{"id":35254,"date":"2020-05-29T12:27:26","date_gmt":"2020-05-29T12:27:26","guid":{"rendered":"https:\/\/blog.trendmicro.com\/?p=544117"},"modified":"2020-05-29T12:27:26","modified_gmt":"2020-05-29T12:27:26","slug":"this-week-in-security-news-how-the-cybercriminal-underground-has-changed-in-5-years-and-the-nsa-warns-of-new-sandworm-attacks-on-email-servers","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/this-week-in-security-news-how-the-cybercriminal-underground-has-changed-in-5-years-and-the-nsa-warns-of-new-sandworm-attacks-on-email-servers\/","title":{"rendered":"This Week in Security News: How the Cybercriminal Underground Has Changed in 5 Years and the NSA Warns of New Sandworm Attacks on Email Servers"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" width=\"300\" height=\"300\" src=\"https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2018\/03\/Week-in-Security-News-Logo_RGB-300x300.jpg\" class=\"attachment-medium size-medium wp-post-image\" alt srcset=\"https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2018\/03\/Week-in-Security-News-Logo_RGB-300x300.jpg 300w, https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2018\/03\/Week-in-Security-News-Logo_RGB-768x768.jpg 768w, https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2018\/03\/Week-in-Security-News-Logo_RGB-1024x1024.jpg 1024w, https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2018\/03\/Week-in-Security-News-Logo_RGB-640x640.jpg 640w, https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2018\/03\/Week-in-Security-News-Logo_RGB-900x900.jpg 900w, https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2018\/03\/Week-in-Security-News-Logo_RGB-440x440.jpg 440w, https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2018\/03\/Week-in-Security-News-Logo_RGB-380x380.jpg 380w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\"><\/p>\n<p>Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about how, over the past five years, the cybercriminal underground has seen a major shift to new platforms, communications channels, products, and services. Also, read about a new wave of Sandworm cyberattacks against email servers conducted by one of Russia\u2019s most advanced cyber-espionage units.<\/p>\n<p>Read on:<\/p>\n<p><a href=\"https:\/\/blog.trendmicro.com\/how-the-cybercriminal-underground-has-changed-in-5-years\/\"><strong>How the Cybercriminal Underground Has Changed in 5 Years<\/strong><\/a><\/p>\n<p><em>Trend Micro has been profiling the underground cybercrime community for many years. Over the past five years, it has seen a major shift to new platforms, communications channels, products, and services, as trust on the dark web erodes and new market demands emerge. Trend Micro expects the current pandemic to create yet another evolution, as cyber-criminals look to take advantage of new ways of working and systemic vulnerabilities.<\/em><\/p>\n<p><a href=\"https:\/\/www.wired.com\/story\/shadowserver-funding-trend-micro-internet-society\/\"><strong>Shadowserver, an Internet Guardian, Finds a Lifeline<\/strong><\/a><\/p>\n<p><em>In March, internet security group Shadowserver<\/em> <em>learned that longtime corporate sponsor Cisco was ending its support. With just weeks to raise hundreds of thousands of dollars to move its data center out of Cisco\u2019s facility\u2014not to mention an additional $1.7 million to make it through the year\u2014the organization was at real risk of extinction. Ten weeks later, Shadowserver has come a long way toward securing its financial future. This week, Trend Micro committed $600,000 to Shadowserver over three years, providing an important backbone to the organization\u2019s fundraising efforts.&nbsp;<\/em><\/p>\n<p><a href=\"https:\/\/trendtalks.fyi\/security\/\"><strong>#LetsTalkSecurity: No Trust for the Wicked<\/strong><\/a><strong>&nbsp;<\/strong><\/p>\n<p><em>This Week, Rik Ferguson, vice president of Security Research at Trend Micro, hosted the fourth episode of #LetsTalkSecurity featuring guest Dave Lewis, Global Advisory CISO at Duo Security. Check out this week\u2019s episode and follow the link to find information about upcoming episodes and guests.<\/em><\/p>\n<p><a href=\"https:\/\/blog.trendmicro.com\/principles-of-a-cloud-migration-security-w5h-the-how\/\"><strong>Principles of a Cloud Migration \u2013 Security W5H \u2013 The HOW<\/strong><\/a><\/p>\n<p><em>Security needs to be treated much like DevOps in evolving organizations, meaning everyone in the company has a shared responsibility to make sure it is implemented. It is not just a part of operations, but a cultural shift in doing things right the first time \u2013 security by default. In this blog from Trend Micro, learn 3 tips to get you started on your journey to securing the cloud.<\/em><\/p>\n<p><a href=\"https:\/\/www.helpnetsecurity.com\/2020\/05\/27\/underground-market-trends\/\"><strong>What\u2019s Trending on the Underground Market?<\/strong><\/a><\/p>\n<p><em>Trust has eroded among criminal interactions in the underground markets, causing a switch to e-commerce platforms and communication using Discord, which both increase user anonymization, a new Trend Micro report reveals.