What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-11-29 10:06:01 | La collaboration mondiale de l'application des lois frappe contre les réseaux de ransomware ciblant les grandes sociétés Global law enforcement collaboration strikes against ransomware networks targeting large corporations (lien direct) |
Les autorités des forces de l'ordre et judiciaires de sept pays, en collaboration avec Europol et Eurojuste, se sont unis pour démanteler ...
Law enforcement and judicial authorities from seven countries, in collaboration with Europol and Eurojust, have united to dismantle... |
Ransomware | ★★★ | |
 |
2023-11-28 23:05:04 | Prédictions 2024 de Proofpoint \\: Brace for Impact Proofpoint\\'s 2024 Predictions: Brace for Impact (lien direct) |
In the ever-evolving landscape of cybersecurity, defenders find themselves navigating yet another challenging year. Threat actors persistently refine their tactics, techniques, and procedures (TTPs), showcasing adaptability and the rapid iteration of novel and complex attack chains. At the heart of this evolution lies a crucial shift: threat actors now prioritize identity over technology. While the specifics of TTPs and the targeted technology may change, one constant remains: humans and their identities are the most targeted links in the attack chain. Recent instances of supply chain attacks exemplify this shift, illustrating how adversaries have pivoted from exploiting software vulnerabilities to targeting human vulnerabilities through social engineering and phishing. Notably, the innovative use of generative AI, especially its ability to improve phishing emails, exemplifies a shift towards manipulating human behavior rather than exploiting technological weaknesses. As we reflect on 2023, it becomes evident that cyber threat actors possess the capabilities and resources to adapt their tactics in response to increased security measures such as multi-factor authentication (MFA). Looking ahead to 2024, the trend suggests that threats will persistently revolve around humans, compelling defenders to take a different approach to breaking the attack chain. So, what\'s on the horizon? The experts at Proofpoint provide insightful predictions for the next 12 months, shedding light on what security teams might encounter and the implications of these trends. 1. Cyber Heists: Casinos are Just the Tip of the Iceberg Cyber criminals are increasingly targeting digital supply chain vendors, with a heightened focus on security and identity providers. Aggressive social engineering tactics, including phishing campaigns, are becoming more prevalent. The Scattered Spider group, responsible for ransomware attacks on Las Vegas casinos, showcases the sophistication of these tactics. Phishing help desk employees for login credentials and bypassing MFA through phishing one-time password (OTP) codes are becoming standard practices. These tactics have extended to supply chain attacks, compromising identity provider (IDP) vendors to access valuable customer information. The forecast for 2024 includes the replication and widespread adoption of such aggressive social engineering tactics, broadening the scope of initial compromise attempts beyond the traditional edge device and file transfer appliances. 2. Generative AI: The Double-Edged Sword The explosive growth of generative AI tools like ChatGPT, FraudGPT and WormGPT bring both promise and peril, but the sky is not falling as far as cybersecurity is concerned. While large language models took the stage, the fear of misuse prompted the U.S. president to issue an executive order in October 2023. At the moment, threat actors are making bank doing other things. Why bother reinventing the model when it\'s working just fine? But they\'ll morph their TTPs when detection starts to improve in those areas. On the flip side, more vendors will start injecting AI and large language models into their products and processes to boost their security offerings. Across the globe, privacy watchdogs and customers alike will demand responsible AI policies from technology companies, which means we\'ll start seeing statements being published about responsible AI policies. Expect both spectacular failures and responsible AI policies to emerge. 3. Mobile Device Phishing: The Rise of Omni-Channel Tactics take Centre Stage A notable trend for 2023 was the dramatic increase in mobile device phishing and we expect this threat to rise even more in 2024. Threat actors are strategically redirecting victims to mobile interactions, exploiting the vulnerabilities inherent in mobile platforms. Conversational abuse, including conversational smishing, has experienced exponential growth. Multi-touch campaigns aim to lure users away from desktops to mobile devices, utilizing tactics like QR codes and fraudulent voice calls | Ransomware Malware Tool Vulnerability Threat Mobile Prediction Prediction | ChatGPT ChatGPT | ★★★ |
 |
2023-11-28 21:56:39 | Spotlight des ransomwares: Trigona Ransomware Spotlight: Trigona (lien direct) |
#### Description
Le ransomware de Trigona, suivi pour la première fois par Trend Micro sous le nom d'eau, a émergé en octobre 2022, mais les binaires du ransomware ont été perçus dès juin de la même année.Le groupe s'est positionné comme gérant un schéma lucratif, lançant des attaques mondiales et des revenus publicitaires jusqu'à 20% à 50% pour chaque attaque réussie.)) Chats internes de Forum \\ et à l'aide des informations d'origine pour obtenir un accès initial aux cibles.
En avril 2023, Trigona a commencé à cibler les serveurs compromis Microsoft SQL (MSSQL) via des attaques par force brute.Un mois plus tard, une version Linux de Trigona a été trouvée qui partageait des similitudes avec son homologue Windows.Le ransomware Trigona est également lié au crylock en raison de leurs similitudes de tactique, de techniques et de procédures (TTP), de nom de fichier de note de rançon et d'adresses e-mail utilisées.
Le ransomware de Trigona a le plus ciblé les organisations gouvernementales, les tentatives d'attaque représentant 21,4% du total des détections, selon les commentaires des clients tendance qui ont détaillé les industries dans lesquelles ils appartiennent.Trigona a également ciblé les entreprises dans la technologie, le commerce de détail, les biens de consommation à évolution rapide et les industries bancaires.Le groupe a opposé les petites et moyennes entreprises, qui représentaient plus de la moitié des victimes totales du groupe d'avril à octobre 2023. Trigona a compromis un total de 33 organisations au cours de la période susmentionnée.
#### URL de référence (s)
1. https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-ttegona
#### Date de publication
28 novembre 2023
#### Auteurs)
Micro-recherche tendance
#### Description The Trigona ransomware, first tracked by Trend Micro as Water Ungaw, emerged in October 2022 but binaries of the ransomware were seen as early as June of the same year. The group positioned itself as running a lucrative scheme, launching global attacks and advertising revenues up to 20% to 50% for each successful attack.The group was also reported as communicating with network access brokers who provide compromised credentials via the Russian Anonymous Marketplace (RAMP) forum\'s internal chats and using the sourced information to obtain initial access to targets. In April 2023, Trigona started targeting compromised Microsoft SQL (MSSQL) Servers via brute-force attacks. A month later, a Linux version of Trigona was found that shared similarities with its Windows counterpart. The Trigona ransomware is also linked to CryLock due to their similarities in tactics, techniques, and procedures (TTPs), ransom note file name, and email addresses used. Trigona ransomware targeted government organizations the most, with attack attempts making up 21.4% of total detections, according to feedback from Trend customers who detailed the industries in which they belong. Trigona also targeted enterprises in the technology, retail, fast-moving consumer goods, and banking industries. The group set its sights on small- and medium-sized businesses, which made up more than half of the group\'s total victims from April to October 2023. Trigona compromised a total of 33 organizations within the aforementioned period. #### Reference URL(s) 1. https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-trigona #### Publication Date November 28, 2023 #### Author(s) Trend Micro Research |
Ransomware Prediction | ★★★ | |
 |
2023-11-28 20:21:00 | Utilitaire électrique slovène HSE souffre d'une attaque de ransomware Slovenian Electrical Utility HSE Suffers Ransomware Attack (lien direct) |
La production d'électricité de la Société reste en activité et les autorités ont été informées de l'attaque.
