Tag Archive for: attacks

5 Questions about Dual Ransomware Attacks

/in


When the FBI issues a warning about a new cyberattack trend, it’s not just hype. Healthcare IT teams should pay attention and adjust tactics if appropriate. Last year, the federal law enforcement agency warned of bad actors using multiple attacks to target the same victims. Here’s what healthcare organizations need to know.

1. What Is Dual Ransomware?

Dual ransomware is the cybercriminal version of “attack in depth.” Rather than depend on a single ransomware toolkit, criminals are deploying multiple ransomware packages at the same time or within a day or two once they’ve gained a foothold in a network. The FBI also warns that cybercriminals are leaving behind dormant data wipers as yet another way to pressure victims into responding to payment demands.

Click the banner below to learn how to get the most out of your zero-trust initiative.

 

2. Why This Attack Method?

Malicious actors are finding it more difficult to break into enterprise networks. As IT managers and vendors get better at blocking attacks, cybercriminals must leverage a smaller number of successful break-ins to ensure that they can hold an organization for ransom. Breaking in is the hard part; the ransomware piece is now a commodity available from more than a half-dozen dark-web vendors. It’s therefore worth it to criminals to make sure that, once they’re in, they can take control, maintain it and maximize their chances of a high payoff. Combining multiple tools with both data encryption and exfiltration techniques, dual ransomware attacks are twice as hard to defeat.

READ MORE: What is a rapid maturity assessment and why is it useful in zero trust?

3. Why Is This a Big Deal for Healthcare IT?

Healthcare is one of the most vulnerable industries when it comes to ransomware. Either an encryption attack that locks up important patient data or an exfiltration attack that risks exposing patient health information can cause a lot of damage. Having both occur at the same time is a gut punch when a cybercriminal comes calling.

4. What Defense Tactics Should Be Used?

When healthcare IT teams respond to an attack, they must remember that multiple tools are likely being deployed: Once…

Source…

Google Confirms Massive Increase In Zero-Day Vulnerabilities Exploited In Attacks Due To Spyware Vendors

/in


Google has published a new report that speaks about the significant rise in zero-day vulnerabilities that continue to be exploited in attacks from 2023.

Both its Threat Analysis Group, as well as the company’s subsidiary firm Mandiant, mentioned how the figures continue to grow as we speak and a lot of that has to do with spyware vendors.

The figures reached 97 zero-days and that stood for more than a 50% rise when you compare it to the past which was just 62. But despite such an increase, the numbers are still much lower than the rise of 106 seen back in the year 2021.

Both entities collectively witnessed 29 out of the 97 vulnerabilities. They even spoke about 61 impacted end users who made use of Google’s products and services such as mobile phones, browsers, and social media apps.

Furthermore, the rest of them were utilized to attack tech like security software and a host of other leading devices in this regard. As far as the enterprise side is concerned, there’s a mega array of vendors as well as products under target and we’re seeing more specific tech getting impacted as a result of this.

Let’s not forget how they’ve seen that as the years pass by, the faster they’re discovering the patch featuring bugs from attackers and this means shorter lifespans arising due to the exploit in question.

In 2023, plenty of threat actors made use of zero-day vulnerabilities that went up to Figure 10. And interestingly, it was China that was highlighted as being behind most of the attacks that had support from the government. Some of those entailed espionage groups from the country which was a trend moving upward.

In 2023, it was all thanks to commercial surveillance that seemed to be the culprit of these attacks that kept on targeting both Android as well as Google devices.

They include up to 75% of all those zero-day exploitations that kept on hitting the platforms. In addition to that, there were vendors

Other than that, most of the 37 zero-day vulnerabilities found on browsers as well as devices that were exploited in 2023 had Google linking close to 60% of all CSVs that keep on selling spyware to clients in the government.

Way back in February, Google revealed how so many…

Source…

Crypto Losses In The First Quarter To Web3 Attacks And Scams Decreased By 23%.

/in

Immunefi reports that in the first quarter of 2024, the cryptocurrency industry’s losses from web3 hacks and scams decreased by 23% as compared to the same period the previous year.

TakeAway Points:

  • Web3 losses in the first quarter were due to fraud and hacking declines.
  • SBF-backed UK NGO for effective altruism to shut down.
  • B3 in Brazil has received approval to trade Bitcoin futures.

Crypto Losses To Web3 Hacks

Crypto industry losses to web3 hacks and scams declined 23% in the first quarter of 2024, compared with the year-earlier period, according to Immunefi.

A report from Immunefi, a bug bounty and security services platform for web3, said that while more than $336 million was lost in Q1, the same period in 2023 saw more than $437 million in such losses.

Hacks continued to be the main cause of losses at about 96%, as scams accounted for 4% of the total losses. DeFi, with almost $100 billion of total value locked in web3 protocols, was the main target of successful exploits.

“While it’s positive that overall losses have decreased, it’s essential to note that DeFi faced significant challenges, accounting for 100% of total losses in Q1 2024,” Immunefi founder and CEO Mitchell Amador said. “Particularly, the ecosystem witnessed a considerable volume of losses due to private key compromises, emphasising the critical need to secure both code and protocol infrastructure.”

The two most targeted chains were Ethereum and BNB Chain. Ethereum suffered the most individual attacks with 33 incidents, followed by BNB Chain with 14, the report said.

The two biggest exploits were conducted against Orbit Bridge, with about $82 million stolen, and Munchables at $63 million. These two accounted for 43% of the first-quarter losses.

About $74 million, or 22%, of the stolen funds were recovered, Immunefi said, including all that was taken from Munchables, an NFT game on the Ethereum layer 2 Blast.

 

Source…

Polycab, Motilal Oswal, Bira91 Among Latest Companies To Be Hit By Ransomware Attacks

/in



Polycab, Motilal Oswal, Bira91 among latest companies to be hit by ransomware attacksImage: Shutterstock

India is one of the most attacked countries in cyberspace, and ransomware attacks are the biggest growing threat. In the last two weeks, multiple reports published by global cybersecurity companies point out that ransomware and malware attacks have surged in the country. Despite this, only a handful of organisations have a formal ransomware plan in place, with some of them even resorting to paying the ransom demands.
On March 17, Polycab India was targeted by LockBit, the most active global ransomware group. According to Polycab, the incident did not impact the core systems and operations of India’s largest wire and cable maker. “The technical team of the company along with a specialised team of external cybersecurity experts are working actively on analysing the incident,” it said in a filing with the stock exchanges. There was no mention of any ransom paid in the filing.
Similarly, prominent brokerage firm Motilal Oswal (MOSL), which has over 6 million clients, was attacked by the same ransomware group in mid-February. LockBit claimed the attack on its dark website. MOSL detected a cyber-incident in the form of some malicious activity on a few of the employees’ computers. Their IT security team activated its cybersecurity incident response process to investigate, contain, and remediate the incident in an hour.
“This incident has not affected any of our business operations or IT environment. It is business as usual. We also proactively went ahead and reported this matter to relevant law enforcement and regulatory authorities immediately,” the company said in a formal statement.

Lockbit has hacked some of the world’s largest organisations recently. On February 19, Britain’s National Crime Agency, the US Federal Bureau of Investigation, Europol, and a coalition of international police agencies disrupted Lockbit’s operations by taking over its website. “This site is now under the control of the National Crime Agency of the UK, working in close cooperation with the FBI and the international law enforcement task force, ‘Operation Cronos’,” a post on the ransomware group’s website said.
Shortly…

Source…