What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-01-12 04:30:00 | Guardian confirms Christmas 2022 cyber attack was ransomware (lien direct) | Pas de details / No more details | Ransomware | ★★ | |
 |
2023-01-11 23:22:13 | Ransomware attack prevalence drops (lien direct) | Ransomware attacks have impacted only 25% of U.S. organizations during the past year, representing a 61% drop from 2021, according to VentureBeat. | Ransomware | ★★ | |
 |
2023-01-11 20:05:32 | Tanium comments on patching and its necessities (lien direct) | The hackers tried to hide the backdoor by naming it "twitter_icon_and placed it in a legitimate location directory on the system. For five months, the web shell lay dormant on the victim network. When the hackers were ready to follow through with the attack, they used the backdoor and deployed the Lorenz ransomware in 48 hours. The comment on the incident by Tim Morris, chief security adviser at Tanium - Opinion | Ransomware Patching | ★★ | |
|
2023-01-11 18:27:20 | Early backdoor implantation leveraged by Lorenz ransomware (lien direct) | BleepingComputer reports that the Lorenz ransomware operation exploited a critical Mitel telephony infrastructure vulnerability, tracked as CVE-2022-29499, to obtain initial access to the victim's network five months prior to commencing lateral movement, data theft, and system encryption activities. | Ransomware | ★★ | |
 |
2023-01-11 17:24:01 | The Guardian confirms criminals accessed staff data in ransomware attack (lien direct) |  The Guardian has confirmed that the cyber incident it experienced in December was a criminal ransomware attack and that the attackers are believed to have accessed staff data. An email detailing the attack, seen by The Record, explains that the newspaper “detected suspicious activity on our networks on Tuesday 20th December, resulting in our decision [… |
Ransomware | ★★ | |
 |
2023-01-11 17:00:50 | Six Takeaways from Recent Ransomware Attacks (lien direct) | 2022 ransomware attack learnings can inform 2023 cybersecurity strategies, helping organizations combat threats and reduce risk with greater confidence. The CyberArk 2022 Identity Security Threat Landscape Report shows the ransomware attack vector continues to be... | Ransomware Threat | ★★ | |
|
2023-01-11 14:11:14 | Analyse des Royal-Ransomware Exploits (lien direct) | Die Royal Ransomware wurde erstmals im Januar 2022 beobachtet und wurde unter anderem von den Bedrohungsakteuren DEV-0569 eingesetzt. Die Gruppe nutzt Google-Anzeigen, um Benutzer auf Foren, Beiträge und Blog-Kommentare umzuleiten, oder versendet Phishing-E-Mails, die Links zum Herunterladen der Malware enthalten. Bei einer anderen Kampagne wird der erste Zugang über „Callback“-Phishing-Angriffe erlangt. Bei dieser Art von Angriffen senden die Angreifer eine E-Mail mit der Aufforderung, ein Abonnement zu aktualisieren, und fordern das Opfer auf, die angegebene Nummer anzurufen. Wenn die Opfer den in der E-Mail erwähnten Anruf tätigen, - Sonderberichte | Ransomware Malware | ★★ | |
|
2023-01-11 14:07:21 | Royal ransomware investigation: How to brace for the sharp increase (lien direct) | Royal ransomware investigation: How to brace for the sharp increase Logpoint research reveals what organizations should monitor for to safeguard against the rapid increase in royal ransomware attacks The Royal ransomware group has leaked data of more than 60 victims since November 2022 - Malware Update | Ransomware | ★★ | |
|
2023-01-10 21:11:18 | Alleged Vice Society ransomware attack against San Francisco BART probed (lien direct) | Investigation into a ransomware attack against San Francisco's Bay Area Rapid Transit is underway after the Vice Society ransomware gang listed the heavy rapid rail transit system as one of its victims, according to The Record, a news site by cybersecurity firm Recorded Future. | Ransomware | ★★ | |
 |
2023-01-10 16:30:00 | Anomali Cyber Watch: Turla Re-Registered Andromeda Domains, SpyNote Is More Popular after the Source Code Publication, Typosquatted Site Used to Leak Company\'s Data (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Artificial intelligence, Expired C2 domains, Data leak, Mobile, Phishing, Ransomware, and Typosquatting. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
OPWNAI : Cybercriminals Starting to Use ChatGPT
(published: January 6, 2023)
Check Point researchers have detected multiple underground forum threads outlining experimenting with and abusing ChatGPT (Generative Pre-trained Transformer), the revolutionary artificial intelligence (AI) chatbot tool capable of generating creative responses in a conversational manner. Several actors have built schemes to produce AI outputs (graphic art, books) and sell them as their own. Other actors experiment with instructions to write an AI-generated malicious code while avoiding ChatGPT guardrails that should prevent such abuse. Two actors shared samples allegedly created using ChatGPT: a basic Python-based stealer, a Java downloader that stealthily runs payloads using PowerShell, and a cryptographic tool.
