What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-02-23 14:00:06 | How to Fast-Track Your PAM Deployment for Rapid Risk Reduction (lien direct) | Maybe your security team is facing an upcoming audit. Maybe you've failed one and need to address the audit findings. Or maybe you're working to improve cyber readiness in the face of ransomware and other... | Ransomware | ★★★★ | |
 |
2022-02-23 13:29:31 | Microsoft, Apple and Google top the list of the most spoofed brands in 2021 (lien direct) | IBM's 2022 X-Force Threat Intelligence Index also revealed that ransomware was again the top attack type last year and that manufacturing supply chains were most vulnerable to exploitation. | Ransomware Threat | ||
 |
2022-02-23 11:36:18 | LockBit, Conti ransomware targets industrial sector (lien direct) | A new report from Dragos suggests that the industrial sector has become a common target for both financially motivated and state sponsored attacks. Ransomware groups known as LockBit and Conti have been most active in targeting organisations with and Industrial Control System (ICS)/Operational Technology (OT) environment in 2021. Researchers noted that the manufacturing vertical was […] | Ransomware | ★★★★ | |
 |
2022-02-23 09:00:00 | Backups \'no longer effective\' for stopping ransomware attacks (lien direct) | Pas de details / No more details | Ransomware | ||
 |
2022-02-23 08:56:52 | Cyberattaques : 81% des entreprises françaises infectées par ransomware (lien direct) | Le rapport 2022 de Proofpoint sur l’état du phishing révèle que les attaques par mail ont dominé le paysage des menaces en 2021 ; une formation personnalisée de sensibilisation à la sécurité reste essentielle pour protéger les environnements de travail hybrides. 83 % des personnes interrogées ont déclaré que leur entreprise avait subi au moins […] The post Cyberattaques : 81% des entreprises françaises infectées par ransomware first appeared on UnderNews. | Ransomware | ||
 |
2022-02-23 06:30:00 | Ransomware Resilience Tops Findings in X-Force Threat Intelligence Index 2022 (lien direct) | For the third year in a row, ransomware was the top attack type globally in 2021, despite some successes last year by law enforcement to take down ransomware groups. This was among the top findings of IBM Security’s latest research published in the tenth annual X-Force Threat Intelligence Index, a comprehensive overview of the global […] | Ransomware Threat | ||
 |
2022-02-23 05:36:44 | Access Brokers: Who Are the Targets, and What Are They Worth? (lien direct) | Access brokers have become a key component of the eCrime threat landscape, selling access to threat actors and facilitating myriad criminal activities. Many have established relationships with big game hunting (BGH) ransomware operators and affiliates of prolific ransomware-as-a-Service (RaaS) programs. The CrowdStrike Intelligence team analyzed the multitude of access brokersâ advertisements posted since 2019 and […] | Ransomware Threat | ||
 |
2022-02-23 05:01:46 | Dridex Malware Deploying Entropy Ransomware on Hacked Computers (lien direct) | Similarities have been unearthed between the Dridex general-purpose malware and a little-known ransomware strain called Entropy, suggesting that the operators are continuing to rebrand their extortion operations under a different name. "The similarities are in the software packer used to conceal the ransomware code, in the malware subroutines designed to find and obfuscate commands (API calls), | Ransomware Malware | ||
 |
2022-02-23 00:00:00 | FortiGuard Labs Reports Ransomware Relentless and More Destructive (lien direct) | FortiGuard Labs' latest Global Threat Landscape Report reveals the increased sophistication, speed, and diversity of cyber attack techniques and the importance of strengthening the entire cyber kill chain.
