Tag Archive for: CLIENTS.

Why your cyber clients need to keep an eye on ransomware 

/in


Canada was the third most affected country in the world for successful ransomware-as-a-service (RaaS) and extortion attacks in the first and second quarters of 2003, said a report from cybersecurity company Trend Micro. 

The report, LockBit, BlackCat, and Clop Prevail as Top RaaS Groups: Ransomware in 1H 2023, found Canada only behind the U.S. and U.K. for RaaS and extortion attacks.  

Healthcare, education and technology emerged as the Top 3 industries in ransomware file detection in Canada in 2023 1H. 

“The report revealed that many ransomware threat actors are no longer going after ‘big game’ targets, instead focusing on [small- and medium-sized businesses (SMBs)] they presume to be less well-defended,” said a statement on behalf of Trend Micro.

“In Canada, while ransomware file detection at [large] organizations decreased by 69.13% in the second quarter of the year, data shows a 214.29% increase in file detections for SMBs.” 

Findings from Trend Micro’s report align with previous studies on the topic.

The Canadian Centre for Cyber Security called ransomware “almost certainly the most disruptive form of cybercrime facing Canada” because it is pervasive and can have a serious impact on an organization’s ability to function. In a report last month, the centre concluded organized cybercrime will very likely pose a threat to Canada’s national security and economic prosperity over the next two years. 

 

Pace is increasing

According to Trend Micro, the number of victim organizations around the world surged in the first half of 2023 to reach 2,001. That’s a 45.27% increase compared to the last half of 2022. LockBit, Clop and BlackCat were the three most prominent ransomware groups with the greatest number of successful attacks in 2023 1H. 

Clop threat actors claimed to have compromised 130 organizations, including the City of Toronto, in a massive ransomware attack on Jan. 31, 2023. TechCrunch, an online publication for high-tech and start-up companies, reported the City of Toronto “confirmed that unauthorized access to city data did occur through a third-party vendor. 

“The access is limited to files that were unable to be processed…

Source…

Hackers Targeting Italian Corporate Banking Clients with New Web-Inject Toolkit DrIBAN

/in


May 05, 2023Ravie Lakshmanan

Corporate Banking

Italian corporate banking clients are the target of an ongoing financial fraud campaign that has been leveraging a new web-inject toolkit called drIBAN since at least 2019.

“The main goal of drIBAN fraud operations is to infect Windows workstations inside corporate environments trying to alter legitimate banking transfers performed by the victims by changing the beneficiary and transferring money to an illegitimate bank account,” Cleafy researchers Federico Valentini and Alessandro Strino said.

The bank accounts, per the Italian cybersecurity firm, are either controlled by the threat actors themselves or their affiliates, who are then tasked with laundering the stolen funds.

The use of web injects is a time-tested tactic that makes it possible for malware to inject custom scripts on the client side by means of a man-in-the-browser (MitB) attack and intercept traffic to and from the server.

Cybersecurity

The fraudulent transactions are often realized by means of a technique called Automated Transfer System (ATS) that’s capable of bypassing anti-fraud systems put in place by banks and initiating unauthorized wire transfers from a victim’s own computer.

Over the years, the operators behind drIBAN have gotten more savvy at avoiding detection and developing effective social engineering strategies, in addition to establishing a foothold for long periods in corporate bank networks.

Cleafy said 2021 was the year when the classic “banking trojan” operation evolved into an advanced persistent threat. Furthermore, there are indications that the activity cluster overlaps with a 2018 campaign mounted by an actor tracked by Proofpoint as TA554 targeting users in Canada, Italy, and the U.K.

Corporate Banking

The attack chain begins with a certified email (or PEC email) in an attempt to lull victims into a false sense of security. These phishing emails come bearing an executable file that acts as a downloader for a malware called sLoad (aka Starslord loader).

A PowerShell loader, sLoad is a reconnaissance tool that collects and exfiltrates information from the compromised host, with the purpose of assessing the target and dropping a more significant payload like Ramnit if the target is…

Source…

What GoDaddy’s Years-Long Breach Means for Millions of Clients

/in


For years, the domain registrar and Web hosting company GoDaddy has experienced a cyber barrage of extraordinary scale, it has confirmed — affecting both the company and its many individual and enterprise clients.

