Intelligent CISO Issue 21 | Page 24

threat updates UK The UK government issued a cybersecurity alert to warn charities of a spike in the number of criminals trying to access and change the private information of staff. The government said it had received several reports from charities that had been targeted by fraudsters impersonating members of staff, specifically attempting to change employees’ bank details. In all these cases the request was made through an email. Charities are being urged to look out for requests to HR, the finance department or staff with authority to update employees’ bank details, usually from a spoofed or similar email address to that of the subject being impersonated. GLOBAL Sophos has published an investigative report, Snatch Ransomware Reboots PCs into Safe Mode to Bypass Protection, by SophosLabs and Sophos Managed Threat Response. The report details the changing attack methods of Snatch ransomware, first seen in December 2018, including rebooting PCs into safe mode mid-attack in an attempt to bypass behavioural protections that detect ransomware activity. Sophos believes this is a new attack technique adopted by cybercriminals for defence evasion. Continuing a trend noted in SophosLabs’ 2020 Threat Report, the Snatch cybercriminals are now also exfiltrating data before the ransomware attack begins. 24 Issue 21 | www.intelligentciso.com