|
Ransomware Threat | ||
 |
2022-02-22 14:00:45 | Three Questions to Ask about Ransomware Preparedness (lien direct) |
Ransomware operations, or RansomOps™, have evolved dramatically over the last few years, growing from a small subset of mostly nuisance attacks to a mature business model specialization and an increasing pace of innovation and technical sophistication. |
Ransomware | ||
|
2022-02-22 13:56:36 | Malicious Life Podcast: Why Do APTs Use Ransomware? (lien direct) |
Complex cybercrime attacks are increasingly showing more overlap with nation-state sponsored attacks, with some cybercriminal groups adopting more sophisticated TTPs and attack progressions, and some APTs adopting ransomware payloads to distract, disrupt and destroy targeted systems. |
Ransomware | ||
 |
2022-02-22 13:04:49 | Webinar Today: Highly Evasive Adaptive Threats (HEAT) (lien direct) | 
|
Ransomware | ||
 |
2022-02-22 11:08:33 | Nearly 80% of organizations saw an email-based ransomware attack in 2021 (lien direct) | Pas de details / No more details | Ransomware | ||
|
2022-02-22 10:56:36 | 22 very bad stats on the growth of phishing, ransomware (lien direct) | Pas de details / No more details | Ransomware | ||
 |
2022-02-21 18:53:28 | GUEST ESSAY: 6 steps any healthcare organization can take to help mitigate inevitable cyber attacks (lien direct) | The headlines are disturbing: Breach of patient records; Surgeries and appointments cancelled due to IT outage; and even, Death attributed to ransomware attack on hospital. Related: High-profile healthcare hacks in 2021 The risks are real, and the … (more…) | Ransomware | ||
|
2022-02-21 17:54:14 | Researchers Devise Method to Decrypt Hive Ransomware-Encrypted Data (lien direct) | A group of academic researchers has found a way to exploit a security flaw in the encryption algorithm used by the Hive ransomware to recover hijacked and encrypted data. | Ransomware | ||
|
2022-02-21 12:37:59 | Conti Ransomware \'Acquires\' TrickBot as It Thrives Amid Crackdowns (lien direct) | Experts at threat intelligence and ransomware disruption company AdvIntel believe the notorious TrickBot malware has reached its limits, but its development team appears to have been “acquired” by the Conti ransomware gang, which has been thriving amid recent crackdowns. | Ransomware Malware Threat | ||
 |
2022-02-21 08:16:50 | A flaw in the encryption algorithm of Hive Ransomware allows retrieving encrypted files (lien direct) | Researchers discovered a flaw in the encryption algorithm used by Hive ransomware that allowed them to decrypt data. Researchers discovered a flaw in the encryption algorithm used by Hive ransomware that allowed them to decrypt data without knowing the private key used by the gang to encrypt files. The Hive ransomware operation has been active […] | Ransomware | ||
|
2022-02-20 09:52:00 | Trickbot operation is now controlled by Conti ransomware (lien direct) | The Conti ransomware group takes over TrickBot malware operation and plans to replace it with BazarBackdoor malware. TrickBot operation has arrived at the end of the journey, according to AdvIntel some of its top members move under the Conti ransomware gang, which is planning to replace the popular banking Trojan with the stealthier BazarBackdoor. TrickBot is […] | Ransomware Malware | ||
|
2022-02-19 22:12:01 | Master Key for Hive Ransomware Retrieved Using a Flaw in its Encryption Algorithm (lien direct) | Researchers have detailed what they call the "first successful attempt" at decrypting data infected with Hive ransomware without relying on the private key used to lock access to the content. "We were able to recover the master key for generating the file encryption key without the attacker's private key, by using a cryptographic vulnerability identified through analysis," a group of academics | Ransomware Vulnerability | ||
|
2022-02-18 20:13:33 | Shields Up: Is Your Ransomware Protection What It Should Be? (lien direct) |
The recent 'Shields Up' initiative from the Cybersecurity and Infrastructure Security Agency (CISA), an effort to warn businesses and critical infrastructure operators to prepare for cyberattacks coinciding with the imminent Russian invasion of Ukraine, may have one critical weak spot: ransomware protection. |