The company\'s power production remains in operation, and authorities have been notified of the attack. |
Ransomware | ★★★ | |
 |
2023-11-28 19:51:36 | Gang de ransomware rompu en Ukraine à la suite de l'opération internationale Ransomware gang broken up in Ukraine as a result of international operation (lien direct) |
> La police d'Ukraine a arrêté un homme de 32 ans qui, selon lui, était le "chef" d'un groupe, ainsi que "ses quatre complices les plus actifs", selon une traduction Google d'une déclaration publiée par la cyber-police ukrainienne.
>Police in Ukraine arrested a 32-year-old man they say was the "leader" of a group, as well as "his four most active accomplices," according to a Google translation of a statement issued by the Ukrainian Cyber Police. |
Ransomware | ★★ | |
 |
2023-11-28 17:28:14 | Utimaco présente U.Trust Lan Crypt Cloud Utimaco introduces u.trust LAN Crypt Cloud (lien direct) |
utimaco introduit U.Trust LAN Crypt Cloud, une solution de gestion du cryptage de fichiers basé sur le cloud pour une protection facile et solide de données
avec des ransomwares et d'autres cyberattaques à un niveau record en 2023, il est plus important que jamais pour les organisations de protéger leurs données
-
revues de produits
Utimaco introduces u.trust LAN Crypt Cloud, a cloud-based file encryption management solution for easy, strong data protection With ransomware and other cyber-attacks at an all-time high in 2023, it is more important than ever for organizations to protect their data - Product Reviews |
Ransomware Cloud | ★★ | |
|
2023-11-28 17:20:00 | Vendeur egyptien e-paiement se remettant d'une attaque de ransomware de verrouillage Egyptian E-Payment Vendor Recovering From LockBit Ransomware Attack (lien direct) |
FAWRY confirme les adresses, les numéros de téléphone et les dates de naissance, divulguées en ligne.
Fawry confirms addresses, phone numbers, and dates of birth, leaked online. |
Ransomware | ★★ | |
 |
2023-11-28 16:30:00 | Ardent Health Services est aux prises avec une perturbation des ransomwares Ardent Health Services Grapples With Ransomware Disruption (lien direct) |
Les procédures non urgentes sont en cours de report, les patients d'urgence redirigées vers d'autres hôpitaux
Non-urgent procedures are being rescheduled, emergency room patients redirected to other hospitals |
Ransomware | ★★ | |
 |
2023-11-28 16:03:00 | Les cybercriminels clés derrière des familles de ransomware notoires arrêtées en Ukraine Key Cybercriminals Behind Notorious Ransomware Families Arrested in Ukraine (lien direct) |
Une opération coordonnée d'application de la loi a conduit à l'arrestation de personnes clés en Ukraine qui seraient partie de plusieurs schémas de ransomwares.
"Le 21 novembre, 30 propriétés ont été fouillées dans les régions de Kiev, Cherkasy, Rivne et Vinnytsia, entraînant l'arrestation du chef de file de 32 ans", a déclaré Europol dans un communiqué aujourd'hui."Quatre des complices les plus actifs du chef de file étaient
A coordinated law enforcement operation has led to the arrest of key individuals in Ukraine who are alleged to be a part of several ransomware schemes. "On 21 November, 30 properties were searched in the regions of Kyiv, Cherkasy, Rivne, and Vinnytsia, resulting in the arrest of the 32-year-old ringleader," Europol said in a statement today. "Four of the ringleader\'s most active accomplices were |
Ransomware | ★★ | |
 |
2023-11-28 14:39:29 | Ransomware de Qilin affirme que l'attaque du géant automobile Yanfeng Qilin ransomware claims attack on automotive giant Yanfeng (lien direct) |
Le groupe Ransomware Qilin a revendiqué la responsabilité d'une cyberattaque contre les intérieurs automobiles Yanfeng (Yanfeng), l'un des plus grands fournisseurs de pièces automobiles du monde.[...]
The Qilin ransomware group has claimed responsibility for a cyber attack on Yanfeng Automotive Interiors (Yanfeng), one of the world\'s largest automotive parts suppliers. [...] |
Ransomware | ★★★ | |
 |
2023-11-28 14:19:00 | Des suspects de gangs de ransomware de haut niveau arrêtés en Ukraine High-profile ransomware gang suspects arrested in Ukraine (lien direct) |
Des agents de l'application des lois de sept pays ont déclaré avoir arrêté des membres clés d'un gang de ransomware de haut niveau qui opérait en Ukraine.Depuis 2018, les membres du groupe \\ ont crypté plus de 1 000 serveurs de grandes entreprises dans le monde, causant au moins 82 millions de dollars de dommagesGryven-Zbytkiv-Kiberpolicziya-Ta-Slidchi-Naczpolu-Vykryly-Xakeriv-yaki-Attakuvaly-Providni-Svitovi-Kompaniyi-1780 / "> Selon la police ukrainienne .Les pirates ont exigé des paiements de rançon en crypto-monnaie.Parmi
Law enforcement officers from seven countries said they have arrested key members of a high-profile ransomware gang that was operating from Ukraine. Since 2018, the group\'s members have encrypted over 1,000 servers of large enterprises worldwide, causing at least $82 million in damages, according to Ukrainian police. The hackers demanded ransom payments in cryptocurrency. Among |
Ransomware Legislation | ★★ | |
 |
2023-11-28 13:55:33 | Ethyrial: échos d'antan par ransomware, comptes de joueurs supprimés Ethyrial: Echoes of Yore Hit by Ransomware, Player Accounts Deleted (lien direct) |
> Par deeba ahmed
La société de victimes, Gellyberry Studios, un studio de jeu indépendant, a développé l'éthyrial: Echoes of yore.
Ceci est un article de HackRead.com Lire le post original: Ethyrial: échos d'antan frappé par les ransomwares, comptes de joueurs supprimés
>By Deeba Ahmed The victim company, Gellyberry Studios, an independent game studio, developed Ethyrial: Echoes of Yore. This is a post from HackRead.com Read the original post: Ethyrial: Echoes of Yore Hit by Ransomware, Player Accounts Deleted |
Ransomware | ★★ | |
|
2023-11-28 13:35:00 | Conseil anglais dépensé & livre; 1,1 million de personnes se remettant d'une attaque de ransomware English council spent £1.1 million recovering from ransomware attack (lien direct) |
Le conseil municipal de Gloucester dans les West Midlands d'Angleterre a été contraint de dépenser plus que & Pound; 1,1 million (1,39 million de dollars) pour se remettre d'une attaque de ransomware en décembre 2021, selon L'agenda publié d'une réunion du conseil qui a eu lieu lundi.La réunion a suivi le Conseil recevant une réprimande officielle par le commissaire à l'information \\
Gloucester City Council in the West Midlands of England was forced to spend more than £1.1 million ($1.39 million) to recover from a ransomware attack in December 2021, according to the published agenda of a council meeting that took place on Monday. The meeting followed the council receiving a formal reprimand by the Information Commissioner\'s |
Ransomware | ★★ | |
 |
2023-11-28 13:15:24 | Ransomware Hackers \\ 'Wring Havoc \\' arrêté en Ukraine Ransomware hackers \\'wreaking havoc\\' arrested in Ukraine (lien direct) |
Les cyber-policiers effectuent des raids pour démanteler un gang responsable du piratage de centaines d'organisations.
