What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-02-16 06:15:00 | Evolving cyberattacks, alert fatigue creating DFIR burnout, regulatory risk (lien direct) | The evolution of cybercrime is weighing heavily on digital forensics and incident response (DFIR) teams, leading to significant burnout and potential regulatory risk. That's according to the 2023 State of Enterprise DFIR survey by Magnet Forensics, a developer of digital investigation solutions.The firm surveyed 492 DFIR professionals in North America and Europe, the Middle East, and Africa working in organizations in industries such as technology, manufacturing, government, telecommunications, and healthcare. Respondents described the current cybercrime landscape as one that is evolving beyond ransomware and taking a toll on their ability to investigate threats and incidents, Magnet Forensics said.To read this article in full, please click here | Ransomware Guideline | ★★ | |
|
2023-02-13 02:42:00 | Hackers attack Israel\'s Technion University, demand over $1.7 million in ransom (lien direct) | Israel's Technion University on Sunday suffered a ransomware attack, which has forced the university to proactively block all communication networks. A new group calling itself DarkBit has claimed responsibility for the attack. “The Technion is under cyber attack. The scope and nature of the attack are under investigation,” Technion University, Israel's top public university in Haifa wrote in a Tweet. Established in 1912, the Technion University has become a global pioneer in fields such as biotechnology, stem cell research, space, computer science, nanotechnology, and energy. Four Technion professors have won Nobel Prizes. The university has also contributed for the growth of Israel's high-tech industry and innovation, including the country's technical cluster in Silicon Wadi.To read this article in full, please click here | Ransomware | ★★ | |
|
2023-02-09 08:04:00 | UK/US cybercrime crackdown sees 7 ransomware criminals sanctioned (lien direct) | A UK/US campaign to tackle international cybercrime has seen Seven Russian cybercriminals linked to notorious ransomware group Trickbot exposed and sanctioned. The sanctions were announced today by the UK's Foreign, Commonwealth and Development Office (FCDO) alongside the US Department of the Treasury's Office of Foreign Assets Control (OFAC). This follows a lengthy investigation by the National Crime Agency (NCA) into the crime group behind Trickbot malware, as well as the Conti and RYUK ransomware strains, among others, a NCA posting read.To read this article in full, please click here | Ransomware | ★ | |
|
2023-02-08 06:00:00 | Cohesity Data Cloud 7.0 enhances privileged access authentication, ransomware recovery (lien direct) | Data security and management vendor has announced the 7.0 software release of its Cohesity Data Cloud platform. The release provides customers with enhanced cyber resiliency capabilities to help protect and secure data against cyberattacks, the firm stated in its announcement. Expanded features include privileged access hardening, accelerated ransomware recovery for files and objects, and attack surface reduction via AWS GovCloud support, Cohesity added.Cohesity 7.0 focuses on a “data-centric” approach to cyber resilience In a press release, Cohesity explained that the 7.0 software release helps businesses take a more data-centric approach to cyber resilience including data immutability, data isolation (or cyber vaulting), and recovery at scale. “Organizations are facing significant challenges with managing and securing their data estate across cloud and on-premises, with ransomware and data theft as their number one concern,” commented Chris Kent, VP product and solutions marketing, Cohesity. “Cohesity Data Cloud 7.0 adds a new layer of protection and recovery to organizations' most critical data.”To read this article in full, please click here | Ransomware | ★★★ | |
|
2023-02-07 01:28:00 | MKS Instruments falls victim to ransomware attack (lien direct) | Semiconductor equipment maker MKS Instruments is investigating a ransomware event that occurred on February 3 and impacted its production-related systems, the company said in a filing with the US Security and Exchange Commission.MKS Instruments is an Andover, Massachusetts-based provider of subsystems for semiconductor manufacturing, wafer level packaging, package substrate and printed circuit boards.An email sent to MKS Instruments seeking more information about the attack remained unanswered, while the company's website continued to be inaccessible at the time of writing, with a error notification that read, “Unfortunately, www.mks.com is experiencing an unscheduled outage. Please check back again at a later time.” To read this article in full, please click here | Ransomware | ★★★ | |
|
2023-02-06 02:00:00 | Will your incident response team fight or freeze when a cyberattack hits? (lien direct) | If there's an intrusion or a ransomware attack on your company, will your security team come out swinging, ready for a real fight? CISOs may feel their staff is always primed with the technical expertise and training they need, but there's still a chance they might freeze up when the pressure is on, says Bec McKeown, director of human science at cybersecurity training platform Immersive Labs.“You may have a crisis playbook and crisis policies and you may assume those are the first things you'll reach for during an incident. But that's not always the case, because the way your brain works isn't just fight or flight. It's fight, flight, or freeze,” she says. “I've heard people say, 'We knew how to respond to a crisis, but we didn't know what to do when it actually happened.'”To read this article in full, please click here | Ransomware | ★★ | |
|