<\/em> <em>Determined efforts by law enforcement appear to be having an impact on the cybercrime underground as several forums have been taken down by global police entities.<\/em><\/p>\n<p><a href=\"https:\/\/blog.trendmicro.com\/is-cloud-computing-any-safer-from-malicious-hackers\/\"><strong>Is Cloud Computing Any Safer from Malicious Hackers?<\/strong><\/a><\/p>\n<p><em>Cloud computing has revolutionized the IT world, making it easier for companies to deploy infrastructure and applications and deliver their services to the public. The idea of not spending millions of dollars on equipment and facilities to host an on-premises data center is a very attractive prospect to many.&nbsp;But is cloud computing any safer from malicious threat actors? Read this blog from Trend Micro to find out.<\/em><\/p>\n<p><a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/internet-of-things\/smart-yet-flawed-iot-device-vulnerabilities-explained\"><strong>Smart Yet Flawed: IoT Device Vulnerabilities Explained<\/strong><\/a><\/p>\n<p><em>The variety and range of functions of smart devices present countless ways of improving different industries and environments. While the \u201cthings\u201d in the internet of things (IoT) benefits homes, factories, and cities, these devices can also introduce blind spots and security risks in the form of vulnerabilities. Vulnerable smart devices open networks to attack vectors and can weaken the overall security of the internet. For now, it is better to be cautious and understand that \u201csmart\u201d can also mean vulnerable to threats.<\/em><\/p>\n<p><a href=\"https:\/\/www.zdnet.com\/article\/cyberattacks-against-hospitals-must-stop-says-red-cross\/\"><strong>Cyberattacks Against Hospitals Must Stop, Says Red Cross<\/strong><\/a><\/p>\n<p><em>Immediate action needs to be taken to stop cyberattacks targeting hospitals and healthcare organizations during the ongoing coronavirus pandemic \u2013 and governments around the world need to work together to make it happen, says a newly published open letter signed by the International Committee of the Red Cross, former world leaders, cybersecurity executives and others.<\/em><\/p>\n<p><a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/virtualization-and-cloud\/securing-the-4-cs-of-cloud-native-systems-cloud-cluster-container-and-code\"><strong>Securing the 4 Cs of Cloud-Native Systems: Cloud, Cluster, Container, and Code<\/strong><\/a><\/p>\n<p><em>Cloud-native technologies enable businesses to make the most of their cloud resources with less overhead, faster response times, and easier management.<\/em> <em>Like any technology that uses various interconnected tools and platforms, security plays a vital role in cloud-native computing. Cloud-native security adopts the defense-in-depth approach and divides the security strategies utilized in cloud-native systems into four different layers.<\/em><\/p>\n<p><a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/vulnerabilities-and-exploits\/coinminers-exploit-saltstack-vulnerabilities-cve-2020-11651-and-cve-2020-11652\"><strong>Coinminers Exploit SaltStack Vulnerabilities CVE-2020-11651 and CVE-2020-11652<\/strong><\/a><\/p>\n<p><em>Researchers from F-Secure recently disclosed two high-severity vulnerabilities in SaltStack Salt: CVE-2020-11651, an authentication bypass vulnerability, and CVE-2020-11652, a directory traversal vulnerability. These can be exploited by remote, unauthenticated attackers, and all versions of SaltStack Salt before 2019.2.4 and 3000 before 3000.2 are affected. Trend Micro has witnessed attacks exploiting these vulnerabilities, notably those using cryptocurrency miners.<\/em><\/p>\n<p><a href=\"https:\/\/threatpost.com\/ponyfinal-ransomware-enterprise-servers\/156083\/\"><strong>PonyFinal Ransomware Targets Enterprise Servers Then Bides Its Time<\/strong><\/a><\/p>\n<p><em>A Java-based ransomware known as PonyFinal has emerged, targeting enterprise systems management servers as an initial infection vector. It exfiltrates information about infected environments, spreads laterally and then waits before striking \u2014 the operators go on to encrypt files at a later date and time, when the likelihood of the target paying is deemed to be the most likely.<\/em><\/p>\n<p><a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/cybercrime-and-digital-threats\/qakbot-resurges-spreads-through-vbs-files\"><strong>Qakbot Resurges, Spreads through VBS Files<\/strong><\/a><\/p>\n<p><em>Trend Micro has seen events that point to the resurgence of Qakbot, a multi-component, information-stealing threat first discovered in 2007. Feedback from Trend Micro\u2019s sensors indicates that Qakbot detections increased overall. A notable rise in detections of a particular Qakbot sample (detected by Trend Micro as Backdoor.Win32.QBOT.SMTH) was also witnessed in early April.