Tag Archive for: attacks

Ransomware attacks targeting local healthcare groups

/in


Barbara McAneny with the New Mexico Cancer Center says they have had to change the way they work due to a string of ransomware attacks on Optum and United Health Care. “This is an important development for every health care entity in the country,” McAneny said.With Optum being one of their partners, it’s affected a number of services they provide.”Our ability to check whether or not patients are authorized by their insurance to get a prescription or treatment went away,” McAneny said.Due to the attack on Optum, the center also can’t submit claims or receive payments. Tech experts wonder how an attack like this continues to affect the health care industry.”It’s interesting given that the impact is so great that you would think that we would have turned the corner many years ago and started beefing up, you know, our cyber security programs in that space,” Deron Grzetich said.The New Mexico Cancer Center has not had its information breached — and has not been victim to this ransomware attack. But McAneny is concerned for other practices in the state and how this affects people’s ability to receive prescriptions, and if personal information is being stolen through other providers.Other groups affected by these ransomware attacks are UnitedHealth and Change Healthcare. “Anyone who’s filled a prescription or seen a physician or dentist or any health care provider is at risk to have their own personal identity stolen,” McAneny said.In the wake of this attack, she offers this to calm anyone seeking help at the cancer center.”We are going to be treating our patients as we always have,” McAneny said.She says the center is still able to fill prescriptions in-house, but can’t send orders to outside pharmacies.

ALBUQUERQUE, N.M. —

Barbara McAneny with the New Mexico Cancer Center says they have had to change the way they work due to a string of ransomware attacks on Optum and United Health Care.

“This is an important development for every health care entity in the country,” McAneny said.

With Optum being one of their partners, it’s affected a number of services they provide.

“Our ability to check whether or not patients are authorized by their insurance to get…

Source…

Radware: Web App, API Malicious Transactions Up 171% Due to DDoS Attacks

/in


  • DDoS attacks per customer nearly double
  • Web DDoS attacks relentlessly continue throughout the year
  • DNS query flood vectors increase more than three fold
  • Government, business/economy, and travel websites face the most hacktivist claimed DDoS attacks worldwide

Radware® (NASDAQ: RDWR), a leading provider of cyber security and application delivery solutions, released its 2024 Global Threat Analysis Report.

“The technological race between good and bad actors has never been more intense,” said Pascal Geenens, Radware’s director of threat intelligence. “With advancements like Generative AI,

inexperienced threat actors are becoming more proficient and skilled attackers more emboldened. In 2024, look for attack numbers to climb and attack patterns, like the shift in Web DDoS attacks, to continue to evolve.”

Radware’s comprehensive report leverages intelligence provided by network and application attack activity sourced from Radware’s Cloud and Managed Services, Global Deception Network, and threat intelligence research team during 2023. In addition, it draws from information found on Telegram, a public messaging platform often used by cyber criminals.

Radware’s report reveals key themes about the emerging threat landscape.

DDoS Attacks Surge Unprosecuted

“With almost two years of illegal denial of service left un-prosecuted following Russia’s invasion of Ukraine and the unfettered rise of hacktivism, the threshold into a life of cyber crime has reached a new low,” said Geenens. “We have yet to see DDoS attacks used as a mainstream vehicle to settle disagreements or differences, but plenty of groundwork has been laid by proficient hacktivists.”

Between the close of 2022 and 2023 DDoS attacks rose worldwide:

  • Globally, the average number of DDoS attacks per customer grew by 94%. On a regional basis, the increase in the number of DDoS attacks targeting customers varied:
    • EMEA rose 43%
    • The Americas grew 196%
    • APAC climbed 260%
  • The Americas were targeted by almost half of all global DDoS attacks. The EMEA region, accounting for 39% of the DDoS attacks, mitigated 65% of the global DDoS attack volume. The APAC region accounted for almost 12% of global DDoS attacks.

Hacktivists Attack with Unrelenting…

Source…

GhostSec & Stormous Launched Twin Ransomware Attacks

/in


A hacking group has evolved with a new ransomware variant known as GhostLocker 2.0.