2023-02-02 01:00:00 | APT groups use ransomware TTPs as cover for intelligence gathering and sabotage (lien direct) | State-sponsored threat groups increasingly use ransomware-like attacks as cover to hide more insidious activities. Russian advanced persistent threat (APT) group Sandworm used ransomware programs to destroy data multiple times over the past six months while North Korea's Lazarus group used infrastructure previously associated with a ransomware group for intelligence gathering campaigns.At the same time, some Chinese APTs that were traditionally targeting entities in Asia shifted their focus to European companies, while Iran-based groups that traditionally targeted Israeli companies started going after their foreign subsidiaries. At least one North Korean group that was focused on South Korea and Russia has started using English in its operations. All these operational changes suggest organizations and companies from Western countries are at increased risk from APT activity.To read this article in full, please click here | Ransomware Threat Medical | APT 38 | ★★ |
|
2023-01-31 08:04:00 | BrandPost: Is Your Organization Security Resilient? Here\'s How to Get There (lien direct) | Security resilience is top of mind for the vast majority of executives; 96% say its highly important to their business, according to the Cisco Security Outcomes Report, Volume 3.And with good reason: data breaches, ransomware, and other cyberattacks continue to plague organizations. In fact, the Cisco report found that 62% of organizations have experienced a security event that affected their resilience, including: 52% experienced a network or data breach 51% suffered a network or system outage 47% were affected by a ransomware event 46% reported a DDoS attack All these incidents are a big deal, many with negative impact: interrupted IT/communications, disrupted supply chain, impaired internal operations, lasting brand damage, loss of competitive advantage, and much more.To read this article in full, please click here | Ransomware | ★ | |
|
2023-01-27 03:16:00 | FBI takes down Hive ransomware group in an undercover operation (lien direct) | The US Department of Justice (DOJ) along with international partners have taken down the Hive ransomware group. The operation that began in July 2022 resulted in the FBI penetrating Hive's computer networks, capturing its decryption keys, and offering them to victims worldwide, preventing victims from having to pay the $130 million in ransom demanded, DOJ said in a release on Thursday. “Last night, the Justice Department dismantled an international ransomware network responsible for extorting and attempting to extort hundreds of millions of dollars from victims in the United States and around the world,” Attorney General Merrick B. Garland said in the release. To read this article in full, please click here | Ransomware | ★★ | |
|
2023-01-24 07:36:00 | P-to-P fraud most concerning cyber threat in 2023: CSI (lien direct) | US financial institutions see peer-to-peer fraud and other digital fraud as the biggest cybersecurity concern in 2023.It was cited by 29% of respondents in a survey by Computer Systems Inc. (CSI), followed by data breaches (23%), ransomware (20%) and a breach at a third party (15%). Industry respondents also expressed concerns over identity theft at 4%, unavailable or unaffordable cyber insurance at 4%, geopolitical risks at 3%, DDoS attacks at 2% and website defacement at 0.9%, according to CSI's annual survey of the financial sector. It received responses from 228 banking executives, 171 of them at vice-president level or above. To read this article in full, please click here | Ransomware Threat | ★★ | |
|
2023-01-23 21:22:00 | Australia fronts International Counter Ransomware Taskforce (lien direct) | The International Counter Ransomware Taskforce (ICRTF), envisioned by the International Counter Ransomware Initiative (CRI), kicked off its operations on Monday with Australia as its inaugural chair and coordinator.The CRI was first brought together in October 2021 with a virtual meeting of 30 countries, facilitated by the US White House National Security Council.In November 2022, a second meeting took place where the following was established by the 37 participating member:To read this article in full, please click here | Ransomware | ★★ | |
|
2023-01-13 04:00:00 | Royal ransomware group actively exploiting Citrix vulnerability (lien direct) | The Royal ransomware group is believed to be actively exploiting a critical security flaw affecting Citrix systems, according to the cyber research team at cyber insurance provider At-Bay. Announced by Citrix on November 8, 2022, the vulnerability, identified as CVE-2022-27510, allows for the potential bypass of authentication measures on two Citrix products: the Application Delivery Controller (ADC) and Gateway.To read this article in full, please click here | Ransomware Vulnerability | ★★ | |
|
2023-01-12 10:00:00 | BrandPost: How Financial Institutions Can SOAR to Success with Devo SOAR (lien direct) | According to the 2022 IBM Cost of a Data Breach Report, the global average cost of a data breach is $4.35 million. Data breaches in the US are even more costly, averaging over $9 million. However, it isn't just the big players caught in the line of fire. IBM's report also found that 83% of companies will experience a data breach soon, meaning financial institutions of all sizes - from local credit unions to Fortune 500s - are at risk. While ransomware attacks get the most time in the financial headlines, most breaches aren't caused by external factors or threat actors. The majority of system availability problems actually occur due to a lack of staff knowledge and protective protocols, software issues and limited security visibility across the institution. However, “more visibility” is not synonymous with “seeing more alerts.” In fact, the opposite is true. Keep reading to see how Devo SOAR helped a leading US bank streamline its SOC.To read this article in full, please click here | Ransomware Data Breach Threat Guideline | ★★ | |
|