<\/em><\/p>\n<p><a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/security-technology\/cso-insights-sbv-s-ian-keller-on-the-challenges-and-opportunities-of-working-remotely\"><strong>CSO Insights: SBV\u2019s Ian Keller on the Challenges and Opportunities of Working Remotely<\/strong><\/a><\/p>\n<p><em>The COVID-19 pandemic has forced businesses to change the way they operate. These abrupt changes come with a unique set of challenges, including security challenges. Ian Keller, Chief Security Officer of SBV Services in South Africa, sat down with Trend Micro and shared his thoughts on how SBV is coping with the current pandemic, the main challenges they faced when transitioning their staff to remote work, as well as how they plan to move forward.<\/em><\/p>\n<p><a href=\"https:\/\/www.zdnet.com\/article\/nsa-warns-of-new-sandworm-attacks-on-email-servers\/\"><strong>NSA Warns of New Sandworm Attacks on Email Servers<\/strong><\/a><\/p>\n<p><em>The US National Security Agency (NSA) has published a security alert warning of a new wave of cyberattacks against email servers, attacks conducted by one of Russia\u2019s most advanced cyber-espionage units. The NSA says that members of Unit 74455 of the GRU Main Center for Special Technologies (GTsST), a division of the Russian military intelligence service, have been attacking email servers running the Exim mail transfer agent (MTA).<\/em><\/p>\n<p><a href=\"https:\/\/www.trendmicro.com\/us\/iot-security\/news\/5859\/Forward_looking_security_analysis_of_smart_factories_Part_2_Security_risks_of_industrial_application_stores\"><strong>Forward-Looking Security Analysis of Smart Factories &lt;Part 2&gt; Security Risks of Industrial Application Stores<\/strong><\/a><\/p>\n<p><em>In the second part of this five series column, Trend Micro looks at the security risks to be aware of when promoting smart factories by examining overlooked attack vectors, feasible attack scenarios, and recommended defense strategies. This column is especially applicable for architects, engineers, and developers who are involved in smart factory technology.<\/em><\/p>\n<p><a href=\"https:\/\/www.trendmicro.com\/us\/iot-security\/news\/5844\/Factory_Security_Problems_from_an_IT_Perspective_Part_2_People_processes_and_technology\"><strong>Factory Security Problems from an IT Perspective (Part 2): People, Processes, and Technology<\/strong><\/a><\/p>\n<p><em>This blog is the second in a series that discusses the challenges that IT departments face when they are assigned the task of overseeing cybersecurity in factories and implementing measures to overcome these challenges. In this article, Trend Micro carries out an analysis to uncover the challenges that lie in the way of promoting factory security from an IT perspective.<\/em><\/p>\n<p><a href=\"https:\/\/blog.trendmicro.com\/21-tips-to-stay-secure-private-and-productive-as-you-work-from-home-on-your-mac\/\"><strong>21 Tips to Stay Secure, Private, and Productive as You Work from Home on Your Mac<\/strong><\/a><\/p>\n<p><em>If you brought a Mac home from the office, it\u2019s likely already set up to meet your company\u2019s security policies. But what if you are using your personal Mac to work from home? You need to outfit it for business, to protect it and your company from infections and snooping, while ensuring it continues to run smoothly over time. In this blog, learn 21 tips for staying secure, private, and productive while working from home on your Mac.<\/em><\/p>\n<p>Surprised by the new wave of Sandworm attacks? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: <a href=\"https:\/\/twitter.com\/jonlclay\">@JonLClay.<\/a><\/p>\n<p> Read More <a href=\"https:\/\/blog.trendmicro.com\/this-week-in-security-news-how-the-cybercriminal-underground-has-changed-in-5-years-and-the-nsa-warns-of-new-sandworm-attacks-on-email-servers\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about how, over the past five years, the cybercriminal underground has seen a major shift to new platforms, communications channels, products, and services. Also, read about&#8230;<br \/>\nThe post This Week in Security News: How the Cybercriminal Underground Has Changed in 5 Years and the NSA Warns of New Sandworm Attacks on Email Servers appeared first on . Read More HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":35255,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[61],"tags":[311,307],"class_list":["post-35254","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-trendmicro","tag-current-news","tag-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>This Week in Security News: How the Cybercriminal Underground Has Changed in 5 Years and the NSA Warns of New Sandworm Attacks on Email Servers 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/this-week-in-security-news-how-the-cybercriminal-underground-has-changed-in-5-years-and-the-nsa-warns-of-new-sandworm-attacks-on-email-servers\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"This Week in Security News: How the Cybercriminal Underground Has Changed in 5 Years and the NSA Warns of New Sandworm Attacks on Email Servers 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/this-week-in-security-news-how-the-cybercriminal-underground-has-changed-in-5-years-and-the-nsa-warns-of-new-sandworm-attacks-on-email-servers\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2020-05-29T12:27:26+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/05\/this-week-in-security-news-how-the-cybercriminal-underground-has-changed-in-5-years-and-the-nsa-warns-of-new-sandworm-attacks-on-email-servers.