Tag Archive for: making

Ransomware-as-a-Service: The Threat That’s Making Cyber Resilience More Important Than Ever


In late 2023, we covered the topic of cyber-attacks through a very detailed interview with Ram Elboim, CEO of Sygnia. As seen from that interview, the subject is dynamic, susceptible, and requires quite a lot of technical knowledge. The recent cyber-attack suffered by the British Library in London is a concrete example.

Due to ransomware – a program that, once installed, renders a system inaccessible – library services are unavailable, and sensitive user and employee data, including names, e-mails, and phone numbers, have been stolen. Usually, groups that carry such attacks demand a financial ransom to make the data accessible again.

Together with Sygnia and two of its leading figures, such as CEO Ram Elboim and UK and Northern Europe Manager Director Azeem Aleem, we will try to build on this example to understand other aspects of this complex and dangerous world.

The attack suffered by the British Library in London shocked everyone for several reasons. What happened? Who carried out the attack? Why does this attack represent such a big problem? 

Azeem: “The cyber-attack on the British Library highlights how ransomware gangs, are leaving no stone unturned, attacking not only businesses of all sectors that have high-value data, but now academia too. It also shows the brutal nature of triple extortion attack methods – crippling business operations and stealing data, before putting it up for ransom and publishing the data. Academic environments typically have fewer security protocols, with under-invested security teams, and are riddled with unpatched software and apps, that when combined, create the perfect playing field for hackers.

The British Library is a national treasure with a collection that holds some of the World’s most prized manuscripts, music scores, sound recordings, and first-edition books, including William Shakespeare’s plays. In this case, the Rhysida gang, a relatively new but substantial ransomware group, shut down the British Library’s website, phone systems, and other onsite services, causing an outage before stealing user data and employee details – almost 500,000 files amounting to 573GB. Within a matter of weeks, the gang had threatened to…

Source…

Why are ransomware gangs making so much money?


For many organizations and startups, 2023 was a rough year financially, with companies struggling to raise money and others making cuts to survive. Ransomware and extortion gangs, on the other hand, had a record-breaking year in earnings, if recent reports are anything to go by.

It’s hardly surprising when you look at the state of the ransomware landscape. Last year saw hackers continue to evolve their tactics to become scrappier and more extreme in efforts to pressure victims into paying their increasingly exorbitant ransom demands. This escalation in tactics, along with the fact that governments have stopped short of banning ransom payments, led to 2023 becoming the most lucrative year yet for ransomware gangs.

The billion-dollar cybercrime business

According to new data from crypto forensics startup Chainalysis, known ransomware payments almost doubled in 2023 to surpass the $1 billion mark, calling the year a “major comeback for ransomware.”

That’s the highest figure ever observed, and almost double the amount of known ransom payments tracked in 2022. But Chainalysis said the actual figure is likely far higher than the $1.1 billion in ransom payments it has witnessed so far.

There’s a glimmer of good news, though. While 2023 was overall a bumper year for ransomware gangs, other hacker-watchers observed a drop in payments toward the end of the year.

This drop is a result of improved cyber defenses and resiliency, along with the growing sentiment that most victim organizations don’t trust hackers to keep their promises or delete any stolen data as they claim. “This has led to better guidance to victims and fewer payments for intangible assurances,” according to ransomware remediation company Coveware.

Record-breaking ransoms

While more ransomware victims are refusing to line the pockets of hackers, ransomware gangs are compensating for this drop in earnings by increasing the number of victims they target.

Take the MOVEit campaign. This huge hack saw the prolific Russia-linked Clop ransomware gang mass-exploit a never-before-seen vulnerability in the widely used MOVEit Transfer software to steal data from the systems of more than 2,700 victim organizations….

Source…

Browser Mistakes Tech Experts Say You Should Stop Making To Protect Your Device From Hackers And Viruses


You may spend more time thinking about your apps these days — which apps are more likely to sell your data, which apps are killing your battery power, etc. But your browsers like Safari and Google Chrome may continue to fly under the radar a bit more. If you’re like most of us, you may take advantage of your browsers and assume they’re just there and that they require zero maintenance or thought. But this isn’t the entire truth. 

What you aren’t doing to your browser could be contributing to putting you at greater risk for hackers and viruses. Tech experts say these are the top browser mistakes you should stop making. 

Not Updating Your Browser

Browsers are similar to apps in that both need to be updated whenever updates become available. Your browser may show signs of little issues, like bugs, that can make it more vulnerable to hackers and viruses. App developers will release updates when they discovered problems with the apps, and downloading these updates can ensure your app is safer and more secure. If a browser update becomes available, make sure you download it ASAP.

Saving Passwords In Your Browser

 

At first, it seems like an extreme convenience. Your browser offers to save your passwords, and what could go wrong? At worst, this will allow you to not have to keep track of yet another complex password. But think of this from the perspective of a hacker who gains entry into your phone or computer — you’ve handed them your most important passwords on a silver platter when you save them in your browser. Even if a website asks to save your password in your browser, don’t give into the temptation.

Never Clearing Your Cookies and Cache

 

Your browser can get loaded down fast with information from websites that it stores in its cookies and cache. Although this isn’t an immediate security problem or one that leaves you more vulnerable to hackers, not clearing your cache can result in glitches when you visit certain sites and it can slow your device down. Resolve this by clearing your cache in Safari by going to Safari > Preferences > Advanced tab > Preferences > Empty Cache. On Chrome, go to More > Clear Browsing Data.

 

Keep these three browser mistakes in mind when…

Source…

How the Ledger Connect hacker tricked users into making malicious approvals


The ‘Ledger hacker’ who siphoned away at least $484,000 from multiple Web3 apps on Dec. 14 did so by tricking Web3 users into making malicious token approvals, according to the team behind blockchain security platform Cyvers.

According to public statements made by multiple parties involved, the hack occurred on the morning of Dec. 14. The attacker used a phishing exploit to compromise the computer of a former Ledger employee, gaining access to the employee’s node package manager javascript (NPMJS) account.

Once they gained access, they uploaded a malicious update to Ledger Connect’s GitHub repo. Ledger Connect is a commonly used package for Web3 applications.

Some Web3 apps upgraded to the new version, causing their apps to distribute the malicious code to users’ browsers. Web3 apps Zapper, SushiSwap, Phantom, Balancer, and Revoke.cash were infected with the code.

As a result, the attacker was able to siphon away at least $484,000 from users of these apps. Other apps may be affected as well, and experts have warned that the vulnerability may affect the entire Ethereum Virtual Machine (EVM) ecosystem.

How it could have happened

Speaking to Cointelegraph, Cyvers CEO Deddy Lavid, chief technology officer Meir Dolev, and blockchain analyst Hakal Unal shed further light on how the attack may have occurred.

According to them, the attacker likely used malicious code to display confusing transaction data in the user’s wallet, leading the user to approve transactions they didn’t intend to.

When developers create Web3 apps, they use open-source “connect kits” to allow their apps to connect with users’ wallets, Dolev stated. These kits are stock pieces of code that can be installed in multiple apps, allowing them to handle the connection process without needing to spend time writing code. Ledger’s connect kit is one of the options available to handle this task.

Source…