2023-01-10 08:14:00 | BrandPost: Cybercrime-as-a-Service, Ransomware Still on the Rise (lien direct) | Today, cybercrime-as-a-service is a lucrative and growing business model among criminals. Ransomware is still a massive threat to organizations. Demand for stolen credentials continues to grow. These are among the findings of the Sophos' 2023 Threat Report, which details how the cyberthreat landscape has changed due to an easier barrier of entry for criminal hopefuls.Threat researchers with Sophos say the expansion is due to the commoditization of “malware-as-a-service” and the sale of stolen credentials and other sensitive data. Today, nearly every aspect of the cybercrime toolkit - from initial infection to ways to avoid detection - is available for purchase on the dark web, say researchers. This thriving business selling what once would have been considered “advanced persistent threat” tools and tactics means any would-be criminal can buy their way into exploitation for profit.To read this article in full, please click here | Ransomware Threat | ★★ | |
|
2023-01-06 06:51:00 | 14 UK schools suffer cyberattack, highly confidential documents leaked (lien direct) | More than a dozen schools in the UK have suffered a cyberattack which has led to highly confidential documents being leaked online by cybercriminals. That's according to a report from the BBC which claimed that children's SEN information, child passport scans, staff pay scales and contract details have been stolen by notorious cybercrime group Vice Society, known for disproportionately targeting the education sector with ransomware attacks in the UK and other countries.Passport, contract data stolen and posted on dark web Pates Grammar School in Gloucestershire is one of 14 to have been impacted by the data breach, the BBC reported, with Vice Society hackers using generic search terms to steal documents. “One folder marked 'passports' contains passport scans for pupils and parents on school trips going back to 2011, whereas another marked 'contract' contains contractual offers made to staff alongside teaching documents on muscle contractions. Another folder marked 'confidential' contains documents on the headmaster's pay and student bursary fund recipients,” the BBC wrote. The hack at Pates is estimated to have taken place on September 28 before data was published on the dark web. The UK Information Commissioner's Office (ICO) and Gloucestershire Police confirmed they were investigating the alleged breaches in 2022.To read this article in full, please click here | Ransomware Hack | ★★ | |
|
2023-01-03 06:57:00 | LockBit apologizes for ransomware attack on hospital, offers decryptor (lien direct) | LockBit, a prominent ransomware-as-a-service (RaaS) operation, has apologized for an attack on the Toronto-based Hospital for Sick Children, also known as SickKids, and offered a free decryptor. SickKids, a major pediatric teaching hospital, announced on December 19 that it had called a Code Grey system failure, as it was responding to a cybersecurity incident that was affecting several network systems at the hospital.To read this article in full, please click here | Ransomware | ★★ | |
|
2023-01-02 02:00:00 | Ransomware ecosystem becoming more diverse for 2023 (lien direct) | The ransomware ecosystem has changed significantly in 2022, with attackers shifting from large groups that dominated the landscape toward smaller ransomware-as-a-service (RaaS) operations in search of more flexibility and drawing less attention from law enforcement. This democratization of ransomware is bad news for organizations because it also brought in a diversification of tactics, techniques, and procedures (TTPs), more indicators of compromise (IOCs) to track, and potentially more hurdles to jump through when trying to negotiate or pay ransoms."We can likely date the accelerated landscape changes back to at least mid-2021, when the Colonial Pipeline DarkSide ransomware attack and subsequent law enforcement takedown of REvil led to the dispersal of several ransomware partnerships," researchers from Cisco's Talos group said in their annual report. "Fast forward to this year, when the ransomware scene seems as dynamic as ever, with various groups adapting to increased disruptive efforts by law enforcement and private industry, infighting and insider threats, and a competitive market that has developers and operators shifting their affiliation continuously in search of the most lucrative ransomware operation."To read this article in full, please click here | Ransomware | ★★★ | |
|
2022-12-20 13:06:00 | BrandPost: Today\'s workforce wants flexibility. Companies need Zero Trust. (lien direct) | By Microsoft Security & ZscalerCompetitive businesses are aggressively accelerating their cloud transformation through the use of SaaS apps. These apps can help an organization to optimize investments, acquire and retain talent, and maintain continuity – even during turbulent events. To realize the full benefits of cloud investments, workplaces must be modernized to satisfy the demands of today's “anywhere, any time, any device” workforces.Unfortunately, the unfettered access modern workforces require comes with the added risk of a dramatically expanded attack surface. IT staff must protect users, devices, and apps from ransomware attacks, data leaks, and other threats that can hinder a truly modern workplace. The best line of defense is a reliable Zero Trust security framework, natively built on a highly distributed, global architecture.To read this article in full, please click here | Ransomware | ★ | |
|
2022-12-14 14:07:00 | Cuba ransomware group used Microsoft developer accounts to sign malicious drivers (lien direct) | Microsoft suspended several accounts on its hardware developer program that signed malicious drivers used by a ransomware group called Cuba to disable endpoint security tools. The driver certificates have been revoked and the drivers will be added to a blocklist that Windows users can optionally deploy."In most ransomware incidents, attackers kill the target's security software in an essential precursor step before deploying the ransomware itself," researchers from security firm Sophos said in a new report about the incident. "In recent attacks, some threat actors have turned to the use of Windows drivers to disable security products."To read this article in full, please click here | Ransomware Threat | ★★ | |
|