Cyber police carry out raids to dismantle gang responsible for hacking hundreds of organisations. |
Ransomware | ★★★ | |
|
2023-11-28 12:09:29 | DP World confirme les données volées dans la cyberattaque, aucun ransomware utilisé DP World confirms data stolen in cyberattack, no ransomware used (lien direct) |
Le géant international de la logistique DP World a confirmé que des données avaient été volées lors d'une cyberattaque qui a perturbé ses opérations en Australie au début du mois.Cependant, aucune charge utile ou chiffrement des ransomwares n'a été utilisée dans l'attaque.[...]
International logistics giant DP World has confirmed that data was stolen during a cyber attack that disrupted its operations in Australia earlier this month. However, no ransomware payloads or encryption was used in the attack. [...] |
Ransomware | ★★★ | |
 |
2023-11-28 11:00:00 | Pour le manque de cyber ongle, le royaume est tombé For want of a cyber nail the kingdom fell (lien direct) |
An old proverb, dating to at least the 1360’s, states: "For want of a nail, the shoe was lost, for want of a shoe, the horse was lost, for want of a horse, the rider was lost, for want of a rider, the battle was lost, for want of a battle, the kingdom was lost, and all for the want of a horseshoe nail," When published in Ben Franklin’s Poor Richard’s Almanack in 1768, it was preceded by the cautionary words: “a little neglect may breed great mischief”. This simple proverb and added comment serve as emblematic examples of how seemingly inconsequential missteps or neglect can lead to sweeping, irreversible, catastrophic losses. The cascade of events resonates strongly within the increasingly complex domain of cybersecurity, in which the omission of even the most elementary precaution can result in a spiraling series of calamities. Indeed, the realm of cybersecurity is replete with elements that bear striking resemblance to the nail, shoe, horse, and rider in this proverb. Consider, for example, the ubiquitous and elementary software patch that may be considered the proverbial digital "nail." In isolation, this patch might seem trivial, but its role becomes crucial when viewed within the broader network of security measures. The 2017 WannaCry ransomware attack demonstrates the significance of such patches; an unpatched vulnerability in Microsoft Windows allowed the malware to infiltrate hundreds of thousands of computers across the globe. It wasn\'t just a single machine that was compromised due to this overlooked \'nail,\' but entire networks, echoing how a lost shoe leads to a lost horse in the proverb. This analogy further extends to the human elements of cybersecurity. Personnel tasked with maintaining an organization\'s cyber hygiene play the role of the "rider" in our metaphorical tale. However, the rider is only as effective as the horse they ride; likewise, even the most skilled IT professional cannot secure a network if the basic building blocks—the patches, firewalls, and antivirus software—resemble missing nails and shoes. Numerous reports and studies have indicated that human error constitutes one of the most common causes of data breaches, often acting as the \'rider\' who loses the \'battle\'. Once the \'battle\' of securing a particular network or system is lost, the ramifications can extend much further, jeopardizing the broader \'kingdom\' of an entire organization or, in more extreme cases, critical national infrastructure. One glaring example that serves as a cautionary tale is the Equifax data breach of 2017, wherein a failure to address a known vulnerability resulted in the personal data of 147 million Americans being compromised. Much like how the absence of a single rider can tip the scales of an entire battle, this singular oversight led to repercussions that went far beyond just the digital boundaries of Equifax, affecting millions of individuals and shaking trust in the security of financial systems. | Ransomware Data Breach Malware Vulnerability | Wannacry Wannacry Equifax Equifax | ★★ |
 |
2023-11-28 09:53:13 | Les hôpitaux ardents détournent les patients après une attaque de ransomware Ardent Hospitals Diverting Patients Following Ransomware Attack (lien direct) |
> L'attaque de ransomware oblige les hôpitaux ardents à fermer les systèmes, un impact sur les opérations cliniques et financières.
>Ransomware attack forces Ardent hospitals to shut down systems, impacting clinical and financial operations. |
Ransomware Medical | ★★ | |
|
2023-11-28 09:45:00 | La police ukrainienne démantèle un groupe de ransomware majeure Ukraine Police Dismantle Major Ransomware Group (lien direct) |
Affilié a déployé Lockergoga, Megacortex, Hive et Dharma
Affiliate deployed LockerGoga, MegaCortex, Hive and Dharma |
Ransomware Legislation | ★★★ | |
 |
2023-11-28 00:00:00 | ICBC Ransomware Attack frappe au cœur de l'ordre financier mondial - Lockbit sur un jet ICBC Ransomware Attack Strikes at the Heart of the Global Financial Order - LockBit on a Roll (lien direct) |
Affilié a déployé Lockergoga, Megacortex, Hive et Dharma
Affiliate deployed LockerGoga, MegaCortex, Hive and Dharma |
Ransomware | ★★ | |
 |
2023-11-28 00:00:00 | Enquêter sur le risque de références compromises et d'actifs exposés à Internet explorez le rapport révélant les industries et les tailles d'entreprise avec les taux les plus élevés d'identification compromises et d'actifs exposés à Internet.En savoir plus Investigating the Risk of Compromised Credentials and Internet-Exposed Assets Explore the report revealing industries and company sizes with the highest rates of compromised credentials and internet-exposed assets. Read More (lien direct) |
IntroductionIn this report, Kovrr collected and analyzed data to better understand one of the most common initial access vectors (1) - the use of compromised credentials (Valid Accounts - T1078) (2) to access internet-exposed assets (External Remote Services - T113) (3). The toxic combination of these two initial access vectors can allow malicious actors to gain a foothold in company networks before moving on to the next stage of their attack, which can be data theft, ransomware, denial of service, or any other action. There are numerous examples of breaches perpetrated by many attack groups that have occurred using this combination, for example, breaches by Lapsus (4) and APT39 (5), among others. âThis report seeks to demonstrate which industries and company sizes have the highest percentage of compromised credentials and number of internet-exposed assets and face a higher risk of having their networks breached by the toxic combination of the initial access vectors mentioned above.âIt should be noted that having an asset exposed to the internet does not inherently pose a risk or indicate that a company has poor security. In our highly digitized world, companies are required to expose services to the internet so their services can be accessed by customers, vendors, and remote employees. These services include VPN servers, SaaS applications developed by the company, databases, and shared storage units. However, there are some common cases when having an asset exposed to the internet can be extremely risky, for example:âWhen a company unintentionally exposes an asset due to misconfiguration.When a malicious third party obtains compromised credentials of a legitimate third party and accesses an exposed asset.  âTo limit unnecessary internet exposure, companies should employ the following possible mitigations:âUse Multi-Factor Authentication (MFA) for any services or assets that require a connection so that compromised credentials on their own will not be enough to breach an exposed asset.Limit access to the asset to only specific accounts, domains, and/or IP ranges.Segment the internal company network and isolate critical areas so that even if a network is breached through access to an external asset, attackers will not be able to use that access to reach wider or more sensitive areas of the company network. âSummaryâThe following are the main findings from the collected data:âThe Services industry is by far the most exposed to attackers. Companies from that industry have the highest percentage of compromised credentials (74%). However, they have a relatively low amount of internet-exposed assets per company (34%). However, given that an average cyber loss in this industry has been shown to be about $45M, this is highly concerning (6). The Services industry (SIC Division I) is followed by Division E (Transportation, Communications, Electric, Gas, and Sanitary Services, with an average loss of around $58M), which is followed by Division D (Manufacturing, with an average loss of around $25M). The revenue range for companies with the highest number of compromised credentials is $1M-$10M, followed by $10M-$50M. A similar trend is also observed when evaluating company size by the number of employees. Indeed, companies with fewer employees have a higher share of compromised credentials. On average, the larger the company (both in terms of revenue and number of employees (7)), the greater the number of internet-exposed assets.There is a correlation between the industries and revenue ranges of companies targeted by ransomware and those with the highest share of compromised credentials.   âMethodologyâThe data for this research was collected as follows:âData regarding compromised credentials was first collected from Hudson Rock, a provider of various cybercrime data. Data was collected for the previous six months, beginning March 2023. This data | Ransomware Threat Studies Prediction Cloud | APT 39 APT 39 APT 17 | ★★★ |
|
2023-11-27 21:35:00 | Les hôpitaux de santé ardents perturbés après une attaque de ransomware Ardent Health Hospitals Disrupted After Ransomware Attack (lien direct) |
Plus de deux douzaines d'hôpitaux ont été touchés par la violation et détournent les soins d'urgence pour les patients dans d'autres établissements de santé.
