s gone” phishing attacks explode on Facebook; and more from the cybercriminal underbelly

We’ve got good news and bad news for you. The bad: it’s extremely hard for a small business to defend against a determined, well-financed state-sponsored hacking group (see stories below). The good? The vast majority of cybercriminal activity stems from private individuals or groups that are only concerned with money—and, usually, they’re not interested in working very hard to get it. 

Common cybercriminals prefer repeatable if imprecise, high-volume attacks which will net a small percentage of unprepared users. The best defense against these types of attacks? Don’t get caught unprepared.

In this edition of Threat Matrix, we round up emerging digital security threats from around the world so you can keep your business safe.

Want to up your defenses more? Take a free cyber security risk assessment to highlight vulnerabilities in your digital network along with tips on addressing them. And be sure to subscribe to our monthly Level Up Security newsletter to get all the latest cyber threats, security tips, information about next-gen tools, and more—delivered right to your inbox. 

VF Corp cyberattack could impact 35.5 million customers

• VF Corp disclosed a December cyberattack that could have affected up to 35.5 million customers of brands like Vans, North Face, Timberland, and Dickies
  ‍
• The breach followed earlier operational disruptions due to "unauthorized occurrences" in VF Corp's IT systems, potentially involving theft of personal information
  ‍
• Specific details about the stolen data weren't provided, but VF Corp claimed it does not store extremely sensitive data like social security numbers, bank account details, or payment card information, and there's no evidence of password theft

via Engadget

High-profile museums hit by major hack

• Prominent museums like the MFA Boston, Rubin Museum of Art, and Crystal Bridges Museum have reported outages due to a cyberattack
  ‍
• Hackers encrypted computers running software from Gallery Systems, a cultural-institution-focused service provider—it’s not clear if ransomware was involved
  ‍
• The attack disrupted online services providing public access to digital collections and compromised databases that handle sensitive information including donor and artwork details 

via NYTimes
‍

Inside that “I can’t believe he’s gone” phishing scam on Facebook

• An emotionally manipulative phishing campaign using posts that claim "I can't believe he is gone," is tricking Facebook users into giving up their FB credentials 
  ‍
• The scam, often capitalized by connections’ hacked accounts for a more believable appeal, has amassed a significant number of compromised accounts that further spread these fraudulent posts
  ‍
• The posts link mobile users to a false news site asking for their Facebook information to supposedly view a blurred video; desktop users are redirected to other scams or legitimate sites to obscure the attack 
  ‍
• Despite Facebook's efforts to deactivate the malicious links when reported, this particular scam has persisted for about a year, continuously generating new deceptive posts

via BleepingComputer 
‍

Iran-linked hacking group targets academics and researchers

• The “Mint Sandstorm” group is attacking Middle Eastern affairs specialists across universities and research institutions to compromise systems and steal information 
  ‍
• Tied to the Iranian military, Mint Sandstorm (AKA “APT35” and “Charming Kitten”) uses sophisticated social engineering emails to lure victims, often impersonating journalists or researchers
   
• The attacks typically involve sending emails with malicious links under the guise of document collaboration, which leads to the installation of custom backdoor programs, enabling data theft and persistent access 
  ‍
• Microsoft's recent advisory highlights the group's focus on collecting intelligence from experts on the Israel-Hamas conflict

via Dark Reading 
‍

Top Microsoft execs' emails breached 

• Microsoft announced a breach by Russia-linked hacking group Midnight Blizzard, resulting in the theft of emails from senior executives and staff in cybersecurity and legal departments 
  ‍
• The attack commenced in late November and resulted in unauthorized access and exfiltration of corporate emails and attachments
  ‍
• Upon discovery on Jan 12, Microsoft took immediate action to investigate, disrupt, and remediate the intrusion, claiming that no customer data or critical systems were affected
   
• The targeted information suggests the attackers were seeking intelligence about themselves, with Microsoft asserting the compromise was not due to product vulnerabilities 

via The Hacker News

‍