2022-12-14 04:31:00 | New Royal ransomware group evades detection with partial encryption (lien direct) | A new ransomware group dubbed Royal that formed earlier this year has significantly ramped up its operations over the past few months and developed its own custom ransomware program that allows attackers to perform flexible and fast file encryption. "The Royal ransomware group emerged in early 2022 and has gained momentum since the middle of the year," researchers from security firm Cybereason said in a new report. "Its ransomware, which the group deploys through different TTPs, has impacted multiple organizations across the globe. The group itself is suspected of consisting of former members of other ransomware groups, based on similarities researchers have observed between Royal ransomware and other ransomware operators."To read this article in full, please click here | Ransomware | ★ | |
|
2022-12-06 06:00:00 | Action1 launches threat actor filtering to block remote management platform abuse (lien direct) | Action1 has announced new AI-based threat actor filtering to detect and block abuse of its remote management platform. The cloud-native patch management, remote access, and remote monitoring and management (RMM) firm stated its platform has been upgraded to spot abnormal user behavior and automatically block threat actors to prevent attackers exploiting its tool to carry out malicious activity. The release comes amid a trend of hackers misusing legitimate systems management platforms to deploy ransomware or steal data from corporate environments.Action1 platform enhanced to identify and terminate RMM abuse In an announcement, Action1 stated that the new enhancement helps ensure that any attempt at misuse of its remote management platform is identified and terminated before cybercriminals accomplish their goals. “It scans user activity for suspicious patterns of behavior, automatically suspends potentially malicious accounts, and alerts Action1's dedicated security team to investigate the issue,” it added.To read this article in full, please click here | Ransomware Tool Threat | ★★ | |
|
2022-12-06 05:40:00 | BrandPost: Five Ways to Enhance Your Security Stack Right Now (lien direct) | As we look at how the threat landscape might evolve, one thing is certain: Bad actors are increasingly adding more attack tactics and vectors to their playbooks. Case in point: In the first half of 2022, the number of new ransomware variants identified increased by nearly 100% compared to the previous six-month period, largely thanks to the rise in popularity of Ransomware-as-a-Service (RaaS). Combine this proliferation of new threats with expanding attack surfaces, resulting in elevated risk levels impacting every industry.To read this article in full, please click here | Ransomware | ★★ | |
|
2022-11-30 02:00:00 | What is Ransom Cartel? A ransomware gang focused on reputational damage (lien direct) | Ransom Cartel, a ransomware-as-a-service (RaaS) operation, has stepped up its attacks over the past year after the disbanding of prominent gangs such as REvil and Conti. Believed to have launched in December 2021, Ransom Cartel has made victims of organizations from among the education, manufacturing, utilities, and energy sectors with aggressive malware and tactics that resemble those used by REvil.To read this article in full, please click here | Ransomware Malware | ★★ | |
|
2022-11-28 02:00:00 | Here is why you should have Cobalt Strike detection in place (lien direct) | Google recently released a list of YARA detection rules for malicious variants of the legitimate Cobalt Strike penetration testing framework that are being used by hackers in the wild. Cobalt Strike is a commercial attack framework designed for red teams that has also been adopted by many threat actors, from APT groups to ransomware gangs and other cybercriminals.Living off the land is a common tactic The abuse by attackers of system administration, forensic, or security tools that are either already installed on systems or can be easily deployed without raising suspicion has become extremely common. The use of this tactic, known as living off the land (LOTL), used to be a telltale sign of sophisticated cyberespionage groups who moved laterally through environments using manual hacking and placed great value on stealth.To read this article in full, please click here | Ransomware Threat | ★★★★ | |
|
2022-11-21 07:02:00 | Luna Moth callback phishing campaign leverages extortion without malware (lien direct) | Palo Alto's Unit 42 has investigated several incidents linked to the Luna Moth group callback phishing extortion campaign targeting businesses in multiple sectors, including legal and retail. The analysis discovered that the threat actors behind the campaign leverage extortion without malware-based encryption, have significantly invested in call centers and infrastructure unique to attack targets, and are evolving their tactics over time. Unit 42 stated that the campaign has cost victims hundreds of thousands of dollars and is expanding in scope.Luna Moth removes malware portion of phishing callback attack Callback phishing – or telephone-oriented attack delivery (TOAD) – is a social engineering attack that requires a threat actor to interact with the target to accomplish their objectives. It is more resource intensive but less complex than script-based attacks and it tends to have a much higher success rate, Unit 42 wrote in a blog posting. Actors linked to the Conti ransomware group had success with this type of attack with the BazarCall campaign, which focused on tricking victims into downloading the BazarLoader malware. This malware element is synonymous with traditional callback phishing attacks. Interestingly, in this campaign, Luna Moth does away with the malware portion of the attack, instead using legitimate and trusted systems management tools to interact directly with a victim's computer to manually exfiltrate data for extortion. “As these tools are not malicious, they're not likely to be flagged by traditional antivirus products,” the researchers wrote.To read this article in full, please click here | Ransomware Malware Threat | ||
|
