Tag Archive for: faced

91% Indian firms faced ransomware attacks in 2022: Report

/in


New Delhi: Information security company, CyberArk, on Sunday said that more than 91 percent of the Indian organisations experienced ransomware attacks in 2022 while 55 percent of the affected organisations reported paying up twice or more to allow recovery, signalling that they were likely victims of double extortion campaigns.

CyberArk, in its report said that Indian organisations experienced growing cyber debt in 2022 where security spending over the pandemic period lagged investment in broader digital business initiatives.

In 2023, levels of cyber debt are expected to rise as a result of an economic downturn, increased staff turnover, a drop in consumer spending, and an uncertain global environment.

“New environments create new identities and, consequently, compromising identities will remain the most preferred method for attackers to evade cyber defences and gain access to critical data and assets,” said Rohan Vaidya, regional director, India & SAARC, CyberArk.

Moreover, the report showed that all (100 percent) organisations in India expect identity-related compromise this year, stemming from economic-driven cutbacks, geopolitical factors, cloud adoption and hybrid working.

About 84 percent said that this will happen as part of a digital transformation initiative such as cloud adoption or legacy app migration.

Nearly 61 percent of security professionals expect AI-enabled threats to affect their organisation in 2023, with AI-powered malware cited as the top concern.

Further, the report said that about 92 percent of organisations feel code/malware injection into their software supply chain is one of the biggest security threats their organisations face.

“Business transformation, driven by digital and cloud initiatives, continues to result in a surge in new enterprise identities. While attackers are constantly innovating, compromising identities remains the most effective way to circumvent cyber defences and access sensitive data and assets,” said Matt Cohen, chief executive officer, CyberArk.

Credential access remains the number one risk for respondents (cited by 45 percent), followed by defence evasion (34 percent),…

Source…

Banking Users Faced With Rewards Phishing Scam

/in


Earlier today reports of an SMS-based phishing campaign were announced, targeting customers of Indian banks with information-stealing malware that masquerades as a rewards application.


According to the Microsoft 365 Defender Research Team, the messages contain links that redirect users to a sketchy website that triggers the download of the fake banking rewards app for ICICI Bank.

“The malware’s RAT capabilities allow the attacker to intercept important device notifications such as incoming messages, an apparent effort to catch two-factor authentication (2FA) messages often used by banking and financial institutions,” researchers Shivang Desai, Abhishek Pustakala, and Harshita Tripathi said.

In addition to this, the malware is equipped with the ability to steal SMSes, potentially enabling the attacker to swipe 2FA codes sent as text messages and gain unauthorized access to victim accounts.

Similarly to other social engineering attacks, familiar brand logos and names are used in the smishing message as well as the rogue app in a bid to give an illusion of legitimacy and trick the users into installing the apps.

The attacks are recognised as a continuation of an ongoing campaign that has distributed similar rewards-themed apps for other Indian banks such as the State Bank of India (SBI) and Axis Bank in the past.

Once the fraudulent app has been installed, it not only asks for extensive permissions, but also requests users to enter their credit/debit card information as part of a supposed sign-in process, while the trojan waits for further instructions from the attacker.

The app commands allow the malware to harvest system metadata, call logs, intercept phone calls, as well as steal credentials for email accounts such as Gmail, Outlook, and Yahoo.

“This malware’s continuing evolution highlights the need to protect mobile devices,” the researchers said. “Its wider SMS stealing capabilities might allow attackers to the stolen data to further steal from a user’s other banking apps.”

Source…

Singapore faced more cybercrime, ransomware threats in 2021

/in


CNA – Firms and individuals in Singapore faced an increased number of cybercrime, phishing and ransomware threats last year, according to a report released by the Cyber Security Agency of Singapore (CSA) yesterday.

There were 137 ransomware cases in 2021, a 54 per cent jump from the 89 reported in 2020.

In a ransomware attack, hackers – or threat actors – use malicious software to encrypt files on a device, then demand ransom to undo their work.

The cases affected mostly small-and-medium enterprises (SMEs) from sectors such as manufacturing and IT, said CSA in its annual Singapore Cyber Landscape publication.

“The around-the-clock nature of these sectors’ operations did not provide for much time to patch their systems, thus potentially allowing ransomware groups to exploit vulnerabilities,” the agency added.

Ransomware groups targetting SMEs used a model known as “Ransomware-as-a-Service”, which makes sophisticated ransomware strains accessible to less technically adept cybercriminals.

This made it easier for amateur hackers to use existing infrastructure to distribute ransomware payloads, said CSA.

A man uses a laptop. PHOTO: CNA

Phishing cases also rose by 17 per cent last year, with about 55,000 unique Singapore-hosted phishing URLs – with a “.sg” domain – observed.

In 2020, there were 47,000 such URLs identified.

Phishing refers to the practice of inducing people to reveal their personal information such as account passwords and credit card numbers.

Social networking firms made up more than half of the spoofed targets of phishing cases, said CSA.

“This was possibly driven by malicious actors’ exploitation of public interest in WhatsApp’s updated privacy policy announcement on users’ phone numbers being shared with Facebook,” the agency added.

Scammers also exploited the COVID-19 pandemic amid the Omicron variant outbreak in late 2021 to spoof government websites, said CSA.

The Singapore Police Force also reported cybercrime as a key concern, with 22,219 cases recorded last year – up 38 per cent from 16,117 cases in 2020.

Online scams made up the top cybercrime category in Singapore, accounting for 81 per cent of the cases. Of the rest, 17…

Source…

Accenture reportedly faced $50M ransomware demand

/in


The consulting firm Accenture is reported to have faced $50 million in ransom following an attack this past month, according to cyber risk intelligence companies.

Researchers from the cyber intelligence firm Cyble said on Twitter that the threat actors claimed to have accessed more than six terabytes of data.

“Through our security controls and protocols, we identified irregular activity in one of our environments,” said Accenture in a statement to Healthcare IT News.   

“We immediately contained the matter and isolated the affected servers. We fully restored our affected systems from backup. There was no impact on Accenture’s operations, or on our clients’ systems.”

Confusion has swirled around the Accenture security incident over the past week, with the company largely remaining mum about the details.

But a few pieces of information have begun to trickle to the surface.   

For instance, CyberScoop’s Tim Starks reported on Thursday that the attackers, LockBit 2.0, had begun to leak some of their stolen data. Hudson Rock, a cybercrime intelligence data firm, said that 2,500 employee and partner computers had been compromised.  

Starks also quoted from an Accenture internal memo that said the company had noticed the security incident on July 30.  

“While the perpetrators were able to acquire certain documents that reference a small number of clients and certain work materials we had prepared for clients, none of the information is of a highly sensitive nature,” the memo reportedly read.  

Accenture isn’t alone; Cyble tweeted on Monday of this week that five other organizations had been targeted by LockBit in the past 24 hours.  

“LockBit attacks are known for their ability to encrypt Windows domains by using Active Directory group policies,” explained Eleanor Barlow, content manager at SecurityHQ, in a statement to Healthcare IT News

“Once a domain is infected, new group policies are generated by the malware and sent to devices linked to the network. Here, the policies disable the antivirus security and implement the malware.”

Lockbit’s slow release of data suggests that Accenture didn’t pay the $50 million price tag – consistent with federal agencies’ official stance…

Source…