Analyst Comment: ChatGPT and similar tools can be of great help to humans creating art, writing texts, and programming. At the same time, it can be a dangerous tool enabling even low-skill threat actors to create convincing social-engineering lures and even new malware.
MITRE ATT&CK: [MITRE ATT&CK] T1566 - Phishing | [MITRE ATT&CK] T1059.001: PowerShell | [MITRE ATT&CK] T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol | [MITRE ATT&CK] T1560 - Archive Collected Data | [MITRE ATT&CK] T1005: Data from Local System
Tags: ChatGPT, Artificial intelligence, OpenAI, Phishing, Programming, Fraud, Chatbot, Python, Java, Cryptography, FTP
Turla: A Galaxy of Opportunity
(published: January 5, 2023)
Russia-sponsored group Turla re-registered expired domains for old Andromeda malware to select a Ukrainian target from the existing victims. Andromeda sample, known from 2013, infected the Ukrainian organization in December 2021 via user-activated LNK file on an infected USB drive. Turla re-registered the Andromeda C2 domain in January 2022, profiled and selected a single victim, and pushed its payloads in September 2022. First, the Kopiluwak profiling tool was downloaded for system reconnaissance, two days later, the Quietcanary backdoor was deployed to find and exfiltrate files created in 2021-2022.
Analyst Comment: Advanced groups are often utilizing commodity malware to blend their traffic with less sophisticated threats. Turla’s tactic of re-registering old but active C2 domains gives the group a way-in to the pool of existing targets. Organizations should be vigilant to all kinds of existing infections and clean them up, even if assessed as “less dangerous.” All known network and host-based indicators and hunting rules associated |
Ransomware Malware Tool Threat | ChatGPT APT-C-36 | ★★ |
 |
2023-01-10 15:00:00 | Delinea 2022 State of Ransomware Report Reveals That Attacks Are Down 61% From the Previous Year, and Ransom Payments Are Also on the Decline (lien direct) | Annual survey uncovers surprising data but warns against complacency. | Ransomware | ★★ | |
|
2023-01-10 12:56:31 | Bilan des attaques par ransomware contre les établissements de santé : les experts Check Point notent une augmentation de 191 % en un an en France (lien direct) | Bilan des attaques par ransomware contre les établissements de santé : les experts Check Point notent une augmentation de 191 % en un an en France - Malwares | Ransomware | ★★★ | |
 |
2023-01-10 11:00:00 | Key to success while implementing IAM- Best practices that every company should implement (lien direct) | The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Identity and access management has emerged as an essential security element for organizations. A study reveals that 80% of global IT decision-makers have already adopted or are planning to adopt an IAM solution in the upcoming years. IAM refers to business policies, processes, and technologies to control unauthorized data and digital systems access. Two IAM approaches are widely known, one for the cloud and the other for on-premises. The cloud based IAM practices are fast-growing because the demand for cloud adoption has increased over time. With the right IAM solutions and techniques, IT managers and businesses control users' access to sensitive business data within their networks. In addition, these solutions help protect organizations from cyber-attacks; they become more efficient, reduce IT operational costs, and improve user experience. Six best IAM practices that organizations must not neglect The IAM framework means using the right solution to implement user authentication and privileges policies. In addition, with IAM, companies demonstrate that any data is not misused, and they comply with government regulations. For all these characteristics, businesses are increasingly adopting IAM solutions, and their demand will undoubtedly be high in the upcoming time. It's also estimated that the IAM market will grow to $15.3 billion by 2025. The