More than two dozen hospitals have been impacted by the breach and are diverting emergency care for patients to other healthcare facilities. |
Ransomware Medical | ★★★ | |
|
2023-11-27 19:56:07 | Cactus: le nouveau venu ransomware avec des TTP sophistiqués Cactus: der Ransomware-Neuling mit ausgefeilten TTPs (lien direct) |
Cactus est apparu dans le M & Auml; RZ cette année et a depuis été en mesure d'infecter les données de quelques sociétés connues dans le monde.LogPoint a analysé les tactiques, les techniques et les procédures (TTP) et les indicateurs de compromis (CIO) pour développer des défenses. cactus est devenu un ransomware exclusif & uuml; appliquer.Le nouveau venu est apparu pour la première fois dans le M & Auml; RZ 2023 et a été aligné dans le top 10 des groupes de logiciels malveillants qui ont provoqué la plupart des victimes mensuelles;dans (...)
-
malware
/ /
ransomware ,
cybersecurite_home_droite
Cactus tauchte im März dieses Jahres auf und hat seitdem schon Daten von ein paar weltweit bekannten Unternehmen infizieren können. Logpoint hat Taktiken, Techniken und Prozeduren (TTPs) sowie Indicators of Compromise (IoCs) analysiert, um Abwehrmaßnahmen zu entwickeln. Cactus hat sich zu einer ausgeklügelten Ransomware entwickelt. Der Newcomer tauchte erstmals im März 2023 auf und hat sich in die Top 10 der Malware-Gruppen eingereiht, die die meisten monatlichen Opfer provozierten; im (...) - Malware / Ransomware, cybersecurite_home_droite |
Ransomware | ★★ | |
|
2023-11-27 19:23:00 | Le gang de ransomware notoire prend le crédit de la cyberattaque sur Fidelity National Financial Notorious ransomware gang takes credit for cyberattack on Fidelity National Financial (lien direct) |
Un groupe de ransomwares derrière certaines des plus grandes cyberattaques en 2023 a pris le crédit d'un incident impliquant un acteur de plusieurs milliards de dollars dans l'industrie immobilière.Fidelity National Financial - Un fournisseur Fortune 500 d'assurance-titre pour les ventes de biens - a reconnu une attaque dans Documents réglementaires Soumis le 21 novembre aux titres américains et
A ransomware group behind some of the biggest cyberattacks in 2023 has taken credit for an incident involving a multibillion-dollar player in the real estate industry. Fidelity National Financial - a Fortune 500 provider of title insurance for property sales - acknowledged an attack in regulatory documents submitted November 21 to the U.S. Securities and |
Ransomware | ★★ | |
|
2023-11-27 18:34:00 | Plusieurs hôpitaux détournent les ambulances après une attaque de ransomware contre la société mère Multiple hospitals divert ambulances after ransomware attack on parent company (lien direct) |
Les hôpitaux de plusieurs États sont confrontés à des problèmes en raison d'une attaque de ransomware contre la société mère Ardent Health Services, qui a confirmé lundi après-midi qu'il répondait à un incident.Ardent, basé à Nashville, gère 37 établissements de santé aux États-Unis depuis Thanksgiving, plusieurs médias locaux ont rapporté que les hôpitaux de leur région sont
Hospitals in several states are facing issues due to a ransomware attack on parent company Ardent Health Services, which confirmed on Monday afternoon that it was responding to an incident. Ardent, based in Nashville, runs 37 healthcare facilities across the U.S. Since Thanksgiving, multiple local news outlets have reported that hospitals in their area are |
Ransomware Medical | ★★★ | |
|
2023-11-27 17:00:00 | L'incident de la cybersécurité frappe la fidélité financière nationale Cybersecurity Incident Hits Fidelity National Financial (lien direct) |
Le groupe Ransomware AlphV / BlackCat a revendiqué la responsabilité de l'attaque
The Alphv/BlackCat ransomware group has claimed responsibility for the attack |
Ransomware | ★★ | |
|
2023-11-27 15:06:14 | L'attaque des ransomwares contre le fabricant de jeux indépendants a essuyé tous les comptes des joueurs Ransomware attack on indie game maker wiped all player accounts (lien direct) |
Une attaque de ransomware contre le "éthyrial: les échos d'antan" MMORPG vendredi dernier a détruit 17 000 comptes de joueurs, supprimant leurs objets en jeu et progressant dans le jeu.[...]
A ransomware attack on the "Ethyrial: Echoes of Yore" MMORPG last Friday destroyed 17,000 player accounts, deleting their in-game items and progress in the game. [...] |
Ransomware | ★★ | |
|
2023-11-27 12:54:41 | L'hôpital ardent a perturbé dans 6 États après une attaque de ransomware Ardent hospital ERs disrupted in 6 states after ransomware attack (lien direct) |
Ardent Health Services, un fournisseur de soins de santé exploitant 30 hôpitaux dans cinq États américains, a révélé aujourd'hui que ses systèmes avaient été touchés par une attaque de ransomware jeudi.[...]
Ardent Health Services, a healthcare provider operating 30 hospitals across five U.S. states, disclosed today that its systems were hit by a ransomware attack on Thursday. [...] |
Ransomware | ★★ | |
|
2023-11-27 11:16:01 | Le plus grand fournisseur d'électricité de Slovénie \\ a été frappé par une attaque de ransomware Slovenia\\'s largest power provider HSE hit by ransomware attack (lien direct) |
La société d'électricité slovène tenant Slovenske Elektrarne (HSE) a subi une attaque de ransomware qui a compromisSes systèmes et ses fichiers cryptés, mais la société affirme que l'incident n'a pas perturbé la production d'énergie électrique.[...]