This group, in collaboration with the Stormous ransomware operators, has initiated double extortion ransomware attacks targeting various businesses globally.

The joint efforts of GhostSec and Stormous have led to the creation of a new ransomware-as-a-service program named STMX_GhostLocker, offering diverse options for their affiliates.

The collaborative operation affected victims across various business verticals, according to disclosures made by the groups in their Telegram channels.(Source: Cisco Talos)

Global Impact of Ransomware Attacks

The victimology of these attacks spans across multiple countries, including Cuba, Argentina, Poland, China, and many others.

Document

Integrate ANY.RUN in your company for Effective Malware Analysis

Malware analysis can be fast and simple. Just let us show you the way to:

  • Interact with malware safely
  • Set up virtual machine in Linux and all Windows OS versions
  • Work in a team
  • Get detailed reports with maximum data

    • If you want to test all these features now with completely free access to the sandbox: ..

These cybercriminal activities have affected victims in different business sectors, as disclosed by the groups in their Telegram channels.

Talos’ observation in GhostSec’s Telegram channels highlighted the group’s continued attacks on Israel’s Industrial systems, critical infrastructure, and technology companies.(Source: Cisco Talos)

Notably, GhostSec has been actively targeting Israel’s industrial systems and critical infrastructure, with reported attacks on organizations like the Ministry of Defense in Israel.

Using the GhostLocker and StormousX ransomware malware, Talos discovered that the GhostSec and Stormous gangs were collaborating on several double extortion assaults.

Evolution of GhostLocker Ransomware

GhostSec introduced an upgraded version of their ransomware called GhostLocker 2.0, showcasing continuous development efforts with plans for further iterations like GhostLocker V3.

Stmx_GhostLocker member affiliate working model.

The ransom note strategy has evolved to include instructions for victims…

Source…

GhostSec and Stormous Launch Joint Ransomware Attacks in Over 15 Countries

/in


The cybercrime group called GhostSec has been linked to a Golang variant of a ransomware family called GhostLocker.

“TheGhostSec and Stormous ransomware groups are jointly conducting double extortion ransomware attacks on various business verticals in multiple countries,” Cisco Talos researcher Chetan Raghuprasad said in a report shared with The Hacker News.

“GhostLocker and Stormous ransomware have started a new ransomware-as-a-service (RaaS) program STMX_GhostLocker, providing various options for their affiliates.”

Attacks mounted by the group have targeted victims in Cuba, Argentina, Poland, China, Lebanon, Israel, Uzbekistan, India, South Africa, Brazil, Morocco, Qatar, Turkiye, Egypt, Vietnam, Thailand, and Indonesia.

Some of the most impacted business verticals include technology, education, manufacturing, government, transportation, energy, medicolegal, real estate, and telecom.

GhostSec – not to be confused with Ghost Security Group (which is also called GhostSec) – is part of a coalition called The Five Families, which also includes ThreatSec, Stormous, Blackforums, and SiegedSec.

Cybersecurity

It was formed in August 2023 to “establish better unity and connections for everyone in the underground world of the internet, to expand and grow our work and operations.”

Late last year, the cybercrime group ventured into ransomware-as-a-service (RaaS) with GhostLocker, offering it to other actors for $269.99 per month. Soon after, the Stormous ransomware group announced that it will use Python-based ransomware in its attacks.

The latest findings from Talos show that the two groups have banded together to not only strike a wide range of sectors, but also unleash an updated version of GhostLocker in November 2023 as well as start a new RaaS program in 2024 called STMX_GhostLocker.

“The new program is made up of three categories of services for the affiliates: paid, free, and another for the individuals without a program who only want to sell or publish data on their blog (PYV service),” Raghuprasad explained.

STMX_GhostLocker, which comes with its own leak site on the dark web, lists no less than six victims from India, Uzbekistan, Indonesia, Poland, Thailand, and Argentina.

GhostLocker…

Source…