organization needs to use the right IAM tools and practices to reap the most benefits from the IAM solution. The six best IAM practices that every business should incorporate into its security strategy are as follows: Adopt passwordless authentication Many data breaches occur because of weak or stolen credentials. Threat actors can use advanced tools and tactics to steal and break passwords. Organizations need a secure identity management system to prevent bad actors from breaking in and stealing credentials that can result in breaches such as the Lapsus$ attack or the Colonial Pipeline ransomware attack. Organizations eliminate password issues by choosing passwordless authentication to protect vital business data and ensure that only authentic people access it. Passwordless authentication enables users to authenticate their identity without entering a password. There are various benefits for organizations to become passwordless- it enhances the overall efficiency, saves time and productivity, and provides greater ease of access. But, most importantly, passwordless authentication allows IAM leaders and users to access the cloud environment safely and securely. Implement a Zero-Trust approach The zero-trust approach is not new but has gained popularity as the threat landscape is evolving. Organizations cannot have a robust IAM policy without a function zero-trust architecture. The average cost of a data breach is $4.24 million, but the zero-trust model helps re | Ransomware Data Breach Threat Guideline | ★★ | |
 |
2023-01-10 08:14:00 | BrandPost: Cybercrime-as-a-Service, Ransomware Still on the Rise (lien direct) | Today, cybercrime-as-a-service is a lucrative and growing business model among criminals. Ransomware is still a massive threat to organizations. Demand for stolen credentials continues to grow. These are among the findings of the Sophos' 2023 Threat Report, which details how the cyberthreat landscape has changed due to an easier barrier of entry for criminal hopefuls.Threat researchers with Sophos say the expansion is due to the commoditization of “malware-as-a-service” and the sale of stolen credentials and other sensitive data. Today, nearly every aspect of the cybercrime toolkit - from initial infection to ways to avoid detection - is available for purchase on the dark web, say researchers. This thriving business selling what once would have been considered “advanced persistent threat” tools and tactics means any would-be criminal can buy their way into exploitation for profit.To read this article in full, please click here | Ransomware Threat | ★★ | |
|
2023-01-09 20:33:00 | Rackspace Ransomware Incident Highlights Risks of Relying on Mitigation Alone (lien direct) | Organizations often defer patching because of business disruption fears - but that didn't work out very well for Rackspace's Hosted Exchange service. | Ransomware Patching | ★★ | |
|
2023-01-09 19:47:01 | Ransomware Response Best Practices When an MSSP Is Infected - CFH #4 (lien direct) | Pas de details / No more details | Ransomware | ★★ | |
 |
2023-01-09 13:38:55 | Ransomware Gangs Leak Large Amounts of Data in Recent Attacks: Hive and Vice Society (lien direct) | Ransomware gangs are known to release stolen data in retaliation if the ransom is not... | Ransomware | ★★★ | |
 |
2023-01-09 13:29:39 | Le Ministère de la Justice récupère un paiement de ransomware (lien direct) | Le ministère de la Justice US a annoncé qu'il était en mesure d'annuler les paiements de rançongiciels effectués par des entreprises médicales au Kansas et au Colorado.... | Ransomware | ★★ | |
|
2023-01-09 12:19:37 | Dark Web Profile: Royal Ransomware (lien direct) | >By SOCRadar Research Ransomware attacks have been rising in recent years, with the frequency of... | Ransomware | ★★★ | |
 |
2023-01-09 11:18:26 | Your Guide to Ransomware-and Preventing It Too (lien direct) | >
Ransomware. Even the name sounds scary. When you get down to it, ransomware is one of the nastiest attacks a...
