Tag Archive for: attempts

Ransomware Revenue Drops Amidst Less Successful Extortion Attempts: Chainalysis

/in


2022 has been a turbulent year. One good thing to come out of it is that – ransomware earnings are significantly down.

Attacks on the crypto industry remain rampant. However, data suggests that victims are increasingly refusing to pay ransomware attackers. Blockchain analytics company Chainalysis, in a new report, shed light on the changing dynamics in the ransomware industry.

Zooming in on Ransomware Attacks 2022

It found that over 10,000 unique strains were active in the first half of the year alone – a trend that was also confirmed by on-chain data. In comparison, around 5,400 unique strains were recorded to be active over the same period of 2021. The number of active strains has increased substantially in recent years, a major portion, however, goes to a small group of strains at any given time.

Lifespans of ransomware have slid in 2022. In fact, the average ransomware strain was found to be active for just 70 days, down from 153 in 2021 and 265 in 2020. Most attackers funnel the extorted funds to mainstream centralized cryptocurrency exchanges. This number surged from 39.3% in 2021 to 48.3% in 2022.

On the other hand, ill-gotten funds being moved to high-risk exchanges fell from 10.9% to 6.7%. A similar declining trend was seen in the usage of illicit services such as darknet markets for ransomware money laundering. However, the usage of coin mixers for the same purpose has increased from 11.6% to 15.0%.

Less Frequent Ransom Payments

Chainalysis stated that the estimate for 2022’s total ransomware revenue fell by 40.3% to at least $456.8 million in 2022 from $765.6 million in 2021. The drop is substantial and demonstrated increasing unwillingness among the victims to pay ransomware attackers and not a decline in the actual number of exploits.

While asserting that ransomware continues to be a major cyber threat to businesses and enterprises, Michael Phillips, Chief Claims Officer of cyber insurance firm Resilience, noted:

“There have, however, been signs that meaningful disruptions against ransomware actor groups are driving lower than expected successful extortion attempts.”

Especially over the past four years, the probability of victims paying a…

Source…

After AIIMS, Around 6000 Attempts Made To Hack ICMR Website, Data Secured

/in



Days after AIIMS and Safdarjung Hospital, hackers tried to attack ICMR website over 6000 times but were not successful.

cyber attack, hackers, malware, ransomware, hacking attempts made on ICMR website, aiims server down, safdarjung cyber attack, health data insecure, health data protected, patients data stolen, cyber attack on health websites, icmr website hacked
After AIIMS and Safdarjung, ICMR website faces hacking attempts around 6000 times.

New Delhi: Days after a ransomware attack on the servers of AIIMS Delhi, attackers tried to hack the website of the Indian Council of Medical Research (ICMR), not just once or twice but around 6000 times. As per a report by NDTV, these hacking attempts in thousands were made on November 30.

Also Read:

The IP address, a unique address that identifies a device on the internet, was traced to a blacklisted IP based in Hong Kong. The ICMR website couldn’t be hacked due to the updated firewall and enhanced security measures by the top medical body, NDTV report said.

FIRST AIIMS, THEN SAFDARJUNG AND NOW ICMR

Delhi’s premier All India Institute of Medical Sciences was subject to a ransomware attack last month, affecting all almost sections of the hospital. The AIIMS Delhi servers were down for over 10 days, suggesting the severity of the attack which affected many services in the hospital.

On December 4, the Safdarjung Hospital in Delhi, which is opposite AIIMS, faced a cyber attack as well, but the damage was not as severe compared with the attack on AIIMS. Medical Superintendent Safdarjung Hospital Dr BL Sherwal  told NDTV, “There was a cyberattack. Our server was also down in November for a single day, but data was secured. It was handled by IT, National informatics Centre (NIC) which revived the systems.”

