What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-10-15 13:40:21 | US links $5.2 billion worth of Bitcoin transactions to ransomware (lien direct) | The U.S. Treasury Department's Financial Crimes Enforcement Network (FinCEN) has identified roughly $5.2 billion worth of outgoing Bitcoin transactions likely tied to the top 10 most commonly reported ransomware variants. [...] | Ransomware | ||
 |
2021-10-15 12:47:22 | Nations Vow to Combat Ransomware at US-Led Summit (lien direct) | Over two dozen nations resolved Thursday to battle collectively against the global and escalating threat posed by cyber-extortionists, following a Washington-led anti-ransomware summit. | Ransomware Threat | ||
 |
2021-10-15 12:00:38 | Ransomware Taxonomy: Four Scenarios Companies Should Safeguard Against (lien direct) | Keeping your company and customers safe should be a constant priority, especially with increasing numbers of ransomware attacks worldwide. | Ransomware | ||
|
2021-10-15 10:49:18 | Accenture confirms data breach after August ransomware attack (lien direct) | Global IT consultancy giant Accenture confirmed that LockBit ransomware operators stole data from its systems during an attack that hit the company's systems in August 2021. [...] | Ransomware Data Breach | ||
 |
2021-10-15 10:04:36 | Three more ransomware attacks hit Water and Wastewater systems in 2021 (lien direct) | A joint cybersecurity advisory published by US agencies revealed that three ransomware attacks on wastewater systems this year. A joint cybersecurity advisory published today by the FBI, NSA, CISA, and the EPA revealed three more attacks launched by Ransomware gangs against US water and wastewater treatment facilities (WWS) this year. This is the first time that these attacks […] | Ransomware | ||
 |
2021-10-15 08:48:00 | US Government Warns of Insider and Ransomware Threat to Water Plants (lien direct) | Facilities on alert after multiple attacks over past two years | Ransomware Threat | ||
 |
2021-10-15 07:40:55 | Attackers Behind Trickbot Expanding Malware Distribution Channels (lien direct) | The operators behind the pernicious TrickBot malware have resurfaced with new tricks that aim to increase its foothold by expanding its distribution channels, ultimately leading to the deployment of ransomware such as Conti.
The threat actor, tracked under the monikers ITG23 and Wizard Spider, has been found to partner with other cybercrime gangs known Hive0105, Hive0106 (aka TA551 or Shathak), |
Ransomware Malware Threat Guideline | ||
|
2021-10-15 07:10:54 | CISA Issues Warning On Cyber Threats Targeting Water and Wastewater Systems (lien direct) | The U.S. Cybersecurity Infrastructure and Security Agency (CISA) on Thursday warned of continued ransomware attacks aimed at disrupting water and wastewater facilities (WWS), highlighting five incidents that occurred between March 2019 and August 2021.
"This activity-which includes attempts to compromise system integrity via unauthorized access-threatens the ability of WWS facilities to provide |
Ransomware | ||
|
2021-10-15 05:13:21 | Governments worldwide to crack down on ransomware payment channels (lien direct) | Senior officials from more than 30 countries said that their governments would take action to disrupt the illicit cryptocurrency payment channels used by ransomware gangs to finance their operations. [...] | Ransomware | ||
|
2021-10-15 03:43:30 | US government discloses more ransomware attacks on water plants (lien direct) | U.S. Water and Wastewater Systems (WWS) Sector facilities have been breached multiple times in ransomware attacks during the last two years according to joint advisory published by US government agencies on Thursday. [...] | Ransomware | ||
 |
2021-10-15 00:42:11 | Ransomware: The Global Cybersecurity Pandemic (lien direct) |
I am sitting in Paris this week at the Les Asis conference, but my mind is also on Biden's ransomware summit as ransomware took center stage again this week. No, not because of a major ransomware attack shutting down critical infrastructure or grinding production to a halt. In fact, the opposite. President Biden continued to push the need for cybersecurity and a more effective response to the scourge of ransomware by convening a 2-day ransomware summit involving 30 countries around the world. |
Ransomware | ||
|
2021-10-14 21:17:25 | Since 2020, at least 130 different ransomware families have been active (lien direct) | The popular Google's VirusTotal scanning service has published an interesting analysis of more than 80 Million ransomware samples. VirusTotal has published its first ransomware activity report based on the analysis of more than 80 million samples that have been uploaded from 140 countries worldwide. Since 2020, at least 130 different ransomware families have been active. […] | Ransomware | ||
 |
2021-10-14 18:12:40 | Broadcom Software\'s Symantec Threat Hunter Team discovers first-of-its-kind ransomware (lien direct) | The new ransomware family, called Yanluowang, appears to still be under development and lacks some sophisticated features found in similar code. Nonetheless, Symantec said, it's dangerous. | Ransomware Threat | ||