As described in its 10K filing for 2022, released Feb. 16, the company has been breached once every year since 2020 by the same set of cyberattackers, with the latest occurring just last December. It’s worth also mentioning that the company has been the subject of earlier cyber incursions as well. The consequences to GoDaddy are one thing, but, more notably, the breaches have led to data compromises for more than 1 million of the company’s users.

That may well be the key to why the bad guys keep coming back. Because of the nature of its business, GoDaddy is a connecting link to millions of businesses around the world. As Brad Hong, customer success lead at Horizon3ai puts it: “This is the equivalent of your landlord’s office being left unlocked, giving a bad actor access to the keys to your house.”

GoDaddy’s Three-Headed Breach

While the world was coming to grips with COVID-19, thousands of GoDaddy customers had a second problem on their hands. In March 2020, the company discovered that an attacker had compromised the login details for a small number of their employees, as well as 28,000 of their hosting customers.

It was a harbinger of worse things to come.

In November 2021, a threat actor got their hands on a password that allowed them access to Managed WordPress, GoDaddy’s hosting platform for building and managing WordPress sites. This case touched 1.2 million Managed WordPress customers.

There was yet more. In a statement published alongside its 10K, GoDaddy shared details of yet a third compromise.

“In early December 2022, we started receiving a small number of customer complaints about their websites being intermittently redirected,” the company said. It turned out that an attacker had breached and planted malware on the company’s hosting servers for cPanel, a control panel program for Web hosts. This malware intermittently redirected users from the websites they intended to visit, to malicious sites.

In their statement, the company claimed to “have evidence, and law…

Source…

Personal data of luxury organic farm shop’s A-list clients leaked after Russian ransomware attack

/in


Personal data of celebrities including Jeremy Clarkson, the Duchess of York, and Sir David Attenborough is leaked on the dark web after Russian ransomware attack on luxury organic farm shop

  • Russian criminals have hacked into database of luxury food firm Daylesford
  • Leak came after society firm refused hackers’ demand for big ransom payment 
  • Experts warn the hack is ‘a wake-up call’ as concern about cyber attacks grows
  • Duchess of York, Jeremy Clarkson and Sir David Attenborough’s details leaked 

By Kevin O’sullivan And Michael Powell For The Mail On Sunday

Published: | Updated:

The personal details of the Duchess of York, Jeremy Clarkson and Sir David Attenborough have been leaked by Russian criminals who hacked into the database of luxury food firm Daylesford, The Mail on Sunday can reveal.

The King’s cousin Lady Sarah Chatto, Tim Henman and snooker star Ronnie O’Sullivan are among the other celebrity clients whose details have been posted on the so-called dark web – a hidden part of the internet used by criminals.

Experts warned the hack was ‘a wake-up call’ amid growing concern about Kremlin cyber attacks on Britain.

The personal details of the Duchess of York, Jeremy Clarkson and Sir David Attenborough have been leaked by Russian criminals who hacked into the database of luxury food firm Daylesford

The personal details of the Duchess of York, Jeremy Clarkson and Sir David Attenborough have been leaked by Russian criminals who hacked into the database of luxury food firm Daylesford

Daylesford Organic is owned by Lady Carole Bamford (left), wife of Tory billionaire donor and JCB construction owner Lord Bamford (right), and is named after the Cotswolds village where they live

Daylesford Organic is owned by Lady Carole Bamford (left), wife of Tory billionaire donor and JCB construction owner Lord Bamford (right), and is named after the Cotswolds village where they live

Former Top Gear presenter Jeremy Clarkson is among those whose details have been leaked by Russian hackers

BBC presenter Sir David Attenborough is among those whose details have been leaked by Russian hackers

Jeremy Clarkson and Sir David Attenborough are among those whose details have been leaked by Russian hackers

The leak came after the society firm refused the hackers’ demand for a hefty ransom payment in the cryptocurrency Bitcoin.

After the failed blackmail attempt, the gang – known as ‘Snatch Team’ – posted personal details and courier delivery notes showing the home addresses of clients.

Daylesford Organic is owned by Lady Carole Bamford, wife of Tory billionaire donor and JCB construction owner Lord Bamford, and named after the…

Source…