Sherwal further said that the cyber attack wasn’t…

Source…

Continuous attack attempts discovered on Atlassian Confluence zero day

/in


Following a coordinated disclosure of a zero-day vulnerability by Volexity in Atlassian Confluence, now known as CVE-2022-26134, attackers went wild to exploit it, according to Barracuda. 

Since the original disclosure and subsequent publication of various proofs of concept, researchers at Barracuda have analysed data from their installations worldwide and discovered large numbers of attempts to exploit this vulnerability. 

The exploit attempts range from benign reconnaissance to some relatively complex attempts to infect systems with DDoS botnet malware and cryptominers.

Atlassian Confluence is a tool that provides collaborative documentation. According to Barracuda, on June 2, information about CVE-2022-26134 was publicly released. Over the next weekend, various threat actors used the vulnerability and in no-time malicious actors became aware of it. The vulnerability allows unauthenticated, remote attackers to create new administrative accounts, execute privileged commands, and seize control of the servers.

Initially, Barracuda researchers were seeing a steady flow of attacks attempting to exploit this vulnerability, with several significant spikes. With the continuous monitoring on these attacks, and on the pattern, the researchers found that the overall volume dropped slightly in August. Attackers clearly have not given up on trying to exploit this vulnerability.

Exploitation attempts primarily originated from IP addresses in Russia, followed by the U.S., India, Netherlands, and Germany. Previous research showed that some of the payloads being delivered and the sources of the attacks.

“There is a steady flow of attacks over time and we foresee a significant amount of scanning and such attempts to continue for the time being,” says Tushar Richabadas, Senior Product Marketing Manager, Applications and Cloud Security, Barracuda.

“It is important to take steps to protect your systems. Now is the ideal time to opt for patching, especially if the system is internet-facing. Placing a web application firewall in front of such systems will provide an in-depth defense against zero-day attacks and other vulnerabilities.”

Earlier this year, Barracuda research identified…

Source…

US attempts to break into China’s 360 internet security firm but fails: company founder

/in


Photo: headquarter of NSA in Maryland

Photo: headquarter of NSA in Maryland

CIA Used Criminal Probe of US Airline for 'Torture Flights' - Commission Photo:AP/CAROLYN KASTER

CIA Used Criminal Probe of US Airline for ‘Torture Flights’ – Commission Photo:AP/CAROLYN KASTER

Just because US intelligence agencies’ decade-long cyberattacks against China were exposed to the public, the US had attempted to break into Chinese internet security companies but it failed to penetrate the defenses of Beijing-based security company 360, Zhou Hongyi, founder of the company, revealed.

Zhou made the remark in a recent talk with founder and chairman of New Oriental Education and Technology Group Yu Minhong in a livestreaming program. 

“The biggest achievement [for 360] in these past two years was the discovery of two prominent intelligence agencies of a superpower — CIA [the Central Intelligence Agency]  and NSA [the National Security Agency] — having carried out infiltration attacks on China for 8-10 years,” Zhou said in the program. “Presumably in retaliation, the country chose to hack all the Chinese cybersecurity companies, and 360 was the only targeted company where the hacking failed.”

In a separate interview with the Global Times on Tuesday, Zhou said cyberattacks from the US against China’s key departments have been secretly ongoing for nearly 10 years until they were discoveredand revealed to the public. 

Cyberattacks occur all the time and cause havoc everywhere they reach, such as water and power in cities being cut off and businesses being extorted, as well as economic losses incurred. What 360 does is to expose these attacks and destroy them one by one, Zhou said. 

He claimed that about 99 percent of national-level attacks against China were discovered by 360. So far, about 50 national-level advanced persistent threat (APT) attacks were detected.

The cyberattacks from the CIA and NSA on China detected by 360 were exclusively released on the Global Times in March 2020 and March 2022.

The firm told the Global Times that using cyberspace weapons, a hacking organization affiliated with the CIA has been attacking Chinese organs for over a decade, including organs involving aerospace sector, scientific research institutions, internet companies, oil industry and government agencies.

For a long time, in order to achieve the…

Source…