Slovenian power company Holding Slovenske Elektrarne (HSE) has suffered a ransomware attack that compromised its systems and encrypted files, yet the company says the incident did not disrupt electric power production. [...] |
Ransomware | ★★★ | |
|
2023-11-27 09:26:51 | 8 sujets essentiels de cybersécurité à inclure dans votre programme de formation 8 Essential Cybersecurity Topics to Include in Your Training Program (lien direct) |
Your employees have a critical role to play as a first line of defense against cyberthreats. But to be effective, they need to know what those threats are-and stay apprised of how they\'re evolving. A comprehensive security awareness program is the key to helping your users grow their understanding of attackers\' methods and objectives so they can become more proactive defenders. That includes knowing what strategies malicious actors employ to manipulate people so they can use them to enable their campaigns. The importance of security awareness It\'s well worth taking the time to craft a meaningful and engaging security awareness program. By presenting the right mix of information to your users in a compelling way, you can empower them to help you improve your organization\'s security posture as well as create a more robust security culture overall. The cybersecurity topics that you include in your program should be relevant to your business and industry, of course. Companies face different cyberthreat challenges and regulatory compliance requirements related to data protection and data privacy. That said, there are several subjects that almost any modern business, regardless of its industry, will want to ensure its employees understand. We list eight of these cybersecurity topics below. They are the go-to approaches and tools that attackers around the world commonly use to compromise users and their accounts, disrupt normal business operations, steal money or data, and do other damage. Here\'s a high-level overview of these eight must-know cybersecurity topics: 1. Social engineering Social engineering is a collection of techniques malicious actors use to manipulate human psychology. Attackers rely on these strategies to trick or threaten users to take actions such as giving up account credentials, handing over sensitive data, running malicious code and transferring funds. They do this by taking advantage of users\': Emotions, by conveying a sense of urgency, generating excitement about an opportunity, or creating fear around losing money or doing something wrong Trust, by posing as someone familiar to the user or a trusted brand or authority-such as the Internal Revenue Service (IRS), UPS, Amazon or Microsoft Fatigue, by timing attacks when users are likely to be tired or distracted and more inclined to let their “emotional mind” guide their decision-making Common social engineering tactics include phishing-which we cover in the next section-and these others: Social media reconnaissance. Attackers often turn to social media to gather information about users that they target with their campaigns. These efforts can include direct outreach to users. Vishing (voice phishing) and smishing (SMS/text phishing). Vishing is the fraudulent practice of making phone calls or leaving voice messages purporting to be from a trusted brand or authority. With smishing, attackers use text messages to send SMS messages to users or robocall them. The messages often promise gifts or services in exchange for payment. Telephone-oriented attack delivery (TOAD). TOAD attacks start with an email that claims to be from a legitimate source and includes a phone number for customer assistance. Callers are connected to fake customer service representatives who then direct the victim through the attack. They may instruct the victim to let them access their machine remotely or download a file that turns out to be malware. Or they might direct them to a phishing site. Common sense can go a long way toward preventing a social engineering attack. Make sure to reiterate that if a message seems too good to be true, it\'s very likely a scam. And if something doesn\'t look or sound right, it probably isn\'t. 2. Phishing Phishing is an example of social engineering. Most phishing messages are sent by email. But some attackers deliver these messages through other methods, including smishing and vishing. Here are some typical strategies: Malicious links. When a user clicks on a | Ransomware Malware Tool Vulnerability Threat Mobile Cloud | Uber Uber | ★★ |
|
2023-11-26 22:00:00 | Ardent Health Hospitals Disrupted After Ransomware Attack (lien direct) | Plus de deux douzaines d'hôpitaux ont été touchés par la violation et détournent les soins d'urgence pour les patients dans d'autres établissements de santé.
More than two dozen hospitals have been impacted by the breach and are diverting emergency care for patients to other healthcare facilities. |
Ransomware Medical | ★★★ | |
|
2023-11-22 18:21:09 | #Stopransomware: Lockbit 3.0 Ransomware Affiliates Exploit CVE 2023-4966 Citrix Said Vulnerabilité #StopRansomware: LockBit 3.0 Ransomware Affiliates Exploit CVE 2023-4966 Citrix Bleed Vulnerability (lien direct) |
#### Description
CISA, FBI, MS-ISAC et Australian Signals Direction \'s Australian Cyber Security Center (ASD \'s ACSC) publient ce CSA pour diffuser les IOC, les TTP et les méthodes de détection associées à Lockbit 3.0 Ransomware exploitant CVE-2023 CVE-2010-4966, étiqueté Citrix Said, affectant Citrix NetScaler Web Delivery Control (ADC) et Netscaler Gateway Appliances.
Ce CSA fournit des TTP et des CIO obtenus auprès du FBI, de l'ACSC et partagés volontairement par Boeing.Boeing a observé les affiliés Lockbit 3.0 exploitant CVE-2023-4966, pour obtenir un accès initial à Boeing Distribution Inc., ses parties et ses activités de distribution qui maintient un environnement distinct.D'autres tiers de confiance ont observé une activité similaire sur leur organisation.
Historiquement, les affiliés de Lockbit 3.0 ont mené des attaques contre les organisations de tailles variables dans plusieurs secteurs d'infrastructures critiques, notamment l'éducation, l'énergie, les services financiers, l'alimentation et l'agriculture, les services gouvernementaux et d'urgence, les soins de santé, la fabrication et les transports.Les TTP observés pour les attaques de ransomwares de verrouillage peuvent varier considérablement dans les TTP observés.
Citrix Said, connu pour être exploité par les affiliés de Lockbit 3.0, permet aux acteurs de menace de contourner les exigences de mot de passe et d'authentification multifactorielle (MFA), conduisant à un détournement de session réussi des séances utilisateur légitimes sur les appareils de livraison d'application Web Citrix Netscaler (ADC) et les appareils de passerelle.Grâce à la prise de contrôle des séances d'utilisateurs légitimes, les acteurs malveillants acquièrent des autorisations élevées pour récolter les informations d'identification, se déplacer latéralement et accéder aux données et aux ressources.
#### URL de référence (s)
1. https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-325a
2. https://www.cisa.gov/news-events/analysis-reports/ar23-325a
#### Date de publication
21 novembre 2023
#### Auteurs)
Cisa
#### Description CISA, FBI, MS-ISAC, and Australian Signals Directorate\'s Australian Cyber Security Centre (ASD\'s ACSC) are releasing this CSA to disseminate IOCs, TTPs, and detection methods associated with LockBit 3.0 ransomware exploiting CVE-2023-4966, labeled Citrix Bleed, affecting Citrix NetScaler web application delivery control (ADC) and NetScaler Gateway appliances. This CSA provides TTPs and IOCs obtained from FBI, ACSC, and voluntarily shared by Boeing. Boeing observed LockBit 3.0 affiliates exploiting CVE-2023-4966, to obtain initial access to Boeing Distribution Inc., its parts and distribution business that maintains a separate environment. Other trusted third parties have observed similar activity impacting their organization. Historically, LockBit 3.0 affiliates have conducted attacks against organizations of varying sizes across multiple critical infrastructure sectors, including education, energy, financial services, food and agriculture, government and emergency services, healthcare, manufacturing, and transportation. Observed TTPs for LockBit ransomware attacks can vary significantly in observed TTPs. Citrix Bleed, known to be leveraged by LockBit 3.0 affiliates, allows threat actors to bypass password requirements and multifactor authentication (MFA), leading to successful session hijacking of legitimate user sessions on Citrix NetScaler web application delivery control (ADC) and Gateway appliances. Through the takeover of legitimate user sessions, malicious actors acquire elevated permissions to harvest credentials, move laterally, and access data and resources. #### Reference URL(s) 1. https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-325a 2. https://www.cisa.gov/news-events/analysis-reports/ar23-325a #### Publication Date November 21, 2023 #### Auth |
Ransomware Vulnerability Threat | ★★ | |
|
2023-11-22 16:44:00 | Scattered Spider Hops Nimbly From Cloud to On-Prem in Complex Attack (lien direct) | L'acteur derrière l'incident de MGM de haut niveau saute à travers les segmentations en moins d'une heure, dans une attaque de ransomware couvrant Okta, Citrix, Azure, SharePoint, etc.