|
2021-10-14 18:12:38 | VirusTotal Shares Analysis of 80 Million Ransomware Samples (lien direct) | At least 130 ransomware families were active in 2020 and in the first half of 2021, according to a recent data analysis from Google's VirusTotal scanning service. | Ransomware | ||
 |
2021-10-14 16:00:00 | How to Report Scam Calls and Phishing Attacks (lien direct) | With incidents such as the Colonial Pipeline infection and the Kaseya supply chain attack making so many headlines these days, it can be easy to forget that malicious actors are still preying on individual users. They’re not using ransomware to do that so much anymore, though. Not since the rise of big game hunting, anyway. […] | Ransomware | ||
 |
2021-10-14 15:53:08 | Analysis of 80 million ransomware samples reveals a world under attack (lien direct) | VirusTotal's first Ransomware Activity Report reveals that it received ransomware submissions from 140 different countries around the world, and discovered at least 130 different ransomware families had been active since January 2020. Read more in my article on the Tripwire State of Security blog. | Ransomware | ||
|
2021-10-14 15:19:54 | For the first time, an Israeli hospital was hit by a major ransomware attack (lien direct) | The Hillel Yaffe Medical Center in Hadera, Israel, was hit by a ransomware attack that was defined by Israel’s National Cyber Directorate as a “major” attack. The Hillel Yaffe Medical Center in Hadera, Israel was hit by a ransomware attack that impacted the system of the hospital. Local media outlets reported that the hospital has […] | Ransomware | ||
 |
2021-10-14 13:32:16 | Podcast: 67% of Orgs Have Been Hit by Ransomware at Least Once (lien direct) | Fortinet's Derek Manky discusses a recent global survey showing that two-thirds of organizations suffered at least one ransomware attack, while half were hit multiple times. | Ransomware | ||
|
2021-10-14 13:28:42 | Israeli Hospital Targeted in Ransomware Attack (lien direct) | An Israeli hospital was targeted Wednesday by a ransomware attack, officials said, with the state's cyber directorate calling it the first such attack on a hospital in the country. The Hillel Yaffe Medical Center is "currently using alternative systems to treat its patients", it said in a statement, describing the attack as "totally unexpected". | Ransomware | ||
|
2021-10-14 13:17:45 | Cyber Insurance Firm At-Bay Announces $20 Million Series D Extension (lien direct) | At-Bay, the cyber insurance company that aims to reduce ransomware risk, this week announced a $20 million extension to its Series D funding round. | Ransomware | ||
|
2021-10-14 12:50:13 | Microsoft\'s Failure to Prioritize Security Puts Everyone at Risk (lien direct) |
It has been a very busy year when it comes to Microsoft zero-day attacks. According to KrebsOnSecurity, May is the only month in 2021 that Microsoft didn't release a patch to defend against at least one zero-day exploit. And Microsoft vulnerabilities are playing a bigger role in the spate of ransomware infections organizations are grappling with than most probably are aware of (more on that below). |
Ransomware | ||
|
2021-10-14 12:00:30 | The XDR Solution to the Ransomware Problem (lien direct) | To protect against ransomware, it is important to interrupt the kill chain as early as possible. One way to make it simple and fast is to harness the power of XDR. | Ransomware | ||
|
2021-10-14 11:15:27 | New Yanluowang ransomware used in highly targeted attacks on large orgs (lien direct) | Researchers spotted a new strain of ransomware, dubbed Yanluowang, that was used in highly targeted attacks against enterprises. Researchers from Symantec Threat Hunter Team discovered a ransomware family, tracked as Yanluowang ransomware that was used in highly targeted attacks against large enterprises. The discovery is part of an investigation into a recent attempted ransomware attack […] | Ransomware Threat | ||
|
2021-10-14 10:41:06 | Nations Reveal Ransomware Pain at US-Led Summit (lien direct) | A digital "disaster" in Germany, growing attacks in the United Arab Emirates and even Israel announcing a blitz underway: nations disclosed their struggle Wednesday against cyber-extortionists at a Washington-led anti-ransomware summit. | Ransomware | ||
|
2021-10-14 10:00:00 | New "Yanluowang" Ransomware Variant Discovered (lien direct) | Malware appears to still be under development, says Symantec | Ransomware Malware | ||
|
2021-10-14 07:48:00 | VirusTotal Releases Ransomware Report Based on Analysis of 80 Million Samples (lien direct) | As many as 130 different ransomware families have been found to be active in 2020 and the first half of 2021, with Israel, South Korea, Vietnam, China, Singapore, India, Kazakhstan, Philippines, Iran, and the U.K. emerging as the most affected territories, a comprehensive analysis of 80 million ransomware-related samples has revealed.