|
Ransomware | ★★ | |
|
2023-01-09 11:00:00 | Understanding Malware-as-a-Service (MaaS): The future Of cyber attack accessibility (lien direct) | The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. With the explosive growth of technology, businesses are more vulnerable than ever to malicious cyber attacks. And as cybercriminals become more sophisticated, new methods of attack are popping up left and right. To add fuel to the fire, the average cost of a data breach increased from $3.86 million to $4.24 million in 2021. That's costly enough to put most SMBs into the red. Not to mention the reputational damage it can cause for your brand. Avoid this dreaded fate by protecting yourself against the latest cybersecurity developments — like Malware-as-a-Service (MaaS) — to protect your networks, data, systems, and business reputation. If you've never heard of Malware-as-a-Service (MaaS) before, don't fret. This article is for you. We'll teach you everything you need to know about Malware-as-a-Service and wrap it up by sharing some best practices for protecting your proprietary company data from potential threats. Let's dive in. What is Malware-as-a-Service (Maas)? Malware-as-a-Service (MaaS) is a type of cyber attack in which criminals offer malware and deployment services to other hackers or malicious actors on the internet. These services typically are available on the dark web. When purchased, a bad actor can carry out various malicious activities, such as stealing sensitive information, disrupting computer systems, or encrypting data and demanding a ransom to unlock it. Some of the most common types of malware include the following: Viruses: Programs that can replicate themselves and spread to other computers. They can cause various problems, such as disrupting computer operations, stealing information, or damaging files. Trojan horses: These programs masquerade themselves as legitimate software but can carry out malicious activities, such as stealing data or giving attackers unauthorized access to a computer. Worms: A self-replicating program that can spread across networks, disrupting computer operations and consuming network resources. Adware: Software that displays unwanted advertisements on a computer. It can be intrusive and annoying and sometimes track a user's online activities. Ransomware: Encryption of a victim's data with the demand for a ransom payment to unlock it. It can devastate businesses, resulting in losing important data and files. Spyware: Software designed to collect information about a user's online activities without their knowledge or consent to steal sensitive information (like financial statements and passwords). Bots: Often used in conjunction with other types of malware, such as viruses or worms. For example, a virus could infect a computer and then download and install a bot, which could carry out malicious activities on that computer or other computers on the network. MaaS makes it easier for cybercriminals to launch attacks, as they can purchase and use pre-made malware without developing it themselves. This distinction can make it harder for law enforcement, cybersecurity experts, and IT teams to track down the people responsible for the attacks. And sadly, cyber-attacks are industry agnostic. For example, in the transportation industry, cybercriminals exploit vulnerabilities of electronic logging devices and steal valuable information from cloud-connected trucks. MaaS is also a significant threat to online job boards like | Ransomware Data Breach Malware Threat | ★★★ | |
|
2023-01-08 16:45:08 | MegaCortex ransomware decryptor published (lien direct) | Bitdefender has published a free MegaCortex ransomware decryptor, which it co-developed with the Europol, Cantonal Police, Zurich Public Prosecutro's Office, and the NoMoreRansom project, BleepingComputer reports. | Ransomware | ★★ | |
|
2023-01-08 16:26:31 | Maternal & Family Health Services hit with ransomware attack (lien direct) | Pennsylvania-based nonprofit health provider Maternal & Family Health Services has confirmed being impacted by a "sophisticated ransomware incident" months earlier, reports TechCrunch. | Ransomware | ★★ | |
|
