Tag: criminals | Page 3

Tag Archive for: criminals

Criminals attack manufacturers with ransomware | The Guardian Nigeria News

July 5, 2023/in Internet Security

Cybersecurity firm, Sophos, has revealed in its new sectoral survey report, ‘The State of Ransomware in Manufacturing and Production 2023’, that in more than two-thirds (68 per cent) of ransomware attacks against this sector, the adversaries successfully encrypted data.

Sophos described this as the highest reported encryption rate for the sector over the past three years and is in line with a broader cross-sector trend of attackers more frequently succeeding in encrypting data.

The report however, said in contrast to other sectors, the percentage of manufacturing organisations that used backups to recover data has increased, with 73 per cent of the manufacturing firms surveyed using backups this year versus 58 per cent in the previous year. It said despite this increase, the sector still has one of the lowest data recovery rates.

Field Chief Technical Officer, Sophos, John Shier, said: “Using backups as a primary recovery mechanism is encouraging since the use of backups promotes faster recovery. While ransom payments cannot always be avoided, we know from our survey response data that paying a ransom doubles the costs of recovery.

“With 77 per cent of manufacturing organizations reporting lost revenue after a ransomware attack, this added cost burden should be avoided, and priority placed on earlier detection and response.”

In addition, the report found that despite the growing use of backups, manufacturing and production reported longer recovery times this year. In 2022, 67 per cent of manufacturing organizations recovered within a week, while 33 per cent recovered in more than a week. This past year, only 55 per cent of manufacturing organisations surveyed recovered within a week.

“Longer recovery times in manufacturing are a concerning development. As we’ve seen in Sophos’ Active Adversary reports, based on incident response cases, the manufacturing sector is consistently at the top of organizations needing assistance recovering from attacks.

This extended recovery is negatively impacting IT teams, where 69 per cent report that addressing security incidents is consuming too much time and 66 per cent are unable to work on other projects,” the report…

Source…

Criminals publish ads for hacking services on US government websites

June 11, 2023/in Computer Security

Cybersecurity researchers from Citizen Lab recently spotted PDF files advertising hacking services, on websites belonging to numerous U.S. government agencies and educational institutions.

As reported by TechCrunch late last week, the PDFs were found on .gov websites belonging to California, North Carolina, New Hampshire, and at least three more states, as well as at least five counties and administrative centers.

Universities such as UC Berkeley, Stanford, Yale, UC San Diego, and countless others, are also said to have had their websites compromised. Spain’s Red Cross, defense contractor Rockwell Collins, as well as an unnamed Irish tourism company, were also affected.

SEO poisoning

In the PDFs, the threat actors advertise various services, including the ability to hack into social media accounts such as Instagram, Facebook, or Snapchat. They also advertise computer game cheats and fake follower generation. Interested parties are invited to open websites listed in the PDFs.

Discussing his findings, researcher John Scott-Railton suggested that these are not the result of a hack, but rather of a threat actor abusing misconfigured servers and content management systems (CMS): “SEO PDF uploads are like opportunistic infections that flourish when your immune system is suppressed. They show up when you have misconfigured services, unpatched CMS bugs, and other security problems,” said Scott-Railton.

> US government wants to learn more from recent major hacks

> Government bodies are at risk online

> US government legal firm Casepoint investigating data breach

TechCrunch visited some of the websites listed in the PDFs and claim that the hacks are most likely fake, and that the entire scheme is just to get people to visit the websites. These sites, the publication claims, come with a fake CAPTCHA which only buys time for the website to generate money in the background.

While the damage of this campaign seems to be almost non-existent, it begs the question of how it was possible for so many government and educational institutions to become compromised; the aftermath could have been much, much worse.

At press time, it is claimed that most of the PDF files have been…

Source…

https://spinsafe.com/wp-content/uploads/2023/06/4d32dd718c1f518f710b12e3eec169e7.jpeg 675 1200 SecureTech https://spinsafe.com/wp-content/uploads/2024/01/SS-Logo.svg SecureTech2023-06-11 18:31:132023-06-11 18:31:13Criminals publish ads for hacking services on US government websites

When you buy a criminal’s phone, and paying for social media scams • Graham Cluley

May 18, 2023/in Computer Security

Personal information is going for a song, and the banks want social media sites to pay when their users get scammed.

All this and much more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault.

Hosts:

Graham Cluley – @gcluley
Carole Theriault – @caroletheriault

Episode links:

Sponsored by:

Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.

Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Zero Trust for Okta. Watch a demo today!

Outpost24 – Understand your shadow IT risk with a free attack surface analysis.

Support the show:

You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

Follow us:

Follow the show on Twitter at @SmashinSecurity, or on Mastodon, on the Smashing Security subreddit, or visit our website for more episodes.

Thanks:

Theme tune: “Vinyl Memories” by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.

Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.

Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon’s Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy.
Follow him on Twitter at @gcluley, on Mastodon at @[email protected], or drop him an email.

Source…

https://spinsafe.com/wp-content/uploads/2023/05/When-you-buy-a-criminals-phone-and-paying-for-social.webp.webp 380 730 SecureTech https://spinsafe.com/wp-content/uploads/2024/01/SS-Logo.svg SecureTech2023-05-18 06:30:052023-05-18 06:30:05When you buy a criminal’s phone, and paying for social media scams • Graham Cluley

Criminals Are Using Tiny Devices to Hack and Steal Cars

April 22, 2023/in Internet Security

Employees of the US Immigration and Customs Enforcement agency (ICE) abused law enforcement databases to snoop on their romantic partners, neighbors, and business associates, WIRED exclusively revealed this week. New data obtained through record requests show that hundreds of ICE staffers and contractors have faced investigations since 2016 for attempting to access medical, biometric, and location data without permission. The revelations raise further questions about the protections ICE places on people’s sensitive information.

Security researchers at ESET found old enterprise routers are filled with company secrets. After purchasing and analyzing old routers, the firm found many contained login details for company VPNs, hashed root administrator passwords, and details of who the previous owners were. The information would make it easy to impersonate the business that owned the router originally. Sticking with account security: The race to replace all your passwords with passkeys is entering a messy new phase. Adoption of the new technology faces challenges getting off the ground.

The supply chain breach of 3CX, a VoIP provider that was compromised by North Korean hackers, is coming into focus, and the attack appears to be more complex than initially believed. Google-owned security firm Mandiant said 3CX was initially compromised by a supply chain attack before its software was used to further spread malware.

View more

Also this week, it emerged that the notorious LockBit ransomware gang is developing malware that aims to encrypt Macs. To date, most ransomware has focused on machines running Windows or Linux, not devices made by Apple. If LockBit is successful, it could open up a new ransomware frontier—however, at the moment, the ransomware doesn’t appear to work.

With the rise of generative AI models, like ChatGPT and Midjourney, we’ve also looked at how you can guard against AI-powered scams. And a hacker who compromised the Twitter account of right-wing commentator Matt Walsh said they did so because they were “bored.”

But that’s not all. Each week, we round up the stories we didn’t report in-depth ourselves. Click on the headlines to read the full…

Source…

https://spinsafe.com/wp-content/uploads/2023/04/Security-Roundup-Hacked-Cars-GettyImages-972301580.jpg 1383 2074 SecureTech https://spinsafe.com/wp-content/uploads/2024/01/SS-Logo.svg SecureTech2023-04-22 10:30:052023-04-22 10:30:05Criminals Are Using Tiny Devices to Hack and Steal Cars