2022-11-17 13:50:00 | BrandPost: Fortinet\'s FortiGuard Labs Recaps State of Ransomware Settlements (lien direct) | It's painfully obvious at this point that ransomware continues to grow in popularity. As Fortinet's FortiGuard Labs team found, the number of new ransomware variants doubled in just the first half of 2022 compared to the previous six-month period. It's no wonder more companies are turning to cyber insurance to help recoup their losses when they do have to pay a ransomware settlement.That's an option – but think of it as a parachute for your parachute; it doesn't take the place of having all of your other safety guards in place. Cyber insurance can also be a double-edged sword. It has grown in popularity and usually compensates for losses brought on by hacking and data theft, extortion and destruction. Because it sometimes covers ransomware costs, it may seem like a reasonable way to address this threat.To read this article in full, please click here | Ransomware | ||
|
2022-11-15 13:21:00 | Cohesity previews AI-powered ransomware protection suite, Datahawk (lien direct) | Backup and data management vendor Cohesity has started to preview a new ransomware protection SaaS product called Datahawk, which leverages AI and a host of other capabilities to help companies defend their data against bad actors.There are three core components to Datahawk, according to Cohesity. The first is a ransomware detection engine that uses deep learning to quickly scan for anomalous behavior, potential threats and other indicators of possible ransomware attacks. This system works via a preset list of indicators of concern, which, the company said, will be updated daily.To read this article in full, please click here | Ransomware | ||
|
2022-11-10 10:14:00 | BrandPost: What is Top of Mind for CISOs Right Now (lien direct) | Every quarter, we interview CISOs and ask them what is top of mind and what trends or challenges they are experiencing in the threat landscape. From this, we create the CISO Insider - an actionable report that explores the top three issues that are most relevant in today's threat landscape. This quarter, we're exploring rising ransomware rates, the need for increased automation and better tools to empower security teams to do more with limited resources, and the opportunity for extended detection and response (XDR) to help rapidly address emergent threats.Keep reading to learn what steps CISOs are taking to protect against these threats and how you can apply that guidance to your own operations. For even more information, download the full CISO Insider report.To read this article in full, please click here | Ransomware Threat | ||
|
2022-11-03 04:22:00 | White House ransomware summit highlights need for borderless solutions (lien direct) | The US White House this week convened its Second International Counter Ransomware Initiative Summit (CRI), bringing together leaders from 36 countries and the European Union in person to build on the work of its first ransomware summit in 2021. At a press briefing before the Summit, a White House spokesperson said, "While the United States is facilitating this meeting, we don't view this solely as a US initiative. It's an international partnership that spans most of the world's time zones, and it really reflects the threat that criminals and cyberattacks bring.”To read this article in full, please click here | Ransomware Threat Guideline | ||
|
2022-10-31 11:09:00 | BrandPost: Phishing Attacks are on the Rise, and Cyber Awareness is One of Your Best Defenses (lien direct) | Cybersecurity Awareness Month has come to an end, yet security should be a top priority all year round for organizations of all shapes and sizes.The threat landscape is constantly evolving, with cybercriminals finding new ways to trick unsuspecting victims and infiltrate networks. For example, according to the 1H 2022 FortiGuard Labs Threat Report, ransomware is rampant, showing no signs of slowing its pace. These attacks are becoming more sophisticated and aggressive, with attackers introducing new strains and updating, enhancing, and reusing old ones. What's especially concerning as we look back at the first half of 2022 is that we observed 10,666 ransomware variants, compared to just 5,400 in the previous six months. That's nearly 100% growth in ransomware variants in half a year.To read this article in full, please click here | Ransomware Threat | ||
|
2022-10-25 08:31:00 | BrandPost: How to Bridge the Ransomware Security Gap (lien direct) | It is hard to believe how far ransomware has evolved since its origins in the early 1980s. Today's big game ransomware attacks - which threaten everything from critical infrastructure, major corporations, hospitals, and schools - trace their roots to a UK doctor who shook down AIDS researchers with a bootloader virus (delivered on floppy disks) that locked down their computers and demanded cash. Since then, attacks and targets have only become bigger and more sophisticated.In fact, according to recent reports, ransomware attacks increased by 80% in the first half of 2022 compared to the first half of 2021. Today's attackers are breaking into networks, spending time enumerating and reconning victims, positioning ransomware on as many devices as possible, and then staging it to execute and encrypt all at once. The impacts can be devastating and costly, as illustrated by incidents like the Colonial Pipeline episode.To read this article in full, please click here | Ransomware | ||
|
2022-10-24 11:05:00 | BrandPost: Cybersecurity Executives Say These are the Most Pressing Challenges They Face (lien direct) | Most cybersecurity teams grapple with similar issues, from defending against the ever-changing threat landscape to finding time for training and upskilling opportunities. I recently had the chance to speak with numerous security executives and industry experts at the Fortinet Security Summit, held in conjunction with the second annual PGA Fortinet Championship in Napa Valley, to discuss some of these challenges, insights, and potential solutions for addressing them.Challenge #1: The Proliferation of New Threat Vectors If the first half of 2022 was any indication, security teams are in for an interesting ride as we look ahead. In just the first six months, data from FortiGuard Labs shows that the number of new ransomware variants identified increased by nearly 100% compared to the previous six-month period.To read this article in full, please click here | Ransomware Threat | ||