Ransomware | ||
|
2022-02-18 15:21:14 | Iran-linked TunnelVision APT is actively exploiting the Log4j vulnerability (lien direct) | Iran-linked TunnelVision APT group is actively exploiting the Log4j vulnerability to deploy ransomware on unpatched VMware Horizon servers. Researchers from SentinelOne have observed the potentially destructive Iran-linked APT group TunnelVision is actively exploiting the Log4j vulnerability to deploy ransomware on unpatched VMware Horizon servers. TunnelVision’s TTPs overlap with the ones associated with Iran-linked nation-state actors Phosphorus, Charming Kitten […] | Ransomware Vulnerability Conference | APT 35 | |
|
2022-02-17 23:40:44 | Iranian Hackers Targeting VMware Horizon Log4j Flaws to Deploy Ransomware (lien direct) | A "potentially destructive actor" aligned with the government of Iran is actively exploiting the well-known Log4j vulnerability to infect unpatched VMware Horizon servers with ransomware. Cybersecurity firm SentinelOne dubbed the group "TunnelVision" owing to their heavy reliance on tunneling tools, with overlaps in tactics observed to that of a broader group tracked under the moniker Phosphorus | Ransomware Conference | APT 35 | |
 |
2022-02-17 17:30:00 | Fertility Clinic Hit with Ransomware (lien direct) | Ransomware attack on NYC fertility clinic leads to breach of patients' personal data | Ransomware Guideline | ||
|
2022-02-17 17:00:00 | Phishing Top Threat to US Healthcare (lien direct) | Phishing and ransomware attacks most significant security incidents for US healthcare organizations | Ransomware Threat | ||
|
2022-02-17 15:34:56 | Are You Prepared for 2022\'s More Destructive Ransomware? (lien direct) | We're barely into 2022, and already we're seeing ransomware proliferate. What we saw last year is that while most attacks continue to exploit known vulnerabilities, cybercriminals have also redoubled efforts to target new ones – such as what we saw with Hafnium and new Microsoft Exchange vulnerabilities. | Ransomware | ||
 |
2022-02-17 15:08:55 | Conti Ransomware Attacks Reap in $180 Million in 2021 as Average Ransomware Payments Rise by 34% (lien direct) |
New analysis of ransomware attacks shows growth in the number of active strains, ransoms collected, and use of third-party services all adding up to a more organized and profitable industry. |
Ransomware | ||
 |
2022-02-17 13:26:44 | Expert Commentary On BlackCat Ransomware Claims Ownership Of Swissport Attack (lien direct) | Last week, Swissport was hit by a ransomware attack that caused flight delays and service disruption. BlackCat ransomware has now claimed they were behind the attack and stole data containing images of passports, internal business memos and personal information of job candidates. Dubbed the “most sophisticated” ransomware group of 2021, BlackCat ransomware has already become […] | Ransomware | ||
|
2022-02-17 12:47:33 | Breaking Comments On Red Cross Cyber Attack (lien direct) | It’s been confirmed the Red Cross cyber attack was the work of nation-state actors. SonicWall’s latest report, released today, confirms this is not a standalone development, revealing a +1885% and +755% of ransomware attacks on the global government and healthcare sectors respectively. | Ransomware | ||
|
2022-02-17 10:02:00 | Over 620 Million Ransomware Attacks Detected in 2021 (lien direct) | Attacks on government targets soar almost 1900% | Ransomware | ||
|
2022-02-17 08:00:00 | Webinar March10th 2022: Live Attack Simulation - XDR vs. No-Macro RansomOps (lien direct) |
Throughout history, sometimes truth ends up being even stranger than fiction. Today's parade of multi-million dollar ransomware payout headlines is no exception: cybercriminals and ransomware gangs are outgunning prevention tech and response strategies. Attackers are operationalizing exploits at a record rate, targeting more organizations and are operating to reduce dwell time. |
Ransomware | ||
|
