It may be the shortest month, but February brought no shortage of bad behavior by cybercriminals. In our latest cyber attack roundup of the ever-thriving world of cybercrime, we look at a disturbing theft from one of the United States’ most secretive government organizations, a long-running ransomware tie-up for a major media company, a never-ending nightmare for a security-minded internet company, and the latest of many breaches for one of the backbones of the modern web.

The Dutch Police have arrested three individuals for suspected ransomware activity, which generated at least 2.5M Euro in extortion fees. The actors are believed to have attacked thousands of organizations, compromising the data of tens of millions of individuals. This is another example of successful law enforcement activity against ransomware operations. Such activity has increased over the past year, leading to the arrest of several prominent ransomware group members, such as Revil and Netwalker.

Address Resolution Protocol (ARP) acts as a vital bridge between the world of IP addresses and MAC addresses, allowing devices on local area networks to seek out each other's physical address based solely on their IP. ARP (Address Resolution Protocol) can also be defined as a communication protocol used to map a network layer address (such as an IP address) to a link layer address (such as a MAC address).

Willie Sutton, the criminal who became legendary for stealing from banks during a forty year career, was once asked, "Why do you keep robbing banks?" His answer? "Because that's where the money is." However, today there's a better target for robbers today than banks, which are typically well-defended against theft... Cryptocurrency wallets.

OAuth (Open Authorization) is a modern, open authorization standard designed to allow cross-application access delegation – for example, allowing your application to read data from your Facebook profile. Combined with the proper extensions, OAuth can also be used for authentication – for example, to log into your application using Google credentials. Since its first introduction in 2006, OAuth has gained tremendous popularity.

As part of a project to obtain more awareness of initial attack vectors outside of the common phishing and web application exploitation, Kroll’s Cyber Threat Intelligence team has developed a tool to enable the enhanced monitoring of the Python Package Index (PyPI) to find and obtain malicious packages that are added to it.

We all know about the attacker who leverages their technical expertise to infiltrate protected computer systems and compromise sensitive data. This type of malicious actor ends up in the news all the time. But they’re not the only ones making headlines. So too are “social engineers,” individuals who use phone calls and other media to exploit human psychology and trick people into handing over access to the organization’s sensitive information.