|
2022-10-20 10:28:00 | With Conti gone, LockBit takes lead of the ransomware threat landscape (lien direct) | The number of ransomware attacks observed over the previous three months declined compared to the previous quarter, according to reports from two threat intelligence companies. However, the gap left by the Conti gang has been filled by other players, with LockBit cementing itself in the top position and likely to serve as a future source for ransomware spin-offs.From July to September, security firm Intel 471 counted 455 attacks from 27 ransomware variants, with LockBit 3.0 being responsible for 192 of them (42%). Meanwhile, security firm Digital Shadows tracked around 600 ransomware victims over the same time period, with LockBit accounting for 35% of them.To read this article in full, please click here | Ransomware Threat Guideline | ||
|
2022-10-18 09:40:00 | BrandPost: In an Increasingly Dangerous Cyberspace, MFA Is Not Optional (lien direct) | Many of the most prominent cybersecurity incidents have resulted from attackers using stolen credentials (username and password) to gain access to networks. In an all-too-familiar pattern, last year's Colonial Pipeline ransomware attack, which crippled the delivery of fuel supplies to the Southeastern U.S. for days, began with attackers using a stolen password to gain access to a legacy VPN system.Clearly, organizations need to change the way they think about credentials used for access to data and network assets. That was underscored by a recent joint alert from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the cybersecurity watchdogs of several other countries, which pointed to the role that weak security controls play in breaches and the need to harden credentials (among other recommendations).To read this article in full, please click here | Ransomware | ||
|
2022-10-07 02:00:00 | 3 actions Latin American leaders must take to reduce risk of cyberattacks (lien direct) | We have witnessed increased cyberattacks on the Latin American region in recent days. Mexico's President Obrador confirmed that its government has suffered what is perhaps a sensitive attack on its intelligence and armed forces. Chilean Armed Forces suffered a similar attack and its judiciary system was also compromised. The Colombian National Institute for Drug and Food Surveillance (INVIMA) was also attacked. Moreover, there was an attempt to breach systems at the Ministry of Health of Costa Rica, a country that was the victim of a large ransomware attack this year.To read this article in full, please click here | Ransomware Guideline | ||
|
2022-10-06 02:00:00 | US CISA reaches a new maturity level with its comprehensive strategic plan (lien direct) | On November 16, 2018, the awkwardly named National Protection and Programs Directorate (NPPD) at the US Department of Homeland Security (DHS) emerged as a full-fledged agency called the Cybersecurity and Infrastructure Security Agency (CISA). Since then, CISA has been the federal government agency for bolstering cybersecurity and infrastructure protection across the federal government and setting the example for the private sector to follow suit.Under the auspices of its first director, Chris Krebs, and current director, Jen Easterly, CISA has tackled many serious cybersecurity problems, from supply chain infections to crippling ransomware attacks. Last month, CISA took a significant step forward to achieving its goals by releasing its first comprehensive strategic plan, an overarching agenda of priorities for 2023 to 2025. (CISA did release in 2019 a “strategic intent” document, upon which the strategic plan builds.)To read this article in full, please click here | Ransomware | ||
|
2022-10-06 02:00:00 | 5 reasons why security operations are getting harder (lien direct) | Recent ESG research reveals that 52% of security professionals believe security operations are more difficult today than they were two years ago. Why? Security operations center (SOC) teams point to issues such as: A rapidly evolving and changing threat landscape: Forty-one percent of security professionals find it difficult to understand and counteract modern threats like ransomware or supply chain attacks and then build this knowledge into a comprehensive security operations program. Most react to threats and indicators of compromise (IoCs) rather than study cyber-adversaries and plan ahead. A growing attack surface: This issue came up with 39% of respondents, but attack surface challenges are no surprise. Other ESG research indicates that the attack surface is growing at two-thirds (67%) of organizations, driven by third-party IT connections, support for remote workers, increased public cloud usage, and adoption of SaaS applications. A growing attack surface means more work, vulnerabilities, and blind spots for SOC teams. Little wonder then why 69% of organizations admit to a cyber-incident emanating from an unknown, unmanaged, or poorly managed internet-facing asset. The volume and complexity of security alerts: We've all heard about “alert storms” and “alert fatigue.” Based on the ESG data, these conditions aren't just marketing hype, as 37% of SOC teams say that alert volume and complexity is making security operations more difficult. It's easy to understand this one: Imagine viewing, triaging, prioritizing, and investigating a constant barrage of amorphous security alerts from a variety of different detection tools and you'll get the picture. Seems overwhelming but that's the reality for level 1 SOC analysts at many organizations. Public cloud usage: Beyond just expanding the attack surface, more than one-third (34%) say that security operations are more difficult as a direct result of growing use of the public cloud. This is not just a numbers game. Securing cloud workloads is difficult due to multi-cloud deployment, ephemeral cloud instances, and developer use of new cloud