2022-02-16 22:22:46 | Defend Against Ransomware and Malware with Falcon Fusion and Falcon Real Time Response (lien direct) | Adversaries are moving beyond malware and becoming more sophisticated in their attacks by using legitimate credentials and built-in tools to evade detection by traditional antivirus products. According to the CrowdStrike 2022 Global Threat Report, 62% of detections indexed by the CrowdStrike Security Cloud in Q4 2021 were malware-free. Adversaries are also likely to significantly increase […] | Ransomware Malware Threat | ||
 |
2022-02-16 13:00:02 | How the initial access broker market leads to ransomware attacks (lien direct) | Researchers explore the attack methods of LockBit, Avaddon, Darkside, Conti, and BlackByte ransomware groups. | Ransomware | ||
|
2022-02-16 07:43:00 | BlackCat ransomware gang claims responsibility for Swissport attack (lien direct) | Pas de details / No more details | Ransomware | ||
|
2022-02-16 02:19:52 | Backup Plays Key Role in Ransomware Response, But Not a Complete Solution (lien direct) | Ransomware attacks have increased in volume, sophistication and ransom demanded consistently over the last few years. According to published records, the education and retail industries are the most targeted. | Ransomware | ||
|
2022-02-16 00:00:00 | Q&A: Ransomware Settlements and Cyber Insurance (lien direct) | FortiGuard Labs' Derek Manky and Jim Richberg, Fortinet Field CISO for the Public Sector, offer their perspectives on ransomware trends, cyber insurance and settlements, and how organizations can better defend against attacks. Learn more.
|
Ransomware | ||
 |
2022-02-15 20:01:00 | Anomali Cyber Watch: Mobile Malware Is On The Rise, APT Groups Are Working Together, Ransomware For The Individual, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: Mobile Malware, APTs, Ransomware, Infostealers, and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
What’s With The Shared VBA Code Between Transparent Tribe And Other Threat Actors?
(published: February 9, 2022)
A recent discovery has been made that links malicious VBA macro code between multiple groups, namely: Transparent Tribe, Donot Team, SideCopy, Operation Hangover, and SideWinder. These groups operate (or operated) out of South Asia and use a variety of techniques with phishing emails and maldocs to target government and military entities within India and Pakistan. The code is similar enough that it suggests cooperation between APT groups, despite having completely different goals/targets.
Analyst Comment: This research shows that APT groups are sharing TTPs to assist each other, regardless of motive or target. Files that request content be enabled to properly view the document are often signs of a phishing attack. If such a file is sent to you via a known and trusted sender, that individual should be contacted to verify the authenticity of the attachment prior to opening. Thus, any such file attachment sent by unknown senders should be viewed with the utmost scrutiny, and the attachments should be avoided and properly reported to appropriate personnel.
MITRE ATT&CK: [MITRE ATT&CK] Command and Scripting Interpreter - T1059 | [MITRE ATT&CK] Phishing - T1566
Tags: Transparent Tribe, Donot, SideWinder, Asia, Military, Government
Fake Windows 11 Upgrade Installers Infect You With RedLine Malware
(published: February 9, 2022)
Due to the recent announcement of Windows 11 upgrade availability, an unknown threat actor has registered a domain to trick users into downloading an installer that contains RedLine malware. The site, "windows-upgraded[.]com", is a direct copy of a legitimate Microsoft upgrade portal. Clicking the 'Upgrade Now' button downloads a 734MB ZIP file which contains an excess of dead code; more than likely this is to increase the filesize for bypassing any antivirus scan. RedLine is a well-known infostealer, capable of taking screenshots, using C2 communications, keylogging and more.
Analyst Comment: Any official Windows update or installation files will be downloaded through the operating system directly. If offline updates are necessary, only go through Microsoft sites and subdomains. Never update Windows from a third-party site due to this type of attack.