2023-01-08 16:25:10 | Rackspace ransomware attack impacted customer email data (lien direct) | Rackspace has disclosed that some of its customers' Personal Storage Table files with emails, contacts, tasks, and calendar data, have been accessed by the Play ransomware operation during its attack on the multicloud MSP firm's Hosted Exchange email environment last month, according to BleepingComputer. | Ransomware | ★★ | |
 |
2023-01-08 10:00:00 | Happy 20th Birthday TaoSecurity Blog (lien direct) |  Happy 20th birthday TaoSecurity Blog, born on 8 January 2003. Thank you BloggerBlogger (now part of Google) has continuously hosted this blog for 20 years, for free. I'd like to thank Blogger and Google for providing this platform for two decades. It's tough to find extant self-hosted security content that was born at the same time, or earlier. Bruce Schneier's Schneier on Security is the main one that comes to mind. If not for the wonderful Internet Archive, many blogs from the early days would be lost.StatisticsIn my 15 year post I included some statistics, so here are a few, current as of the evening of 7 January: I think it's cool to see almost 29 million "all time" views, but that's not the whole story.Here are the so-called "all time" statistics: It turns out that Blogger only started capturing these numbers in January 2011. That means I've had almost 29 million views in the last 12 years. I don't know what happened on 20 April 2022, when I had almost 1.5 million views?Top Ten Posts Since January 2011 |
Ransomware Studies Guideline | Solardwinds | ★★ |
 |
2023-01-06 19:45:00 | Microsoft Reveals Tactics Used by 4 Ransomware Families Targeting macOS (lien direct) | Microsoft has shed light on four different ransomware families – KeRanger, FileCoder, MacRansom, and EvilQuest – that are known to impact Apple macOS systems. "While these malware families are old, they exemplify the range of capabilities and malicious behavior possible on the platform," the tech giant's Security Threat Intelligence team said in a Thursday report. The initial vector for these | Ransomware Malware Threat | ★★★ | |
|
2023-01-06 16:43:45 | Trustwave report says businesses need to get more proactive about ransomware (lien direct) | Study of 2022 ransomware cases found that 1 in 40 organizations have been hit by ransomware. | Ransomware | ★★★ | |
 |
2023-01-06 16:00:00 | US Family Planning Non-Profit MFHS Confirms Ransomware Attack (lien direct) | The non-profit said its systems were compromised between August 2021 and April 2022 | Ransomware | ★★★ | |
|
2023-01-06 14:31:00 | Rackspace Confirms Play Ransomware Gang Responsible for Recent Breach (lien direct) | Cloud services provider Rackspace on Thursday confirmed that the ransomware gang known as Play was responsible for last month's breach. The security incident, which took place on December 2, 2022, leveraged a previously unknown security exploit to gain initial access to the Rackspace Hosted Exchange email environment. "This zero-day exploit is associated with CVE-2022-41080," the Texas-based | Ransomware | ★★ | |
 |
2023-01-06 13:51:44 | Ransomware and Fraudulent Funds Transfer are the Two Main Drivers of Cyber Loss (lien direct) |
|
Ransomware | ★★ | |
 |
2023-01-06 12:59:12 | Wabtec Announces Global Data Breach In LockBit Attack (lien direct) | The Wabtec Corporation has finally provided information regarding a data security breach that occurred last year and resulted in the compromise of extremely sensitive personal data. The $8 billion company was the victim of a ransomware attack that was first mentioned in June 2022 and was perpetrated by the well-known LockBit organization. The corporation, which […] | Ransomware Data Breach | ★★ | |
 |
2023-01-06 10:22:05 | Rackspace Completes Investigation Into Ransomware Attack (lien direct) | Cloud company Rackspace has completed its investigation into the recent ransomware attack and found that the hackers did access some customer resources. | Ransomware | ★★★ | |
|
2023-01-06 10:00:00 | Security Industry Hits Back with MegaCortex Decryptor (lien direct) | Another ransomware variant bites the dust | Ransomware | ★★ | |
|
2023-01-06 09:30:00 | Ransomware Disruption at The Guardian to Last at Least a Month (lien direct) | Famed newspaper was hit at the end of December | Ransomware | ★★★ | |
|