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"300\" \/>\n\t<meta property=\"og:image:height\" content=\"300\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-week-in-security-news-how-the-cybercriminal-underground-has-changed-in-5-years-and-the-nsa-warns-of-new-sandworm-attacks-on-email-servers\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-week-in-security-news-how-the-cybercriminal-underground-has-changed-in-5-years-and-the-nsa-warns-of-new-sandworm-attacks-on-email-servers\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"This Week in Security News: How the Cybercriminal Underground Has Changed in 5 Years and the NSA Warns of New Sandworm Attacks on Email Servers\",\"datePublished\":\"2020-05-29T12:27:26+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-week-in-security-news-how-the-cybercriminal-underground-has-changed-in-5-years-and-the-nsa-warns-of-new-sandworm-attacks-on-email-servers\\\/\"},\"wordCount\":1387,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-week-in-security-news-how-the-cybercriminal-underground-has-changed-in-5-years-and-the-nsa-warns-of-new-sandworm-attacks-on-email-servers\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/05\\\/this-week-in-security-news-how-the-cybercriminal-underground-has-changed-in-5-years-and-the-nsa-warns-of-new-sandworm-attacks-on-email-servers.jpg\",\"keywords\":[\"Current News\",\"Security\"],\"articleSection\":[\"TrendMicro\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-week-in-security-news-how-the-cybercriminal-underground-has-changed-in-5-years-and-the-nsa-warns-of-new-sandworm-attacks-on-email-servers\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-week-in-security-news-how-the-cybercriminal-underground-has-changed-in-5-years-and-the-nsa-warns-of-new-sandworm-attacks-on-email-servers\\\/\",\"name\":\"This Week in Security News: How the Cybercriminal Underground Has Changed in 5 Years and the NSA Warns of New Sandworm Attacks on Email Servers 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-week-in-security-news-how-the-cybercriminal-underground-has-changed-in-5-years-and-the-nsa-warns-of-new-sandworm-attacks-on-email-servers\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-week-in-security-news-how-the-cybercriminal-underground-has-changed-in-5-years-and-the-nsa-warns-of-new-sandworm-attacks-on-email-servers\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/05\\\/this-week-in-security-news-how-the-cybercriminal-underground-has-changed-in-5-years-and-the-nsa-warns-of-new-sandworm-attacks-on-email-servers.jpg\",\"datePublished\":\"2020-05-29T12:27:26+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-week-in-security-news-how-the-cybercriminal-underground-has-changed-in-5-years-and-the-nsa-warns-of-new-sandworm-attacks-on-email-servers\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-week-in-security-news-how-the-cybercriminal-underground-has-changed-in-5-years-and-the-nsa-warns-of-new-sandworm-attacks-on-email-servers\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-week-in-security-news-how-the-cybercriminal-underground-has-changed-in-5-years-and-the-nsa-warns-of-new-sandworm-attacks-on-email-servers\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/05\\\/this-week-in-security-news-how-the-cybercriminal-underground-has-changed-in-5-years-and-the-nsa-warns-of-new-sandworm-attacks-on-email-servers.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/05\\\/this-week-in-security-news-how-the-cybercriminal-underground-has-changed-in-5-years-and-the-nsa-warns-of-new-sandworm-attacks-on-email-servers.jpg\",\"width\":300,\"height\":300},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-week-in-security-news-how-the-cybercriminal-underground-has-changed-in-5-years-and-the-nsa-warns-of-new-sandworm-attacks-on-email-servers\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Current News\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/current-news\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"This Week in Security News: How the Cybercriminal Underground Has Changed in 5 Years and the NSA Warns of New Sandworm Attacks on Email Servers\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"This Week in Security News: How the Cybercriminal Underground Has Changed in 5 Years and the NSA Warns of New Sandworm Attacks on Email Servers 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/this-week-in-security-news-how-the-cybercriminal-underground-has-changed-in-5-years-and-the-nsa-warns-of-new-sandworm-attacks-on-email-servers\/","og_locale":"en_US","og_type":"article","og_title":"This Week in Security News: How the Cybercriminal Underground Has Changed in 5 Years and the NSA Warns of New Sandworm Attacks on Email Servers 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/this-week-in-security-news-how-the-cybercriminal-underground-has-changed-in-5-years-and-the-nsa-warns-of-new-sandworm-attacks-on-email-servers\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2020-05-29T12:27:26+00:00","og_image":[{"width":300,"height":300,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/05\/this-week-in-security-news-how-the-cybercriminal-underground-has-changed-in-5-years-and-the-nsa-warns-of-new-sandworm-attacks-on-email-servers.