Google's cybersecurity arm VirusTotal attributed a |
Ransomware | ||
|
2021-10-14 06:00:00 | New Yanluowang ransomware used in targeted enterprise attacks (lien direct) | A new and still under development ransomware strain is being used in highly targeted attacks against enterprise entities as Broadcom's Symantec Threat Hunter Team discovered. [...] | Ransomware Threat | ||
|
2021-10-13 15:32:36 | Dark Web: Many cybercrime services sell for less than $500 (lien direct) | A ransomware kit costs as little as $66, though it needs to be modified, while a spearphishing attack can run as low as $100, says Altas VPN. | Ransomware | ||
|
2021-10-13 13:42:47 | Cybereason Recognized in Debut XDR New Wave™ Report (lien direct) |
As we enter Q4 of a hyper-growth year for XDR, Cybereason is in full gear: We're just getting started! We remain undefeated in protecting our customers from headline-stealing attacks like SolarWinds, the Microsoft Exchange Server attacks, and dangerous ransomware attacks from DarkSide, REvil and other adversaries. |
Ransomware | ||
|
2021-10-13 13:08:35 | US Talks Global Cybersecurity Without a Key Player: Russia (lien direct) | Russia, which hosts many of the criminal syndicates behind ransomware attacks around the world was not invited to an international counter-ransomware event | Ransomware | ||
 |
2021-10-13 12:51:00 | The complete guide to ransomware (lien direct) | Pas de details / No more details | Ransomware | ||
|
2021-10-13 11:22:00 | 30 Mins or Less: Rapid Attacks Extort Orgs Without Ransomware (lien direct) | The previously unknown SnapMC group exploits unpatched VPNs and webserver apps to breach systems and carry out quick-hit extortion in less time than it takes to order a pizza. | Ransomware | ||
|
2021-10-13 11:01:44 | Australia to tackle ransomware data breaches by deleting stolen files (lien direct) | Australia's Minister for Home Affairs has announced the "Australian Government's Ransomware Action Plan," which is a set of new measures the country will adopt in an attempt to tackle the rising threat. [...] | Ransomware | ||
|
2021-10-13 10:00:00 | Trickbot Rising - Gang Doubles Down on Infection Efforts to Amass Network Footholds (lien direct) | IBM X-Force has been tracking the activity of ITG23, a prominent cybercrime gang also known as the TrickBot Gang and Wizard Spider. Researchers are seeing an aggressive expansion of the gang’s malware distribution channels, infecting enterprise users with Trickbot and BazarLoader. This move is leading to more ransomware attacks — particularly ones using the Conti […] | Ransomware Malware Guideline | ||
|
2021-10-13 06:56:43 | Russia and China left out of global anti-ransomware meetings (lien direct) | The White House National Security Council facilitates virtual meetings this week with senior officials and ministers from more than 30 countries in a virtual international counter-ransomware event to rally allies in the fight against the ransomware threat. [...] | Ransomware | ||
 |
2021-10-12 17:41:00 | Anomali Cyber Watch: Aerospace and Telecoms Targeted by Iranian MalKamak Group, Cozy Bear Refocuses on Cyberespionage, Wicked Panda is Traced by Malleable C2 Profiles, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Data leak, Ransomware, Phishing, and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Russian Cyberattacks Pose Greater Risk to Governments and Other Insights from Our Annual Report
(published: October 7, 2021)
Approximately 58% of all nation-state attacks observed by Microsoft between July 2020 and June 2021 have been attributed to the Russian-sponsored threat groups, specifically to Cozy Bear (APT29, Nobelium) associated with the Russian Foreign Intelligence Service (SVR). The United States, Ukraine, and the UK were the top three targeted by them. Russian Advanced Persistent Threat (APT) actors increased their effectiveness from a 21% successful compromise rate to a 32% rate comparing year to year. They achieve it by starting an attack with supply-chain compromise, utilizing effective tools such as web shells, and increasing their skills with the cloud environment targeting. Russian APTs are increasingly targeting government agencies for intelligence gathering, which jumped from 3% of their targets a year ago to 53% – largely agencies involved in foreign policy, national security, or defense. Following Russia by the number of APT cyberattacks were North Korea (23%), Iran (11%), and China (8%).