2023-01-06 06:51:00 | 14 UK schools suffer cyberattack, highly confidential documents leaked (lien direct) | More than a dozen schools in the UK have suffered a cyberattack which has led to highly confidential documents being leaked online by cybercriminals. That's according to a report from the BBC which claimed that children's SEN information, child passport scans, staff pay scales and contract details have been stolen by notorious cybercrime group Vice Society, known for disproportionately targeting the education sector with ransomware attacks in the UK and other countries.Passport, contract data stolen and posted on dark web Pates Grammar School in Gloucestershire is one of 14 to have been impacted by the data breach, the BBC reported, with Vice Society hackers using generic search terms to steal documents. “One folder marked 'passports' contains passport scans for pupils and parents on school trips going back to 2011, whereas another marked 'contract' contains contractual offers made to staff alongside teaching documents on muscle contractions. Another folder marked 'confidential' contains documents on the headmaster's pay and student bursary fund recipients,” the BBC wrote. The hack at Pates is estimated to have taken place on September 28 before data was published on the dark web. The UK Information Commissioner's Office (ICO) and Gloucestershire Police confirmed they were investigating the alleged breaches in 2022.To read this article in full, please click here | Ransomware Hack | ★★ | |
|
2023-01-05 23:53:00 | Rackspace Sunsets Email Service Downed in Ransomware Attack (lien direct) | The hosting services provider shared new details on the breach that took down its Hosted Exchange Email service. | Ransomware | ★ | |
|
2023-01-05 23:43:53 | (Déjà vu) ASEC Weekly Malware Statistics (December 26th, 2022 – January 1st, 2023) (lien direct) | The ASEC analysis team uses the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from December 26th, 2022 (Monday) to January 1st, 2023 (Sunday). For the main category, downloader ranked top with 48.8%, followed by backdoor with 24.2%, Infostealer with 18.4%, CoinMiner with 4.8%, ransomware with 3.4%, and lastly banking malware with 0.5%. Top 1 – SmokeLoader SmokeLoader is an Infostealer/downloader malware that is distributed via exploit kits. This... | Ransomware Malware | ★★ | |
 |
2023-01-05 23:40:42 | Rackspace blames ransomware woes on zero-day attack (lien direct) | Play gang blamed, ProxyNotShell cleared and hosted Exchange doomed Rackspace has confirmed the Play ransomware gang was behind last month's hacking and said it won't bring back its hosted Microsoft Exchange email service, as it continues working to recover customers' email data lost in the December 2 ransomware attack.… | Ransomware | ★★ | |
|
2023-01-05 18:00:00 | Hackers Leverage Compromised Fortinet Devices to Distribute Ransomware (lien direct) | The findings come from eSentire's Threat Response Unit | Ransomware Threat | ★★ | |
 |
2023-01-05 17:58:30 | Rackspace: Customer email data accessed in ransomware attack (lien direct) | Rackspace revealed on Thursday that attackers behind last month's incident accessed some of its customers' Personal Storage Table (PST) files which can contain a wide range of information, including emails, calendar data, contacts, and tasks. [...] | Ransomware | ★ | |
 |
2023-01-05 16:45:40 | Check Point Research Reports a 38% Increase in 2022 Global Cyberattacks (lien direct) | >Check Point Research (CPR) releases new data on 2022 cyberattack trends. The data is segmented by global volume, industry and geography. Global cyberattacks increased by 38% in 2022, compared to 2021. These cyberattack numbers were driven by smaller, more agile hacker and ransomware gangs, who focused on exploiting collaboration tools used in work-from-home environments, targeting… | Ransomware | ★★★ | |
 |
2023-01-05 14:00:18 | Ransomware target list – Week in security with Tony Anscombe (lien direct) | >Why schools, hospitals, local governments and other public sector organizations are in a sweet spot for ransomware attacks | Ransomware | ★★ | |
|
2023-01-05 13:32:40 | These grim figures show that the ransomware problem isn\'t going away (lien direct) |
|
Ransomware | ★★ | |
|
