Tag Archive for: Dual

5 Questions about Dual Ransomware Attacks

/in


When the FBI issues a warning about a new cyberattack trend, it’s not just hype. Healthcare IT teams should pay attention and adjust tactics if appropriate. Last year, the federal law enforcement agency warned of bad actors using multiple attacks to target the same victims. Here’s what healthcare organizations need to know.

1. What Is Dual Ransomware?

Dual ransomware is the cybercriminal version of “attack in depth.” Rather than depend on a single ransomware toolkit, criminals are deploying multiple ransomware packages at the same time or within a day or two once they’ve gained a foothold in a network. The FBI also warns that cybercriminals are leaving behind dormant data wipers as yet another way to pressure victims into responding to payment demands.

Click the banner below to learn how to get the most out of your zero-trust initiative.

 

2. Why This Attack Method?

Malicious actors are finding it more difficult to break into enterprise networks. As IT managers and vendors get better at blocking attacks, cybercriminals must leverage a smaller number of successful break-ins to ensure that they can hold an organization for ransom. Breaking in is the hard part; the ransomware piece is now a commodity available from more than a half-dozen dark-web vendors. It’s therefore worth it to criminals to make sure that, once they’re in, they can take control, maintain it and maximize their chances of a high payoff. Combining multiple tools with both data encryption and exfiltration techniques, dual ransomware attacks are twice as hard to defeat.

READ MORE: What is a rapid maturity assessment and why is it useful in zero trust?

3. Why Is This a Big Deal for Healthcare IT?

Healthcare is one of the most vulnerable industries when it comes to ransomware. Either an encryption attack that locks up important patient data or an exfiltration attack that risks exposing patient health information can cause a lot of damage. Having both occur at the same time is a gut punch when a cybercriminal comes calling.

4. What Defense Tactics Should Be Used?

When healthcare IT teams respond to an attack, they must remember that multiple tools are likely being deployed: Once…

Source…

FBI warns of dual ransomware attacks

/in


FBI warns of dual ransomware attacks

Pierluigi Paganini
September 30, 2023

The U.S. Federal Bureau of Investigation (FBI) warns of dual ransomware attacks aimed at the same victims.

The U.S. Federal Bureau of Investigation (FBI) is warning of dual ransomware attacks, a new worrisome trend in the threat landscape that sees threat actors targeting the same victims two times.

“As of July 2023, the FBI noted two trends emerging across the ransomware environment and is releasing this notification for industry awareness. These new trends included multiple ransomware attacks on the same victim in close date proximity and new data destruction tactics in ransomware attacks.” reads the Private Industry Notification published by the FBI.The FBI noted a trend of dual ransomware attacks conducted in close proximity to one another.”

According to the FBI, threat actors deployed two different ransomware variants in the victims’ networks. The government experts observed the threat actors using the following ransomware families: AvosLocker, Diamond, Hive, Karakurt, LockBit, Quantum, and Royal. Dual ransomware attacks resulted in a combination of data encryption, exfiltration, and financial losses from ransom payments.

“Second ransomware attacks against an already compromised system could significantly harm victim entities.” continues the alert.

The experts also warn that multiple ransomware groups increased the use of custom data theft, wiper tools, and malware to put pressure on the victims and convince them to negotiate. In some cases, ransomware group added their own code to known data theft tools to prevent detection. In other cases in 2022, data wipers remained dormant until a set time to avoid detection and used an intermittent execution to corrupt data.

It is important to remark that dual ransomware attacks are not a new phenomenon, in many cases in the past victims’ systems were infected with multiple strains of ransomware.

Symantec’s Threat Hunter Team recently discovered a new ransomware family, which calls itself 3AM, that to date has only been deployed in a single incident in which the threat actors failed to deploy the LockBit ransomware.

The FBI’s PIN…

Source…

FBI Warns of Rising Trend of Dual Ransomware Attacks Targeting U.S. Companies

/in


Sep 30, 2023THNRansomware / Cyber Threat

Ransomware

The U.S. Federal Bureau of Investigation (FBI) is warning of a new trend of dual ransomware attacks targeting the same victims, at least since July 2023.

“During these attacks, cyber threat actors deployed two different ransomware variants against victim companies from the following variants: AvosLocker, Diamond, Hive, Karakurt, LockBit, Quantum, and Royal,” the FBI said in an alert. “Variants were deployed in various combinations.”

Not much is known about the scale of such attacks, although it’s believed that they happen in close proximity to one another, ranging from anywhere between 48 hours to within 10 days.

Cybersecurity

Another notable change observed in ransomware attacks is the increased use of custom data theft, wiper tools, and malware to exert pressure on victims to pay up.

“This use of dual ransomware variants resulted in a combination of data encryption, exfiltration, and financial losses from ransom payments,” the agency said. “Second ransomware attacks against an already compromised system could significantly harm victim entities.”

It’s worth noting that dual ransomware attacks are not an entirely novel phenomenon, with instances observed as early as May 2021.

Last year, Sophos revealed that an unnamed automotive supplier had been hit by a triple ransomware attack comprising Lockbit, Hive, and BlackCat over a span of two weeks between April and May 2022.

UPCOMING WEBINAR

Fight AI with AI — Battling Cyber Threats with Next-Gen AI Tools

Ready to tackle new AI-driven cybersecurity challenges? Join our insightful webinar with Zscaler to address the growing threat of generative AI in cybersecurity.

Supercharge Your Skills

Then, earlier this month, Symantec detailed a 3AM ransomware attack targeting an unnamed victim following an unsuccessful attempt to deliver LockBit in the target network.

The shift in tactics boils down to several contributing factors, including the exploitation of zero-day vulnerabilities and the proliferation of initial access brokers and affiliates in the ransomware landscape, who can resell access to victim systems and deploy various strains in quick succession.

Organizations are advised to strengthen their…

Source…

Vodafone Idea wins dual recognitions from Data Security Council of India

/in



Read Article

Vodafone Idea, India’s leading telecom services provider, has been recognized for having the Best Security Operations Centre in the Country, by the Data Security Council of India (DSCI). In addition, the DSCI has also recognized Mathan Kasilingam, CISO- Vodafone Idea as the Best Security Leader of the year.

These recognitions are a part of the DSCI’s efforts to recognize, honour and reward organizations and individuals who have taken strategic, proactive and innovative security and privacy efforts to help their organization address real risks, build resilience, increase trustworthiness and create a conducive environment for doing business. The dual recognitions conferred upon Vodafone Idea are noteworthy as they have been conferred at a time when organizations across the globe, have been seeing increasing importance of cyber-security.

Secure Infrastructure systems are a critical element in the telecom domain, encompassing structures, techniques, protocols, and measures used to provide integrity, availability, confidentiality and authentication for transmission over the communication network.

The Data Security Council of India is a premier Industry body on cyber security and data protection set up by Nasscom, with a view to make the cyberspace safe, secure and trusted.

If you have an interesting article / experience / case study to share, please get in touch with us at [email protected]

Advertisement

Source…