services that security teams may be unfamiliar with. Chasing cloud evolution and associated software developer whims has become part of the job. Keeping up with the care and feeding of security technologies: More than half (54%) of organizations use more than 26 different commercial, homegrown, or open-source tools for security operations. The burden of managing and maintaining all these disparate technologies alone can be difficult. This is one reason why many firms are replacing on-site security tools with cloud-based alternatives. Growing scale complicates security operations In analyzing this data, it's easy to see a common theme across these different responses – scale. Everything is growing – threats, IT, alerts, tools, everything. The research illustrates the fact that we don't have the people, processes, or technologies to keep up with these scaling needs.To read this article in full, please click here | Ransomware Threat | ||
|
2022-10-04 02:00:00 | New US DHS grant program can boost local governments\' cybersecurity strength (lien direct) | Local governments continue to grapple with ransomware and other cyberattacks that have crippled their school systems and halted other civic functions. The latest crisis in a long string of local government cyber incidents involves the Los Angeles Unified School District. After refusing to give in to ransomware syndicate Vice Society's demands for payment, it is forced to watch as the cybercriminal gang releases publicly the stolen, sensitive data in a double-extortion attack.To read this article in full, please click here | Ransomware | ||
|
2022-09-26 16:51:00 | BrandPost: Extortion Economics: Ransomware\'s New Business Model (lien direct) | Did you know that over 80% of ransomware attacks can be traced to common configuration errors in software and devices? This ease of access is one of many reasons why cybercriminals have become emboldened by the underground ransomware economy.And yet, many threat actors are working within a limited pool of ransomware groups. Although ransomware is a headline-grabbing topic, it's ultimately being driven forward by a relatively small and interconnected ecosystem of players. The specialization and consolidation of the cybercrime economy has fueled ransomware as a service (RaaS) to become a dominant business model - enabling a wider range of criminals to deploy ransomware regardless of their technical expertise. This, in turn, has forced all of us to become cybersecurity defenders.To read this article in full, please click here | Ransomware Threat | ||
|
2022-09-22 13:55:00 | Ransomware operators might be dropping file encryption in favor of corrupting files (lien direct) | Ransomware started out many years as scams where users were being tricked into paying fictitious fines for allegedly engaging in illegal online behavior or, in more serious cases, were blackmailed with compromising videos taken through their webcams by malware. The threat has since come a long way, moving from consumers to enterprises, adding data leak threats on the side and sometimes distributed denial-of-service (DDoS) blackmail.The attacks have become so widespread that they now impact all types of organizations and even entire national governments. The cybercriminal groups behind them are well organized, sophisticated, and even innovative, always coming up with new extortion techniques that could earn them more money. But sometimes, the best way to achieve something is not to complexity but to simplify and this seems to be the case in new attacks seen by researchers from security firms Stairwell and Cyderes where known ransomware actors opted to destroy files instead of encrypting them.To read this article in full, please click here | Ransomware Threat | ||
|
2022-09-20 11:31:00 | Ransomware is (slightly) on the decline, cyberinsurance company says (lien direct) | Ransomware attacks began to become both less common and less costly in the first half of 2022, as payments to attackers and the number of attacks that resulted in paid ransoms both shrank, according to new data released today by cyberinsurance company Coalition.After increasing sharply at the outset of the pandemic, the frequency of ransomware claims made by Coalition policyholders shrank sharply during the first six months of the year, dropping from a peak of 0.66% of all policyholders in the second half of last year to 0.41% in early 2022-a figure lower than the initial 0.44% seen in 2020's second half, when the COVID crisis was at its height.To read this article in full, please click here | Ransomware | ||
|
2022-09-20 02:00:00 | Most common SAP vulnerabilities attackers try to exploit (lien direct) | Unpatched vulnerabilities, common misconfigurations and hidden flaws in custom code continue to make enterprise SAP applications a target rich environment for attackers at a time when threats like ransomware and credential theft have emerged as major concerns for organizations.A study that Onapsis conducted last year, in collaboration with SAP, found attackers are continuously targeting vulnerabilities in a wide range of SAP applications including ERP, supply chain management, product life cycle management and customer relationship management. Active scanning for SAP ports has increased since 2020 among attackers looking to exploit known vulnerabilities, particularly a handful of highly critical CVEs.To read this article in full, please click here | Ransomware | ||
|
2022-09-19 02:00:00 | International cooperation is key to fighting threat actors and cybercrime (lien direct) | In this era of cybersecurity, when nation-state digital attacks and cybercrime quickly cut across country borders and create global crises, international cooperation has become an urgent priority. The need for global collaboration to cope with various pressing threats, from electronic espionage to ransomware attacks on critical infrastructure, is imperative to prevent economic and social disasters, top cybersecurity professionals and government officials say.At this year's Billington Cybersecurity Summit, leaders from across the globe gathered to discuss the importance of international partnerships in managing the persistent threats governments must address. The near-total digitalization of every aspect of society that exposes virtually all public and private sector services to escalating cyber threats dictates a more robust, collective defense. Moreover, as cyber risks intensify and multiply, governments worldwide are stepping up their own independent efforts to protect against the rising tide of digital threats.To read this article in full, please click here | Ransomware Threat Guideline | ||