The actor behind the high-profile MGM incident jumps across segmentations in under an hour, in a ransomware attack spanning Okta, Citrix, Azure, SharePoint, and more. |
Ransomware Cloud | ★★ | |
|
2023-11-22 16:44:00 | Spider Spider saute agilement du nuage à sur site dans une attaque complexe Scattered Spider Hops Nimbly From Cloud to On-Prem in Complex Attack (lien direct) |
L'acteur derrière l'incident de MGM de haut niveau saute à travers les segmentations en moins d'une heure, dans une attaque de ransomware couvrant Okta, Citrix, Azure, SharePoint, etc.
The actor behind the high-profile MGM incident jumps across segmentations in under an hour, in a ransomware attack spanning Okta, Citrix, Azure, SharePoint, and more. |
Ransomware Cloud | ★★ | |
 |
2023-11-22 16:41:22 | Sekoia: Dernier paysage cyber-menace du secteur financier Sekoia: Latest in the Financial Sector Cyber Threat Landscape (lien direct) |
Le phishing, les logiciels malveillants, les ransomwares, les attaques de chaîne d'approvisionnement, les violations de données et les attaques liées à la crypto figurent parmi les menaces les plus évolutives du secteur financier, explique Sekoia.
Phishing, infostealer malware, ransomware, supply chain attacks, data breaches and crypto-related attacks are among the top evolving threats in the financial sector, says Sekoia. |
Ransomware Malware Threat Studies | ★★★ | |
 |
2023-11-22 15:55:53 | Citrix Bleed : Boeing éclaire sur la faille qui lui a valu un ransomware (lien direct) | Attaqué par LockBit à travers la faille Citrix Bleed, Boeing a communiqué des IoC que relaient les ANSSI américaine et australienne. | Ransomware Vulnerability | ★★★ | |
|
2023-11-22 14:36:00 | L'Australie abandonne les plans pour interdire les paiements des ransomwares dans la nouvelle cyber-stratégie nationale Australia drops plans to ban ransomware payments in new national cyber strategy (lien direct) |
Le gouvernement de l'Australie a abandonné les plans visant à interdire aux entreprises de effectuer des paiements de ransomwares dans le cadre de sa refonte National Cybersecurity Strategy publié mercredi, choisissant plutôt d'introduire une obligation de rapport obligatoire.La stratégie - publiée près d'un an après l'idée de criminaliser les paiements était vantée par Clare o \\ 'neil , le ministre des Affaires intérieures et de la cybersécurité
Australia\'s government dropped plans to ban businesses from making ransomware payments as part of its revamped national cybersecurity strategy released on Wednesday, opting instead to introduce a mandatory reporting obligation. The strategy - published almost a year after the idea of criminalizing payments was touted by Clare O\'Neil, the minister for home affairs and cybersecurity |
Ransomware | ★★ | |
|
2023-11-22 11:39:27 | Les responsables du Kansas blâment la perturbation de 5 semaines du système judiciaire sur \\ 'Cyberattack étranger sophistiqué \\' Kansas Officials Blame 5-Week Disruption of Court System on \\'Sophisticated Foreign Cyberattack\\' (lien direct) |
> Les cybercriminels ont piraté le système de la cour du Kansas, ont volé des données sensibles et ont menacé de la publier sur le Web sombre dans une attaque de ransomware qui a entravé l'accès aux enregistrements.
>Cybercriminals hacked into the Kansas court system, stole sensitive data and threatened to post it on the dark web in a ransomware attack that has hobbled access to records. |
Ransomware | ★★★ | |
|
2023-11-22 10:19:00 | Ransomware de verrouillage exploitant la vulnérabilité critique de saignement Citrix à rompre LockBit Ransomware Exploiting Critical Citrix Bleed Vulnerability to Break In (lien direct) |
Les acteurs de la menace multiple, y compris les affiliés des ransomwares de lockbit, exploitent activement un défaut de sécurité critique récemment divulgué dans Citrix NetScaler Application Control (ADC) et les appareils Gateway pour obtenir un accès initial aux environnements cibles.
L'avis conjoint provient de l'Agence américaine de sécurité de la cybersécurité et de l'infrastructure (CISA), Federal Bureau of Investigation (FBI),
Multiple threat actors, including LockBit ransomware affiliates, are actively exploiting a recently disclosed critical security flaw in Citrix NetScaler application delivery control (ADC) and Gateway appliances to obtain initial access to target environments. The joint advisory comes from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), |
Ransomware Vulnerability Threat | ★★ | |
|
2023-11-21 22:10:00 | Citrix Said Bug inflige des blessures de montage, avertit CISA Citrix Bleed Bug Inflicts Mounting Wounds, CISA Warns (lien direct) |
Patch ou isolat maintenant: les organisations de chaque secteur courent le risque d'hémorragie des données à mesure que les attaques opportunistes des ransomwares de verrouillage et d'autres se développent.
Patch or isolate now: Organizations in every sector run the risk of hemorrhaging data as opportunistic attacks from LockBit ransomware and others grow. |
Ransomware | ★★ | |
|
2023-11-21 22:05:59 | Les groupes de ransomwares accumulent les victimes des entreprises américaines Ransomware groups rack up victims among corporate America (lien direct) |
> Une nouvelle génération de cybercriminels a violé une série de grandes entreprises, même celles qui ont fait des investissements importants dans la sécurité.
>A new generation of cybercriminals have breached a slew of major firms, even those that have made major investments in security. |
Ransomware | ★★ | |
 |
2023-11-21 21:25:14 | 73% des organisations touchées par des attaques de ransomwares à l'échelle mondiale en 2023, selon Statista 73% of Organizations Affected by Ransomware Attacks Globally in 2023, According to Statista (lien direct) |
Ransomware Studies | ★★★ | ||
|
2023-11-21 19:26:00 | Jouez au ransomware va commercial - maintenant offert en tant que service aux cybercriminels Play Ransomware Goes Commercial - Now Offered as a Service to Cybercriminals (lien direct) |
La souche des ransomwares connue sous le nom de Play est désormais offerte à d'autres acteurs de menace "en tant que service", a révélé de nouvelles preuves découvertes par Adlumin.
