Tag: attackers | SpinSafe

Attackers exploit critical zero-day flaw in Palo Alto Networks firewalls

April 13, 2024/in Internet Security

“This issue is applicable only to PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 firewalls with the configurations for both GlobalProtect gateway and device telemetry enabled,” the company said in its advisory.

Customers can check if they have the GlobalProtect gateway configured under the Network > GlobalProtect > Gateways menu in the firewall’s web interface. The telemetry feature can be checked under Device > Setup > Telemetry.

Mitigating Palo Alto Networks Pan-OS

The company plans to release software hotfixes for PAN-OS 10.2, PAN-OS 11.0 and PAN-OS 11.1 to address the flaw on April 14. These patches will be numbered 10.2.9-h1, 11.0.4-h1 and 11.1.2-h3. Older PAN-OS releases are not impacted and neither are the Cloud NGFW or Prisma Access and Panorama appliances.

Source…

Ransomware attackers are increasingly targeting backups — so make sure yours are protected

April 1, 2024/in Internet Security

When deploying ransomware on a target system, threat actors will almost always look to compromise the backups, too.

Organizations that lose their backups end up paying a lot more in ransom demands, and losing even more in the recovery process, a new report from cybersecurity researchers Sophos has claimed, highlighting the importance of keeping the backups safe.

The company surveyed almost 3,000 IT and cybersecurity professionals, whose organizations suffered a ransomware attack in 2023. Almost all (94%) respondents said the attackers went after their backups, too, rising to 99% in state and local government, the media, leisure, and entertainment sectors.

Higher demands

Organizations in the energy, oil and gas, and utilities, were most likely to lose their backups to ransomware (79%), followed by education (71%). Across all sectors, the researchers said, more than half (57%) of all compromise attempts were successful.

As a result, the ransom demands grew. Victims whose backups were compromised received, on average, more than two times the ransom demand of those who kept their backups safe. The median ransom demand was around $2.3M (backups compromised) and $1M (backups not compromised).

What’s more, organizations with compromised backups were almost twice as likely to pay the ransom, compared to those with safe backups (67% compared to 36%). The median ransom payment for organizations with compromised backups was also double – $2 million versus $1.062 million. These firms were also unable to negotiate down the ransom payment, as the attackers were well-aware of the strong position they held during the negotiations.

“Backups are a key part of a holistic cyber risk reduction strategy,” the researchers said. “If your backups are accessible online, you should assume that adversaries will find them. Organizations would be wise to take regular backups and store in multiple locations; be sure to add MFA (multi-factor authentication) to your cloud backup accounts to help prevent attackers from gaining access, practice recovering from backups; and secure your backups.”

Source…

Hacking humans: Devious tricks attackers use to infiltrate via employees

February 26, 2024/in Computer Security

When we hear the word “hacking” we typically imagine a hooded bad guy coding in a dark room, using cyber skills to breach technical systems and networks.

But what if we told you that 80-95% of all computer attacks begin with the hacking of a human being? That’s right, hacking human beings (a.k.a. social engineering) is usually “phase one” of any cyberattack. This doesn’t require so many technical skills but rather a clever understanding of how human nature responds to phishing lures.

What is Social Engineering?

Social engineering is a technique used by threat actors to trick online users into revealing sensitive information (such as passwords) or convince them to perform an action (such as clicking a link) that ends up compromising an identity, a system or network.

While email phishing is probably the most popular form of social engineering, other forms are also on the rise such as smishing (SMS text phishing), quishing (QR code phishing), BEC (business email compromise), and vishing (voice phishing).

How Do Social Engineering Attacks Work?

Regardless of medium or method (email, voice, text) social engineering attacks are typically executed using the following steps:

1. Conducting Reconnaissance

Just like an investigator that surveys, monitors or observes a potential target — who they meet, where they spend time, where they live, etc., attackers too will often do background research on their targets.

This includes combing through social media profiles (checking their social media interactions, mentions and connections), learning about their colleagues, friends and family members; obtaining their contact information and finally using tools like open source intelligence (OSINT) to uncover vulnerable and exploitable assets that they can target or operationalize.

2. Designing a Pretext

Just like in the old movie “The Talented Mr. Ripley” where a con-artist crafts a fake story to convince everyone that he’s the son of a shipping tycoon, attackers too will create situations or stories to dupe their targets. It can be anything from a discount code to an investment opportunity, from a “verify your email” notification to a notification highlighting…

Source…

Bitcoin Ransomware Attackers Leak Venezuela Mobile Carrier Data

February 14, 2024/in Internet Security

Last updated:

February 13, 2024 22:00 EST
| 1 min read

Bitcoin ransomware attackers reportedly leaked “sensitive data” belonging to “millions” of Venezuelan mobile carrier Digitel customers onto the internet on February 12.

Per the X channel VE sin Filtro, the attackers hail from the MedusaBlog hacking group.

Bitcoin Ransomware Attackers ‘Demanded $5million Worth of Coins’

The group reportedly infiltrated Digital’s networks on February 2 and seized control of company data.

MedusaBlog representatives told the company that it had one week to pay a $5 million ransom in Bitcoin – around BTC 100 at the time of writing.

A graph showing Bitcoin prices versus the USD over the past five days. — Bitcoin prices versus the USD over the past five days. (Source: Google Finance)

According to MedusaBlog, the channel reported:

“[The hijacked data cache] includes a list of employees, identification documents, financial documents, reports, invoices, contracts, subscriber agreements, and [citizens’] personal data.”

The media outlet Criptonoticias quoted the Digital customer and IT journalist Fran Monroy Moret as calling the data leak a “disaster.” Monroy Moret said:

“There could be much more. [MedusaBlog] could have stolen information from more than five million Digitel users.”

The journalist said this could include “sensitive” customer data such as “IDs, fingerprints, photographs, names, and more.”

However, the expert said Digitel customers should remain “calm and wait for events to unfold.”

The same media outlet advised Digitel users to change passwords and “safeguard their emails and accounts on different platforms.”

Footage from a Digitel marketing video published in 2023. — Footage from a Digitel marketing video published in 2023….

Source…

Tag Archive for: attackers

Mitigating Palo Alto Networks Pan-OS

What is Social Engineering?

How Do Social Engineering Attacks Work?

Bitcoin Ransomware Attackers ‘Demanded $5million Worth of Coins’