|
2022-09-15 05:20:00 | US government indicts Iranian nationals for ransomware and other cybercrimes (lien direct) | The US Department of Justice (DOJ) unsealed an indictment that charged three Iranian cybercriminals with orchestrating a series of attacks from October 2020 to the present, that resulted in the three being able to access the computer networks of multiple US entities. The three, Mansour Ahmadi, a.k.a. Mansur Ahmadi, 34; Ahmad Khatibi Aghda, a.k.a. Ahmad Khatibi, 45; and Amir Hossein Nickaein Ravari, a.k.a. Amir Hossein Nikaeen, a.k.a. Amir Hossein Nickaein, a.k.a. Amir Nikayin, 30, not only attacked hundreds of victims in the United States, but also entities in Israel, the United Kingdom, Russia, and Iran itself.To read this article in full, please click here | Ransomware | ||
|
2022-09-13 07:13:00 | BrandPost: How to Stop Ransomware (lien direct) | Security Service Edge (SSE) is a relatively new category. Depending on how you look at it, it's either a consolidation of three existing security categories - Secure Web Gateway (SWG), Zero Trust Network Architecture (ZTNA), and Cloud Access Security Broker (CASB) - or, it's a deconstruction of SASE that separates security capabilities from network plumbing.Either way, SSE is not just an arbitrary addition to the security industry's alphabet soup: it's a highly relevant evolution of enterprise security that recognizes what organizations need to protect their distributed users, applications, and workloads against today's ever-evolving threats.To read this article in full, please click here | Ransomware | ||
|
2022-09-13 02:00:00 | U.S. government offensive cybersecurity actions tied to defensive demands (lien direct) | Offensive cyber operations are best known as acts of digital harm, mainly in the context of cyber “warfare,” with nation-states, particularly intelligence organizations, serving as the primary actors. But, as experts and officials speaking at the Billington Cybersecurity Summit this year attest, “offensive cyber” is also a term increasingly applied to the growing use of digital tools and methods deployed by various arms of the federal government, often in partnership with private sector parties, to snuff out threats or help victims of ransomware actors proactively.To read this article in full, please click here | Ransomware | ||
|
2022-09-12 05:44:00 | CISA launches incident, ransomware reporting rulemaking RFI (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released its request for information (RFI) on upcoming reporting requirements that will mandate organizations report significant cybersecurity incidents within 72 hours and ransomware payments 24 hours after payments are made. The RFI follows the March passage of the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), which requires CISA to pursue a regulatory rulemaking path for collecting the incident and ransomware payment data.To read this article in full, please click here | Ransomware | ||
|
2022-09-08 11:02:00 | Ransomware attacks on retailers rose 75% in 2021 (lien direct) | Retailers are fast becoming the favorite targets for ransomware criminals, with two out of three companies in the sector being attacked last year, according to a new report from cybersecurity firm Sophos. Attackers were able to successfully encrypt files in more than half of the attacks.Of 422 retail IT professionals surveyed internationally, 77% said their organizations were hit by ransomware attacks in 2021. This is a 75% rise from 2020, the Sophos report noted.“Retailers continue to suffer one of the highest rates of ransomware attacks of any industry. With more than three in four suffering an attack in 2021, it certainly brings a ransomware incident into the category of when, not if,” said Chester Wisniewski, principal research scientist at Sophos, in a statement accompanying the report. To read this article in full, please click here | Ransomware | ||
|
2022-09-07 10:36:00 | Global companies say supply chain partners expose them to ransomware (lien direct) | Global organizations say they are increasingly at risk of ransomware compromise via their extensive supply chains. Out of 2,958 IT decision makers across 26 countries in North and South America, Europe, and APAC, 79% believe their partners and customers are making their organization a more attractive ransomware target, according to the latest research by Trend Micro. Fifty-two percent of the global organizations surveyed say they have a supply chain partner that has been hit by ransomware. Supply chain and other partners include providers of IT hardware, software and services, open-source code repositories, and non-digital suppliers ranging from law firms and accountants to building maintenance providers. They make for a web of interdependent organizations. To read this article in full, please click here | Ransomware | ||
|
2022-09-01 13:30:00 | Ragnar Locker continues trend of ransomware targeting energy sector (lien direct) | The recent attack on Greece's largest natural gas transmission operator DESFA by ransomware gang Ragnar Locker is the latest on a growing list of incidents where ransomware groups attacked energy companies. This gang seems to prefer critical infrastructure sectors, having targeted over 50 such organizations in the U.S. over the past two years.According to a new analysis by researchers from Cybereason, Ragnar Locker is a growing threat that uses layers of encryption to hide instructions in its binary and kills various processes associated with remote login and support.To read this article in full, please click here | Ransomware Threat |
To see everything:
Our RSS (filtrered)