2023-01-05 11:00:00 | The dos and don\'ts of ransomware negotiations (lien direct) | The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Has your organization suddenly been attacked by a ransomware virus? Take a deep breath and try to remain composed. It can be easy to panic or become overwhelmed in the face of an attack, but it is vital to remain calm and focused in order to make the best decisions for your organization. The initial actions to take in the event of a ransomware attack Disconnect the affected devices from the network as soon as possible. This can help to prevent the ransomware from spreading to other computers or devices. Determine what data has been affected and assess the extent of the damage. Determine the specific type of ransomware virus that has infected your devices to understand how this malware operates and what steps you need to take to remove it. It is important to notify all employees about the ransomware attack and instruct them not to click on any suspicious links or open any suspicious attachments. Consider reporting the attack. This can help to increase awareness of the attack and may also help to prevent future attacks. Please note that in some regions, business owners are required by law to report an attack. Do not rush into a decision. Take the time to carefully evaluate your options and the potential consequences of each of them before deciding whether to pay the ransom or explore other solutions. Paying the ransom is not the only option. Consider exploring other solutions, such as restoring your data from backups. If you do not have backups, cybersecurity experts may be able to help you recover your data since many ransomware strains were decrypted and keys are publicly available. Strategies cybercrooks employ to obtain funds from victims swiftly Cyber extortionists use various tactics beyond just encrypting data. They also use post-exploitation blackmail methods to coerce victims into paying them. Very often, cybercriminals use several extortion tactics simultaneously. Some examples of these tactics include: Steal and disclose Cyber extortionists not only encrypt victims' data but also often steal it. If the ransom is not paid, the stolen files may be made publicly available on special leak websites, which can cause severe damage to the victim's reputation and make them more likely to give in to the attackers' demands. Destroy keys if a negotiation company intervenes Some ransomware authors have threatened to delete the private keys necessary for decrypting victims' data if they seek the help of a professional third party to negotiate on their behalf. Launch a DDoS attack Ransomware attackers often threaten to flood the victim's website with a large volume of traffic in an effort to put it down and intimidate the targeted company into paying the ransom faster. Cause printers to behave abnormally Some hackers were able to take control of the printers and print ransom notes directly in front of partners and customers. This provides a high level of visibility for the attack, as it is difficult for people to ignore the ransom notes being printed. Use Facebook ads for malicious purposes Criminals have been known to use advertising to gain attention for their attacks. In one ins | Ransomware Malware Threat Prediction | ★★★ | |
|
2023-01-05 10:25:12 | Play Ransomware Group Used New Exploitation Method in Rackspace Attack (lien direct) | The recent ransomware attack targeting Rackspace was conducted by a cybercrime group named Play using a new exploitation method, the cloud company revealed this week. | Ransomware | ★★★ | |
|
2023-01-05 09:30:00 | Rail Tech Giant Wabtec Discloses Global Data Breach (lien direct) | Incident thought to stem from 2022 ransomware attack | Ransomware Data Breach | ★★ | |
 |
2023-01-05 09:00:04 | A crowning achievement: Exploring the exploit of Royal ransomware (lien direct) | >By Anish Bogati, Security ResearchContentsFast FactsRoyal analysisAnalysis of an older version of RoyalDetecting Royal using LogpointInvestigation and response using LogpointEnd-to-end detection, investigation, and response of Royal with LogpointTL;DRFirst observed in January 2022 and unlike any other ransomware we have covered, Royal is a private group with no known affiliations at this time. In another campaign, [...] | Ransomware | ★★★★ | |
 |
2023-01-05 07:51:45 | LockBit ransomware gang says sorry, gives free decryptor to SickKids hospital (lien direct) | Do ransomware gangs actually have a heart? Perhaps... Just days before Christmas, on the night of Sunday 18 December 2022, Canada's Hospital for Sick Children (better known as SickKids) was hit by a ransomware attack. The Toronto-based teaching and research hospital reported that the attack had impacted its internal systems, phone lines, and website. The hospital predicted that it would take weeks before all of its systems were back up-and-running as normal, and warned that - although scheduled appointments and procedures were continuing - its clinical teams were experiencing delays, and that... | Ransomware | ★ | |