Analyst Comment: As the collection of intrusions for potential disruption operations via critical infrastructure attacks became too risky for Russia, it refocused back to gaining access to and harvesting intelligence. The scale and growing effectiveness of the cyberespionage requires a defence-in-depth approach and tools such as Anomali Match that provide real-time forensics capability to identify potential breaches and known actor attributions.
MITRE ATT&CK: [MITRE ATT&CK] Supply Chain Compromise - T1195 | [MITRE ATT&CK] Server Software Component - T1505 | [MITRE ATT&CK] Phishing - T1566 | [MITRE ATT&CK] Brute Force - T1110
Tags: Fancy Bear, APT28, APT29, The Dukes, Strontium, Nobelium, Energetic Bear, Cozy Bear, Government, APT, Russia, SVR, China, North Korea, USA, UK, Ukraine, Iran
Ransomware in the CIS
(published: October 7, 2021)
Many prominent ransomware groups have members located in Russia and the Commonwealth of Independent States (CIS) - and they avoid targeting this region. Still, businesses in the CIS are under the risk of being targeted by dozens of lesser-known ransomware groups. Researchers from Kaspersky Labs have published a report detailing nine business-oriented ransomware trojans that were most active in the CIS in the first half of 2021. These ransomware families are BigBobRoss (TheDMR), Cryakl (CryLock), CryptConsole, Crysis (Dharma), Fonix (XINOF), Limbozar (VoidCrypt), Phobos (Eking), Thanos (Hakbit), and XMRLocker. The oldest, Cryakl, has been around since April 2014, and the newest, XMRLocker, was first detected in August 2020. Most of them were mainly distributed via the cracking of Remote Deskto |
Ransomware Malware Tool Threat Guideline Prediction | APT 41 APT 41 APT 39 APT 29 APT 29 APT 28 | |
|
2021-10-12 11:33:00 | (Déjà vu) NCSC CEO: Ransomware the "Most Immediate Threat" Facing UK Businesses (lien direct) | NCSC CEO Lindy Cameron said organizations must take action to strengthen their cyber defenses | Ransomware | ||
|
2021-10-12 10:10:46 | Meeting Backup Requirements for Cyber Insurance Coverage (lien direct) | Many companies wrongly assume that having backups in the cloud can prevent or reduce the impacts of a ransomware attack | Ransomware | ||
|
2021-10-12 08:43:47 | SnapMC hackers skip file encryption and just steal your files (lien direct) | A new actor tracked as SnapMC has emerged in the cybercrime space, performing the typical data-stealing extortion that underpins ransomware operations, but without doing any file encryption. [...] | Ransomware | ||
 |
2021-10-12 08:01:01 | Définition des composants de frappe de cobalt afin que vous puissiez-vous confiant dans votre analyse Defining Cobalt Strike Components So You Can BEA-CONfident in Your Analysis (lien direct) |
cobalt frappe est un logiciel de simulation adversaire commercial qui est commercialisé dans les équipes rouges mais qui est également volé et activement utilisé par un large éventail d'acteurs de menaces, des opérateurs de ransomwares aux menaces persistantes avancées axées sur l'espionnage (APT).De nombreux défenseurs du réseau ont vu des charges utiles de grève de Cobalt utilisées dans les intrusions, mais pour ceux qui n'ont pas eu l'occasion d'utiliser Cobalt Strike en tant qu'opérateur, il peut être difficile de comprendre les nombreux composants et fonctionnalités inclus dans ce cadre.