"Le manque inhabituel de petites variations entre les attaques suggère qu'ils sont effectués par des affiliés qui ont acheté les ransomwares en tant que service (RAAS) et suivent les instructions étape par étape des livres de jeu avec lui", les "la
The ransomware strain known as Play is now being offered to other threat actors "as a service," new evidence unearthed by Adlumin has revealed. "The unusual lack of even small variations between attacks suggests that they are being carried out by affiliates who have purchased the ransomware-as-a-service (RaaS) and are following step-by-step instructions from playbooks delivered with it," the |
Ransomware Threat Commercial | ★★★ | |
 |
2023-11-21 13:15:00 | Résultats de l'étude comparative sur les attaques de ransomware Linux et Windows, explorant les tendances notables et la montée des attaques sur les systèmes Linux Comparative Study Results on Linux and Windows Ransomware Attacks, Exploring Notable Trends and Surge in Attacks on Linux Systems (lien direct) |
> Fait saillie: & # 160;Évolution du paysage: Check Point Research (RCR) dévoile une étude complète explorant la surtension des attaques de ransomwares contre les systèmes Linux, faisant des comparaisons avec leurs homologues Windows.Tendance de simplification: L'analyse de la RCR en RCR révèle une tendance notable vers la simplification parmi les familles de ransomwares ciblant les linux.Les fonctionnalités de base réduites aux processus de cryptage de base, rendant ces menaces insaisissables et difficiles à détecter les informations de chiffrement: un examen comparatif des techniques de chiffrement entre Windows et Linux expose une préférence pour les algorithmes Chacha20 / RSA et AES / RSA dans les ransomwares de Linux.& # 160;Dans une étude récente menée par Check Point Research (RCR), un examen approfondi des attaques de ransomwares contre Linux et Windows [& # 8230;]
>Highlights: Evolving Landscape: Check Point Research (CPR) unveils a comprehensive study exploring the surge in ransomware attacks on Linux systems, drawing comparisons to their Windows counterparts. Simplification Trend: CPR’s analysis reveals a notable trend towards simplification among Linux-targeting ransomware families. Core functionalities reduced to basic encryption processes, making these threats elusive and challenging to detect Encryption Insights: A comparative examination of encryption techniques between Windows and Linux exposes a preference for ChaCha20/RSA and AES/RSA algorithms in Linux ransomware. In a recent study conducted by Check Point Research (CPR), an in-depth examination of ransomware attacks on Linux and Windows […] |
Ransomware Studies Prediction Technical | ★★★★ | |
|
2023-11-21 13:12:07 | La plate-forme est importante: une étude comparative sur les attaques de ransomware Linux et Windows The Platform Matters: A Comparative Study on Linux and Windows Ransomware Attacks (lien direct) |
> Recherche de: Marc Salinas Fernandez Points clés Points Introduction Au cours des derniers mois, nous avons mené une étude de certaines des principales familles de ransomwares (12 au total) qui ont soit développé directement des ransomwares pour les systèmes Linux ou ont été développés en langues avec une solide croixComposant de plate-forme, comme Golang ou Rust, leur permettant ainsi d'être [& # 8230;]
>Research by: Marc Salinas Fernandez Key Points Introduction During the last few months, we conducted a study of some of the top ransomware families (12 in total) that either directly developed ransomware for Linux systems or were developed in languages with a strong cross-platform component, such as Golang or Rust, thereby allowing them to be […] |
Ransomware Studies | ★★★ | |
|
2023-11-21 12:48:02 | Bibliothèque britannique: les données des employés ont fui dans la cyberattaque British Library: Employee data leaked in cyber attack (lien direct) |
Un groupe de cybercriminels a affirmé qu'ils étaient à l'origine de l'attaque des ransomwares et ont mis aux enchères les données.
A group of cyber criminals have claimed they are behind the ransomware attack and are auctioning off the data. |
Ransomware | ★★ | |
|
2023-11-21 11:00:00 | 7 Questions incontournables pour les leaders sur la culture de la sécurité 7 must-ask questions for leaders on security culture (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. It\'s not uncommon in today\'s corporate world to see a creative marketer launching catchy security awareness campaigns, steering the entire company towards robust online safety practices. Elsewhere, job reviews increasingly assess how well employees are performing on the cybersecurity front. The shift in focus is clear. Organizations have come to understand that sophisticated tech tools aren\'t the ultimate solution. People are the weak spot. In fact, researchers from Stanford University revealed that roughly 88% of data breaches are caused by employee mistakes. Not to mention that we\'ve observed a surging trend of attacks that sidestep technology and instead, zero in on people. The strategy is proving effective. Prominent ransomware incidents, such as those affecting Colonial Pipeline, JBS Foods, and Kaseya, have dominated headlines. As our tech-driven defenses become more advanced, malicious actors are adapting, always looking for the easiest entry point. Seeking efficiency and reduced effort, these cyberattackers often find employees to be the most appealing targets. So, training everyone to have better awareness about cybersecurity isn\'t just a good idea; it\'s a must. Based on all this, we\'ve got some recommendations for what leaders need to know and smart questions they should keep in mind for their next big meeting. Five things leaders need to know about cybersecurity culture Understanding security culture The ambiguity surrounding the term "security culture" often stems from a foundational problem: its frequent usage without a clear definition. This lack of clarity paves the way for varied interpretations and assumptions. With this work, we aim to bring clarity to the concept. Security culture is described as the beliefs, traditions, and collective behaviors of a group that shape its security posture. Why does security culture matter? Sometimes, employees adopt poor security habits, either independently or due to a lack of proper guidance from the organization. Addressing these habits can be challenging. However, establishing a robust security culture can change their behaviors, enabling an organization to safeguard its reputation, brand, and financial well-being. What does a good security culture look like? Suppose an employee, Alex, receives an email from a bank filled with typos and featuring a suspicious link. At a workplace lacking a security culture, Alex thinks, "This is odd. I\'ll set it aside for now." However, in a company with a solid security culture, Alex’s immediate reaction is, "This could be dangerous. I need to inform IT." Such a prompt action gives the tech team an early warning, allowing them to act before more damage occurs. It isn\'t about turning every employee into a cybersecurity specialist; it\'s about ensuring each individual acts responsibly, embodying the qualities of a "security champion." Prioritizing values, attitudes, and beliefs over rules and policies Cyber threats often catch organizations off-guard because a significant portion of their workforce isn\'t adequately informed or prepared for these risks. Leaders hope for their teams to act responsibly, like locking an unattended computer or reporting suspicious emails. However, just organizing train | Ransomware Tool Prediction | ★★★ | |
|
2023-11-21 08:35:02 | Prévenir les attaques de fatigue du MFA: sauvegarder votre organisation Preventing MFA Fatigue Attacks: Safeguarding Your Organization (lien direct) |
Gaining access to critical systems and stealing sensitive data are top objectives for most cybercriminals. Social engineering and phishing are powerful tools to help them achieve both. That\'s why multifactor authentication (MFA) has become such an important security measure for businesses and users. Without MFA as part of the user authentication process, it is much less challenging for an attacker with stolen credentials to authenticate a user\'s account. The primary goal of MFA is to reduce the risk of unauthorized access, especially in situations where passwords alone may not provide enough protection. Even if an attacker steals a user\'s password, with MFA they still need the second factor (and maybe others) to gain access to an account. Examples of MFA factors include biometrics, like fingerprints, and signals from user devices, like GPS location. MFA isn\'t a perfect solution, though-it can be bypassed. Adversaries are relentless in their efforts to undermine any security defenses standing in the way of their success. (The evolution of phish kits for stealing MFA tokens is evidence of that.) But sometimes, attackers will choose to take an in-your-face approach that is not very creative or technical. MFA fatigue attacks fall into that category. What are MFA fatigue attacks-and how do they work? MFA fatigue attacks, also known as MFA bombing or MFA spamming, are a form of social engineering. They are designed to wear down a user\'s patience so that they will accept an MFA request out of frustration or annoyance-and thus enable an attacker to access their account or device. Many people encounter MFA requests daily, or even multiple times per day, as they sign-in to various apps, sites, systems and platforms. Receiving MFA requests via email, phone or other devices as part