MITRE ATT&CK: [MITRE ATT&CK] Video Capture - T1125 | [MITRE ATT&CK] Input Capture - T1056 | [MITRE ATT&CK] Exfiltration Over C2 Channel - T1041
Tags: RedLine, Windows 11, Infostealer
|
Ransomware Malware Tool Vulnerability Threat Guideline | Uber APT 43 APT 36 APT-C-17 | |
|
2022-02-15 19:25:03 | Swissport Investigating Ransomware Group\'s Data Leak Claims (lien direct) | A ransomware group has taken credit for the recent attack targeting aviation services company Swissport, and the cybercriminals claim to have stolen more than one terabyte of data. | Ransomware | ||
|
2022-02-15 16:32:33 | BlackCat gang claimed responsibility for Swissport ransomware attack (lien direct) | The BlackCat ransomware group (aka ALPHV), claimed responsibility for the attack on Swissport that interfered with its operations. The BlackCat ransomware group (aka ALPHV), has claimed responsibility for the cyberattack on Swissport that impacted its operations, causing flight delays. Swissport International Ltd. is an aviation services company providing airport ground,lounge hospitality and cargo handling services owned by an international group of investors. […] | Ransomware | ||
 |
2022-02-15 15:00:00 | La nouvelle offre de validation de la sécurité mandiante avantage aide les organisations à répondre avec confiance à la question: sommes-nous en mesure d'empêcher une attaque de ransomware? New Mandiant Advantage Security Validation Offering Helps Organizations Confidently Answer the Question: Are We Able to Prevent a Ransomware Attack? (lien direct) |
Les titres quotidiens disent que la fréquence et la prolifération des ransomwares accélèrent.Non seulement les intervenants incidents de Mandiant ont vu des attaques de ransomwares augmenter considérablement ces dernières années, mais les rançons eux-mêmes sont passés de 416 millions de dollars pour tous les 2020 à 590 millions de dollars pour les six premiers mois de 2021, selon le U.S.Trésor .Les organisations, grandes et petites, reconnaissent que sans les bons outils en place, ils pourraient être la prochaine victime.
Les acteurs de la menace continuent d'augmenter leur jeu avec des attaques de plus en plus agressives et sophistiquées, passant des ransomwares standard
Daily headlines say it all-the frequency and proliferation of ransomware is accelerating. Not only have Mandiant\'s incident responders seen ransomware attacks increase dramatically in recent years, ransoms themselves have increased from $416 million for all of 2020 to $590 million for the first six months of 2021, according to the U.S. Treasury. Organizations, large and small, recognize that without the right tools in place they could be the next victim. Threat actors continue to up their game with increasingly aggressive and sophisticated attacks, shifting from standard ransomware |
Ransomware Tool | ★★★ | |
|
2022-02-15 14:24:51 | CyberheistNews Vol 12 #07 [Heads Up] FBI Warns Against New Criminal QR Code Scams (lien direct) |
[Heads Up] FBI Warns Against New Criminal QR Code Scams
Email not displaying? |
CyberheistNews Vol 12 #07 | Feb. 15th., 2022
[Heads Up] FBI Warns Against New Criminal QR Code Scams
QR codes have been around for many years. While they were adopted for certain niche uses, they never did quite reach their full potential. They are a bit like Rick Astley in that regard, really popular for one song, but well after the boat had sailed. Do not get me wrong, Rick Astley achieved a lot. In recent years, he has become immortalized as a meme and Rick roller, but he could have been so much more.
However, in recent years, with lockdown and the drive to keep things at arms length, QR codes have become an efficient way to facilitate contactless communications, or the transfer of offers without physically handing over a coupon. As this has grown in popularity, more people have become familiar with how to generate their own QR codes and how to use them as virtual business cards, discount codes, links to videos and all sorts of other things.
QRime Codes
As with most things, once they begin to gain a bit of popularity, criminals move in to see how they can manipulate the situation to their advantage. Recently, we have seen fake QR codes stuck to parking meters enticing unwitting drivers to scan the code, and hand over their payment details believing they were paying for parking, whereas they were actually handing over their payment information to criminals.
The rise in QR code fraud resulted in the FBI releasing an advisory warning against fake QR codes that are being used to scam users. In many cases, a fake QR code will lead people to a website that looks like the intended legitimate site. So, the usual verification process of checking the URL and any other red flags apply.