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/this-week-in-security-news-how-the-cybercriminal-underground-has-changed-in-5-years-and-the-nsa-warns-of-new-sandworm-attacks-on-email-servers\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/this-week-in-security-news-how-the-cybercriminal-underground-has-changed-in-5-years-and-the-nsa-warns-of-new-sandworm-attacks-on-email-servers\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"This Week in Security News: How the Cybercriminal Underground Has Changed in 5 Years and the NSA Warns of New Sandworm Attacks on Email Servers","datePublished":"2020-05-29T12:27:26+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/this-week-in-security-news-how-the-cybercriminal-underground-has-changed-in-5-years-and-the-nsa-warns-of-new-sandworm-attacks-on-email-servers\/"},"wordCount":1387,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/this-week-in-security-news-how-the-cybercriminal-underground-has-changed-in-5-years-and-the-nsa-warns-of-new-sandworm-attacks-on-email-servers\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/05\/this-week-in-security-news-how-the-cybercriminal-underground-has-changed-in-5-years-and-the-nsa-warns-of-new-sandworm-attacks-on-email-servers.jpg","keywords":["Current News","Security"],"articleSection":["TrendMicro"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/this-week-in-security-news-how-the-cybercriminal-underground-has-changed-in-5-years-and-the-nsa-warns-of-new-sandworm-attacks-on-email-servers\/","url":"https:\/\/www.threatshub.org\/blog\/this-week-in-security-news-how-the-cybercriminal-underground-has-changed-in-5-years-and-the-nsa-warns-of-new-sandworm-attacks-on-email-servers\/","name":"This Week in Security News: How the Cybercriminal Underground Has Changed in 5 Years and the NSA Warns of New Sandworm Attacks on Email Servers 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/this-week-in-security-news-how-the-cybercriminal-underground-has-changed-in-5-years-and-the-nsa-warns-of-new-sandworm-attacks-on-email-servers\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/this-week-in-security-news-how-the-cybercriminal-underground-has-changed-in-5-years-and-the-nsa-warns-of-new-sandworm-attacks-on-email-servers\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/05\/this-week-in-security-news-how-the-cybercriminal-underground-has-changed-in-5-years-and-the-nsa-warns-of-new-sandworm-attacks-on-email-servers.jpg","datePublished":"2020-05-29T12:27:26+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/this-week-in-security-news-how-the-cybercriminal-underground-has-changed-in-5-years-and-the-nsa-warns-of-new-sandworm-attacks-on-email-servers\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/this-week-in-security-news-how-the-cybercriminal-underground-has-changed-in-5-years-and-the-nsa-warns-of-new-sandworm-attacks-on-email-servers\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/this-week-in-security-news-how-the-cybercriminal-underground-has-changed-in-5-years-and-the-nsa-warns-of-new-sandworm-attacks-on-email-servers\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/05\/this-week-in-security-news-how-the-cybercriminal-underground-has-changed-in-5-years-and-the-nsa-warns-of-new-sandworm-attacks-on-email-servers.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/05\/this-week-in-security-news-how-the-cybercriminal-underground-has-changed-in-5-years-and-the-nsa-warns-of-new-sandworm-attacks-on-email-servers.jpg","width":300,"height":300},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/this-week-in-security-news-how-the-cybercriminal-underground-has-changed-in-5-years-and-the-nsa-warns-of-new-sandworm-attacks-on-email-servers\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Current News","item":"https:\/\/www.threatshub.org\/blog\/tag\/current-news\/"},{"@type":"ListItem","position":3,"name":"This Week in Security News: How the Cybercriminal Underground Has Changed in 5 Years and the NSA Warns of New Sandworm Attacks on Email Servers"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/35254","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=35254"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/35254\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/35255"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=35254"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=35254"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=35254"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}