Tag Archive for: Activity

CL0P Ransomware Activity Heats Up

/in


Ransomware activity from cybercriminal group CL0P increased massively in April over March this year, a new report by cybersecurity consultant NCC Group found. The number of CL0P’s victims increased from just one in March to 21 in April.

The April Threat Pulse research report notes that CL0P exhibited an explosive return to the ransomware threat landscape, pushing them from the least active criminal group in March to the fourth most prominent in April. NCC Group’s threat intelligence team says CL0P’s presence has been extremely volatile throughout 2022 thus far – from zero attacks in January, to 10 in February, one in March, and 21 in April.

Related: 4 Terms to Demand in Ransomware Negotiations

A similar fluctuation in the rate of the group’s attacks was also seen across 2021, so the April uptick doesn’t necessarily indicate a marked comeback for CL0P. Rather, April was an “active month” for the group, the threat intelligence team noted.

REvil Reemerges

Following a quiet period, April also saw the return of threat actor REvil. Responsible for several high-profile disruptive ransomware campaigns in 2021, including the attacks on the Colonial Pipeline and Kaseya, REvil became the focal point for international law enforcement last year. The group’s online infrastructure was disabled, and multiple arrests were made.

NCC GroupChart shows number of victims by threat actor group in April 2022

Number of victims by threat actor group in April 2022.

In April, NCC Group threat intelligence saw new activity from REvil, albeit on a small scale with a total of five incidents reported. Each victim came from a different sector, revealing a diverse interest in targeting behavior.

NCC Group notes this return supports the notion that any absence from a ransomware group doesn’t signify a total hiatus in criminal activity, certainly where groups come under the law enforcement firing line, taking cover before regaining momentum.

Conti Group Cools Down

Other criminal groups decreased ransomware activity in April.

After a 115% increase between February and March, NCC Group researchers witnessed a 37% decrease in victims of criminal group Conti from March to April. This volatility may be…

Source…

How to secure your internet activity on iOS devices

/in


Learn about the on-device and network security options available to you in order to supercharge your internet security when browsing the web and using apps on iOS.

apple secure ios vpn
Image: Tada Images/Adobe Stock

Securing your internet access can mean many things, but we like to think of it as a two-fold approach for both on-device data and network data once your web request has left your device. There’s much that you can do to protect both on-device data stored locally (such as your browser cache) and the data that leaves your device when making website requests.

We’ll take a look at how to secure your data on the device and how to protect your data that ISPs might see through iCloud Private Relay and VPNs.

How to secure on-device network activity

iOS does a great job at ensuring that things that are stored locally are encrypted using your passcode, and also data between apps are secured and only data you wish to share between apps is actually shared.

Mail and Safari are two apps that can be configured to be more secure than it ships with by default when it comes to network activity on the device. Let’s look at each of the settings for these apps that can make your device more secure.

Enabling Mail Privacy Protection

Mail has always been a hotbed for compromising network activity: From tracking pixels to HTML content that could load inline, email can be tracked. Fortunately, iOS 15 includes a way to protect your email through Mail Privacy Protection that will still allow you to load remote content in emails, but it will hide your location and IP address from the sender.

To enable Mail Privacy Protection:

  1. Open the Settings app.
  2. Navigate to Mail | Privacy Protection.
  3. Enable the option for Protect Mail Activity (Figure A).

Figure A

apple-secure-fig2-bohon
Image: Cory Bohon/TechRepublic. Enabling Mail Privacy Protection makes opening emails with HTML content or tracking pixels more secure.

Clearing browsing history

Browsing history stored on your device can include not only the list of websites you’ve recently visited, but also a cache of those sites to load them more quickly the next time you visit the website. You can clear this data for security, but also to remove the cached…

Source…

Sandworm targets Ukrainian power grid. CISA warns of ICS malware. Updates on Hafnium activity.

/in


Sandworm targets Ukrainian power grid.

Sandworm, also known as Voodoo Bear, and in the org charts Unit 74455 of Russia’s GRU, has deployed CaddyWiper destructive malware and an Industroyer variant being called, simply, “Industroyer2.” ESET tweeted the results of its findings early Tuesday morning, and provided additional details in a report also published Tuesday. “ESET researchers collaborated with CERT-UA to analyze the attack against the Ukrainian energy company. The destructive actions were scheduled for 2022-04-08 but artifacts suggest that the attack had been planned for at least two weeks. The attack used ICS-capable malware and regular disk wipers for Windows, Linux and Solaris operating systems. We assess with high confidence that the attackers used a new version of the Industroyer malware, which was used in 2016 to cut power in Ukraine. We assess with high confidence that the APT group Sandworm is responsible for this new attack.”

The incident seems, at first look, an attempted repetition of the 2016 Russian cyberattacks against the Ukrainian grid that ESET mentioned in its report. CERT-UA offered a further description of the attack. It intended to use Industroyer2 against “high-voltage electrical substations” in a fashion tailored to the individual substations. CaddyWiper was used against Windows systems (including automated workstations), and other “destructive scripts” (OrcShred, SoloShred, and AwfulShred) were deployed against Linux systems.

The GRU’s attempt against the Ukrainian power grid appears to be the cyberattack most people were expecting back in February, especially because of the way it tracked earlier GRU takedowns of sections of Ukraine’s power grid. It also appears to have failed, and that failure may be attributed in part to successful Ukrainian defenses as well as to the methods Russia chose to use. In cyberspace as well as on the ground, Ukraine appears to have proved a tougher opponent than Russia expected.

CISA warns of ICS malware.

Late Wednesday the US Cybersecurity and Infrastructure Security Agency (CISA) announced that, with its partners in “the Department of Energy (DOE), the National Security Agency (NSA), and the Federal Bureau of…

Source…

M&A Activity Targeted by Ransomware Groups – The National Law Review

/in



M&A Activity Targeted by Ransomware Groups  The National Law Review

Source…