of that process is a routine occurrence. So, it is logical for a user to assume that if they receive a push notification from an account that they know requires MFA, it is a legitimate request. And if they are very busy at the time that they receive several push notifications in quick succession to authenticate an account, they may be even more inclined to accept a request without scrutinizing it. Here\'s an overview of how an MFA attack works: A malicious actor obtains the username and password of their target. They can achieve this in various ways, from password-cracking tactics like brute-force attacks to targeted phishing attacks to purchasing stolen credentials on the dark web. The attacker then starts to send MFA notifications to the user continuously, usually via automation, until that individual feels overwhelmed and approves the login attempt just to make the requests stop. (Usually, the push notifications from MFA solutions require the user to simply click a “yes” button to authenticate from the registered device or email account.) Once the attacker has unauthorized access to the account, they can steal sensitive data, install malware and do other mischief, including impersonating the user they have compromised-taking their actions as far as they can or want to go. 3 examples of successful MFA fatigue attacks To help your users understand the risk of these attacks, you may want to include some real-world examples in your security awareness program on this topic. Here are three notable incidents, which are all associated with the same threat actor: Uber. In September 2022, Uber reported that an attacker affiliated with the threat actor group Lapsus$ had compromised a contractor\'s account. The attacker may have purchased corporate account credentials on the dark web, Uber said in a security update. The contractor received several MFA notifications as the attacker tried to access the account-and eventually accepted one. After the attacker logged in to the account, they proceeded to access other accounts, achieving privilege escalation. One action the attacker took was to reconfigure Uber\'s OpenDNS to display a graphic image on some of the company\'s internal sites. Cisco. Cisco suffer | Ransomware Data Breach Malware Tool Threat Technical | Uber | ★★★ |
 |
2023-11-21 04:30:00 | Des documents internes divulgués alors que Rhysida revendique la responsabilité de l'attaque des ransomwares de la bibliothèque britannique Internal documents leaked as Rhysida claims responsibility for British Library ransomware attack (lien direct) |
Gaining access to critical systems and stealing sensitive data are top objectives for most cybercriminals. Social engineering and phishing are powerful tools to help them achieve both. That\'s why multifactor authentication (MFA) has become such an important security measure for businesses and users. Without MFA as part of the user authentication process, it is much less challenging for an attacker with stolen credentials to authenticate a user\'s account. The primary goal of MFA is to reduce the risk of unauthorized access, especially in situations where passwords alone may not provide enough protection. Even if an attacker steals a user\'s password, with MFA they still need the second factor (and maybe others) to gain access to an account. Examples of MFA factors include biometrics, like fingerprints, and signals from user devices, like GPS location. MFA isn\'t a perfect solution, though-it can be bypassed. Adversaries are relentless in their efforts to undermine any security defenses standing in the way of their success. (The evolution of phish kits for stealing MFA tokens is evidence of that.) But sometimes, attackers will choose to take an in-your-face approach that is not very creative or technical. MFA fatigue attacks fall into that category. What are MFA fatigue attacks-and how do they work? MFA fatigue attacks, also known as MFA bombing or MFA spamming, are a form of social engineering. They are designed to wear down a user\'s patience so that they will accept an MFA request out of frustration or annoyance-and thus enable an attacker to access their account or device. Many people encounter MFA requests daily, or even multiple times per day, as they sign-in to various apps, sites, systems and platforms. Receiving MFA requests via email, phone or other devices as part of that process is a routine occurrence. So, it is logical for a user to assume that if they receive a push notification from an account that they know requires MFA, it is a legitimate request. And if they are very busy at the time that they receive several push notifications in quick succession to authenticate an account, they may be even more inclined to accept a request without scrutinizing it. Here\'s an overview of how an MFA attack works: A malicious actor obtains the username and password of their target. They can achieve this in various ways, from password-cracking tactics like brute-force attacks to targeted phishing attacks to purchasing stolen credentials on the dark web. The attacker then starts to send MFA notifications to the user continuously, usually via automation, until that individual feels overwhelmed and approves the login attempt just to make the requests stop. (Usually, the push notifications from MFA solutions require the user to simply click a “yes” button to authenticate from the registered device or email account.) Once the attacker has unauthorized access to the account, they can steal sensitive data, install malware and do other mischief, including impersonating the user they have compromised-taking their actions as far as they can or want to go. 3 examples of successful MFA fatigue attacks To help your users understand the risk of these attacks, you may want to include some real-world examples in your security awareness program on this topic. Here are three notable incidents, which are all associated with the same threat actor: Uber. In September 2022, Uber reported that an attacker affiliated with the threat actor group Lapsus$ had compromised a contractor\'s account. The attacker may have purchased corporate account credentials on the dark web, Uber said in a security update. The contractor received several MFA notifications as the attacker tried to access the account-and eventually accepted one. After the attacker logged in to the account, they proceeded to access other accounts, achieving privilege escalation. One action the attacker took was to reconfigure Uber\'s OpenDNS to display a graphic image on some of the company\'s internal sites. Cisco. Cisco suffer | Ransomware | ★★★ | |
|
2023-11-20 21:00:00 | Informations personnelles des forces armées canadiennes, la GRC a volé en cyberattaque Personal info of Canadian Armed Forces, RCMP stolen in cyberattack (lien direct) |
Les données de certains employés du gouvernement canadien - y compris les membres actuels et anciens des forces armées canadiennes et du personnel de police monté royal canadien - ont été divulguées lors d'une cyberattaque sur les systèmes d'un entrepreneur gouvernemental utilisé pour les services de relocalisation.En octobre, le Gang de ransomware Lockbit a affirmé qu'il avait attaqué Sirva , une entreprise mondiale qui
The data of some Canadian government employees - including current and former members of the Canadian Armed Forces and Royal Canadian Mounted Police personnel - was leaked during a cyberattack on the systems of a government contractor used for relocation services. In October, the LockBit ransomware gang claimed it attacked SIRVA, a global company that |
Ransomware | ★★★ | |
|
2023-11-20 20:25:28 | Une plongée profonde dans le ransomware de Phobos, récemment déployé par le groupe 8Base A Deep Dive into Phobos Ransomware, Recently Deployed by 8Base Group (lien direct) |
#### Description
Cisco Talos a récemment observé une augmentation de l'activité menée par 8Base, un groupe de ransomwares qui utilise une variante des ransomwares Phobos et d'autres outils accessibles au public pour faciliter leurs opérations.
La plupart des variantes Phobos du groupe \\ sont distribuées par SmokeLoader, un cheval de Troie de porte dérobée.Ce chargeur de marchandises baisse ou télécharge généralement des charges utiles supplémentaires lors du déploiement.Dans les campagnes 8Base, cependant, il a le composant Ransomware intégré à ses charges utiles cryptées, qui est ensuite déchiffrée et chargée dans la mémoire du processus smokeloader \\ '.
####URL de référence (s)
1. https://blog.talosintelligence.com/deep-dive-into-phobos-ransomware/
2. https://blog.talosintelligence.com/Understanding-the-phobos-affiliate-structure/
#### Date de publication
17 novembre 2023
#### Auteurs)
Guilherme Veree
#### Description Cisco Talos has recently observed an increase in activity conducted by 8Base, a ransomware group that uses a variant of the Phobos ransomware and other publicly available tools to facilitate their operations. Most of the group\'s Phobos variants are distributed by SmokeLoader, a backdoor trojan. This commodity loader typically drops or downloads additional payloads when deployed. In 8Base campaigns, however, it has the ransomware component embedded in its encrypted payloads, which is then decrypted and loaded into the SmokeLoader process\' memory. #### Reference URL(s) 1. https://blog.talosintelligence.com/deep-dive-into-phobos-ransomware/ 2. https://blog.talosintelligence.com/understanding-the-phobos-affiliate-structure/ #### Publication Date November 17, 2023 #### Author(s) Guilherme Venere |
Ransomware Tool | ★★★ |
To see everything:
Our RSS (filtrered)
