Cybersecurity

Demand for malware creation is three times greater than supply, according to research by Positive Technologies into more than 10,000 hack-for-hire and malware-related postings on Dark Web markets. Its analysis included 25 sites on the Dark Web in Russian and English, with a total registered user base of about three million people. The leading type of malware available was cryptocurrency miners (20%), followed by hacking utilities (19%), botnet malware (14%), remote access Trojans (RATs) (12%), and ransomware (12%).

Business Insider has published an article highlighting some of the individuals on the FBI’s “Cyber’s Most Wanted” webpage. Many of these hackers are affiliated with nation-states, such as a group of Iranians who are believed to work for the “Mabna Institute” that conducts malicious cyber activities on behalf of the Iranian government. In the case of one Iranian hacker, who does not appear to be associated with the Mabna Institute, the suspect is believed to have hacked into the industrial control systems of a dam in upstate New York.

The NCCIC advises that Digital Shadows Ltd. and Onapsis Inc. have released a report describing an increase in the exploitation of vulnerabilities in Enterprise Resource Planning (ERP) applications. ERP applications help organizations manage critical business processes—such as product lifecycle management, customer relationship management, and supply chain management. An attacker can exploit these vulnerabilities to obtain access to sensitive information.

Private sector companies had a key role in the U.S. government’s attribution of last year’s WannaCry ransomware epidemic to North Korea, said Office of the Director of National Intelligence (ODNI) Cyber Threat Intelligence Integration Center (CTIIC) Director Tonya Ugoretz. She explained CTIIC learned of information about WannaCry that had been fed to the Department of Homeland Security by its private sector partners. This information allowed the U.S.