CONTINUED with links and 4 example malicious QR codes on the KnowBe4 blog:
https://blog.knowbe4.com/qr-codes-in-the-time-of-cybercrime
|
Ransomware Data Breach Spam Malware Threat Guideline | APT 15 APT 43 | |
|
2022-02-15 13:18:00 | How to Prevent Ransomware Attacks at the Earliest Stages (lien direct) |
Ransomware attacks are one of the most challenging threats organizations face today. At the same time, it is difficult, if not impossible, for private-sector Defenders to draw a clear distinction between attacks supporting nation-state geopolitical interests and a good deal of the more complex ransomware attacks we see today. |
Ransomware | ||
|
2022-02-15 12:03:02 | BlackByte Ransomware Breached US Critical Infrastructure (lien direct) | In response to reports that the FBI has announced that BlackByte ransomware has breached the networks of at least three organizations from US critical infrastructure sectors in the last three months, experts at cybersecurity firms Cerberus Sentinel, RiskLens, and KnowBe4 offer the following comments. | Ransomware | ||
|
2022-02-15 11:56:43 | Ransom payments are tip of the iceberg for the true cost of ransomware (lien direct) | Calculating the true cost of a ransomware attack is a notoriously difficult task for businesses. There is the immediate cost of getting business operations up-and-running again but there is the reputational damage and break down in investor confidence to consider as well. According to a Ransomware Victims Report carried out in 2021, over half (55%) […] | Ransomware | ||
|
2022-02-15 11:55:33 | FBI Warns of BlackByte Ransomware Attacks on Critical Infrastructure (lien direct) | The BlackByte ransomware has been used in attacks on at least three critical infrastructure sectors in the United States, the Federal Bureau of Investigation (FBI) and the U.S. Secret Service (USSS) warn in a joint advisory. | Ransomware | ||
 |
2022-02-15 02:04:36 | BlackByte Tackles the SF 49ers & US Critical Infrastructure (lien direct) | Hours before the Superbowl and two days after the FBI warned about the ransomware gang, BlackByte leaked what are purportedly the NFL team's files. | Ransomware | ||
|
2022-02-14 21:11:03 | (Déjà vu) BlackByte ransomware breached at least 3 US critical infrastructure organizations (lien direct) | The US Federal Bureau of Investigation (FBI) said that the BlackByte ransomware gang has breached at least three organizations from US critical infrastructure sectors. The US Federal Bureau of Investigation (FBI) published a joint cybersecurity advisory with the US Secret Services which revealed that the BlackByte ransomware group has breached at least three organizations from US critical […] | Ransomware | ||
 |
2022-02-14 18:22:38 | Wazawaka Goes Waka Waka (lien direct) | In January, KrebsOnSecurity examined clues left behind by "Wazawaka," the hacker handle chosen by a major ransomware criminal in the Russian-speaking cybercrime scene. Wazawaka has since "lost his mind" according to his erstwhile colleagues, creating a Twitter account to drop exploit code for a widely-used virtual private networking (VPN) appliance, and publishing bizarre selfie videos taunting security researchers and journalists. In last month's story, we explored clues that led from Wazawaka's multitude of monikers, email addresses, and passwords to a 30-something father in Abakan, Russia named Mikhail Pavlovich Matveev. This post concerns itself with the other half of Wazawaka's identities not mentioned in the first story, such as how Wazawaka also ran the Babuk ransomware affiliate program, and later became "Orange," the founder of the ransomware-focused Dark Web forum known as "RAMP." | Ransomware | ||
|
2022-02-14 17:39:00 | San Francisco 49ers Hit by Ransomware (lien direct) | NFL team confirm cyber-attack one day before Super Bowl | Ransomware | ||
|
2022-02-14 15:08:00 | Three-Quarters of Ransomware Payments Linked to Russia (lien direct) | More than $400m worth of cryptocurrency went to ransomware strains “highly likely” to be affiliated with Russia in some way last year | Ransomware |
To see everything:
Our RSS (filtrered)