Dans cet article de blog, nous parcourons des définitions et des concepts importants pour aider les défenseurs
Cobalt Strike is a commercial adversary simulation software that is marketed to red teams but is also stolen and actively used by a wide range of threat actors from ransomware operators to espionage-focused Advanced Persistent Threats (APTs). Many network defenders have seen Cobalt Strike payloads used in intrusions, but for those who have not had the opportunity to use Cobalt Strike as an operator, it can be challenging to understand the many components and features included in this framework. In this blog post, we will walk through important definitions and concepts to help defenders |
Ransomware Threat | ★★★ | |
|
2021-10-12 08:00:00 | What is Ransomware-as-a-Service and How Does it Work? (lien direct) |
Editor's Note: Unlock the knowledge, resources and expert guidance you need to successfully prevent ransomware attacks from impacting your organization's operations with this complimentary Ransomware Toolkit...
Recently, we introduced a blog series where we'll break down some key drivers of the ransomware threat landscape for Cybersecurity Awareness Month (formerly National Cybersecurity Awareness Month). We spent the first week analyzing Initial Access Brokers (IABs). For this week, let's focus on Ransomware-as-a-Service (RaaS).
|
Ransomware Threat | ||
|
2021-10-11 18:25:55 | Engineering Company Weir Group Discloses Ransomware Hack (lien direct) | Engineering company Weir Group has acknowledged it was the victim of a ransomware attack that will likely affect revenue for the third quarter of the year. | Ransomware Hack | ||
|
2021-10-11 13:20:23 | How to combat the most prevalent ransomware threats (lien direct) | Over the second quarter of the year, 73% of ransomware detections were related to the REvil/Sodinokibi family, while Darkside attacks expanded to more industries, McAfee says. | Ransomware | ||
|
2021-10-11 05:18:44 | Pacific City Bank discloses ransomware attack claimed by AvosLocker (lien direct) | Pacific City Bank (PCB), one of the largest Korean-American community banking service providers in America, has disclosed a ransomware incident that took place last month. [...] | Ransomware | ||
|
2021-10-09 07:52:18 | (Déjà vu) Cox Media Group took down broadcasts after a ransomware attack (lien direct) | American media conglomerate Cox Media Group (CMG) was hit by a ransomware attack that took down live TV and radio broadcast streams in June 2021. The American media conglomerate Cox Media Group (CMG) announced it was hit by a ransomware attack that caused the interruption of the live TV and radio broadcast streams in June […] | Ransomware | ||
|
2021-10-08 17:44:49 | The Week in Ransomware - October 8th 2021 - Making arrrests (lien direct) | This week's big news is the arrests of two ransomware operators in Ukraine responsible for hundreds of attacks targeting organizations worldwide. [...] | Ransomware | ||
|
2021-10-08 15:59:12 | Cox Media Group confirms ransomware attack that took down broadcasts (lien direct) | American media conglomerate Cox Media Group (CMG) confirmed that it was hit by a ransomware attack that took down live TV and radio broadcast streams in June 2021. [...] | Ransomware | ||
|
2021-10-08 11:36:12 | The Netherlands declares war on ransomware operations (lien direct) | The Dutch government will not tolerate ransomware attacks that could threaten national security, it will use intelligence or military services to curb them. The Dutch government announced that it will not tolerate cyberattacks that pose a risk to its national security and will employ intelligence or military services to counter them. Cyberespionage and sabotage attacks, […] | Ransomware | ||
|
2021-10-08 10:40:49 | Russian orgs heavily targeted by smaller tier ransomware gangs (lien direct) | Even though American and European companies enjoy the lion's share in ransomware attacks launched from Russian ground, companies in the country aren't spared from having to deal with file encryption and double-extortion troubles. [...] | Ransomware | ||
|
2021-10-08 08:36:06 | Attackers Encrypt VMware ESXi Server With Python Ransomware (lien direct) | A recently observed attack employed a Python-based ransomware variant to target an organization's VMware ESXi server and encrypt all virtual disks, Sophos reports. | Ransomware |
To see everything:
Our RSS (filtrered)