|
2023-01-05 05:50:00 | Focusing on Your Adversary (lien direct) | Every day, we hear news stories or read articles about data breaches and other cyber security threats. As malicious threat actors and the risk of cyber threats increase, protecting networks and valuable information becomes more critical. So what can organizations do to ensure their networks remain secure? Organizations must understand their adversaries’ identities to keep data safe and protect it from cyber-attacks. This article will explore the different types of threats facing enterprise organizations and what they can do to stay ahead of them. Evolving Cyber Attacks Cyber attacks are constantly evolving as attackers continue to find new ways to exploit vulnerabilities. This includes: Increased use of artificial intelligence (AI) and machine learning: Attackers are using AI and machine learning to automate and improve the effectiveness of their attacks. For example, AI can be used to generate convincing phishing emails or to bypass security systems. Rise of ransomware: Ransomware attacks, which involve encrypting a victim’s data and demanding a ransom to decrypt it, have become increasingly common in recent years. Ransomware attacks can significantly impact businesses, disrupting operations and resulting in financial losses. More targeted attacks: Rather than broad-based attacks that aim to compromise as many systems as possible, attackers are increasingly using targeted attacks designed to exploit a particular organization’s vulnerabilities. Increased focus on mobile devices: Mobile devices, such as smartphones and tablets, are becoming increasingly vulnerable to cyber-attacks. As a result, attackers focus more on exploiting these devices’ vulnerabilities. Increased use of cloud services: As more organizations move to the cloud, attackers are finding new ways to exploit vulnerabilities in these systems. For example, attackers may try to gain access to an organization’s cloud-based data or disrupt its cloud-based operations. It’s not only crucial for organizations to stay up-to-date on the latest trends in cyber attacks and to implement appropriate security measures to protect against them. It’s even more important to pinpoint your adversaries to understand their TTPs to protect and predict their next attack. Types of Adversaries There are many different types of cybersecurity adversaries that organizations have to deal with. Some common types of adversaries include: Hackers: Individuals or groups who attempt to gain unauthorized access to systems or networks for various reasons, such as stealing data, disrupting operations, or causing damage. Cybercriminals: Individuals or groups who use the internet to commit crimes, such as identity theft, fraud, or extortion. Cyber Terrorists: A group that’s goal is to disrupt operations, cause harm, and destroy data. Increasingly targeting critical infrastructures such as power plants, water treatment facilities, transportation systems, and healthcare providers. Nation-state actors: Governments or government-sponsored organizations that use cyber attacks as part of their foreign policy or military operations. Insider threats: Individuals with legitimate access to an organization’s systems or networks use that access to cause harm or steal sensitive information. Malicious insiders: These are individuals who are intentionally malicious and seek to cause harm to an organization’s systems or networks. Hacktivists: The term “hacktivists” refers to people who use hacking techniques to disrupt computer systems and networks in pursuit of political goals. Hackers often work alone, though some groups do exist. Script Kiddies: Originally used to describe young hackers, it now refer | Ransomware Malware Tool Vulnerability Threat Industrial Prediction | ★★★ | |
|
2023-01-04 23:21:00 | Rackspace: Ransomware Attack Bypassed ProxyNotShell Mitigations (lien direct) | The hosting provider had not applied Microsoft's new patch due to publicly reported issues with the update. | Ransomware | ★★★ |
To see everything:
Our RSS (filtrered)
