Ransomware attacks against industrial organizations increased by 87% in 2022 from the year before, with most malicious software targeting the manufacturing sector, according to findings published Tuesday.
Hackers last year targeted mining industries in Australia and New Zealand, and continued their focus on renewable energy companies in the US and the European Union, the cybersecurity firm Dragos Inc. said in a report. Attackers also increased or accelerated their attacks on energy, food, water, electrical and natural gas sectors, the company determined.
https://spinsafe.com/wp-content/uploads/2023/02/1200x800.jpg8001200SecureTechhttps://spinsafe.com/wp-content/uploads/2024/01/SS-Logo.svgSecureTech2023-02-14 05:30:062023-02-14 05:30:06Ransomware Attacks on Industrial Firms Increased by 87% in 2022
A financially-motivated hacking group tied to North Korea has been impersonating venture capital firms in Japan, the United States and other countries in an effort to spearphish startup employees and related businesses, according to new research.
In a report released Tuesday, security researchers at Kaspersky said the group – tracked as “BlueNoroff” by Kaspersky and “HiddenCobra” by others – registered at least 70 web domains over the last year mimicking the websites of real venture capital firms in Japan and other financial institutions. The sites function as phishing lures to deliver malware and Kaspersky believes that start up employees are among the targeted victims, as several decoy documents were crafted to look like job offers.
“The actor usually used fake domains such as cloud hosting services for hosting malicious documents or payloads. They also created fake domains disguised as legitimate companies in the financial industry and investment companies,” wrote Seongsu Park, lead security researcher at Kaspersky.
The group appears primarily interested in Japanese businesses, targeting local venture capital firms like Beyond Next Ventures, Z Venture Capital and ABF Capital. They also impersonated a Taiwanese venture capital fund as well as financial institutions like Bank of America, the Sumitomo Mitsui Banking Corporation and the Mitsubishi UFJ Financial Group.
A partial list of spoofed websites registered by BlueNoroff. (Image credit: Kaspersky)
Kaspersky places BlueNoroff as part of Lazarus Group – an umbrella term security researchers use to describe a loose network of financial and espionage-focused hacking teams who generally work on behalf of the North Korean government. The group has more lately been focused on hacking crypocurrency startups with similar impersonation tactics but is also perhaps best-known for making off with more than $80 in 2016 after breaking into SWIFT transfer payments used by the Bank of Bangladesh.
Kaspersky also identified a number of new malware delivery techniques employed by the group. In September, telemetry collected by the cybersecurity firm turned up evidence that the group was experimenting with a variety of new file types…
https://spinsafe.com/wp-content/uploads/2022/12/North-Korea.jpg12992308SecureTechhttps://spinsafe.com/wp-content/uploads/2024/01/SS-Logo.svgSecureTech2022-12-27 17:00:062022-12-27 17:00:06North Korean hacking outfit impersonating venture capital firms
New Delhi–About 70 per cent of organisations in India have been hit by a ransomware attack in the last three years while a whopping 81 per cent of organisations feel that they could be the target of ransomware attacks, a new report showed on Wednesday.
Nearly 66 per cent of organisations have seen their supply chain subsidiaries become victims of ransomware attacks in India.
Cybersecurity leader Trend Micro revealed in its report that organisations are increasingly at risk of ransomware compromise via their extensive supply chains.
In India, 66 per cent of organisations have a cyber insurance policy while 98 per cent regularly update security patches to externally exposed servers and VPN equipment.
Nearly 32 per cent of respondents feel motivated about tackling ransomware over the next 12 months in India, said the report.
Ransomware is now present in 25 per cent of data breaches, a 13 per cent year-on-year increase globally.
A vast majority of IT and business leaders globally (87 per cent) now view cyber compromise as a bigger threat than an economic downturn, with a fifth admitting that a serious attack in the past nearly sent their business into bankruptcy.
A year ago, a sophisticated attack on a provider of IT management software led to the compromise of scores of MSPs and thousands of downstream customers.
Yet, only 47 per cent of organisations globally share knowledge about ransomware attacks with their suppliers. Additionally, 25 per cent said they don’t share potentially useful threat information with partners.
“We found that 52 per cent of global organisations have had a supply chain organisation hit by ransomware, potentially putting their own systems at risk of compromise”, said Sharda Tickoo, Technical Director at Trend Micro, India and SAARC.
The supply chain can also be exploited by attackers to gain leverage over their targets. Among organisations that had experienced a ransomware attack in the past three years, 67 per cent said their attackers contacted customers and/or partners about the breach to force payment. (IANS)
https://spinsafe.com/wp-content/uploads/2022/09/70-of-Indian-firms-hit-by-a-ransomware-attack-in.jpg274400SecureTechhttps://spinsafe.com/wp-content/uploads/2024/01/SS-Logo.svgSecureTech2022-09-08 00:00:202022-09-08 00:00:2070% of Indian firms hit by a ransomware attack in last 3 years: Report
LONDON, July 27 (Reuters) – Security researchers at Microsoft (MSFT.O) have said an Austrian firm was behind a string of digital intrusions at banks, law firms and strategic consultancies in at least three countries.
The firm, DSIRF, developed spyware – malicious software designed to spy on or steal information from a target’s device – called “Subzero” which uses so-called Zero-day exploits to access confidential information such as passwords, or logon credentials, Microsoft said in a blog post on Wednesday.
“Observed victims to date include law firms, banks, and strategic consultancies in countries such as Austria, the United Kingdom, and Panama,” the post said, without identifying the victims.
Register now for FREE unlimited access to Reuters.com
Register
Vienna-based DSIRF, or DSR Decision Supporting Information Research Forensic GmbH, did not respond to email and telephone requests for comment.
Zero-day exploits are serious software flaws of great value to both hackers and spies because they work even when software is up to date.
The term comes from the amount of warning users get to patch their machines protectively; a two-day flaw is less dangerous because it emerges two days after a patch is available.
Some cybersecurity firms develop such tools to deploy alongside routine “pentesting”, or penetration testing, to test a company’s digital defences against malicious attacks.
“Microsoft’s interaction with a victim confirmed they had not consented to red teaming and malware deployment, and confirmed it was unauthorised activity,” Microsoft Security Unit general manager Cristin Goodwin, who authored the report, told Reuters.
According to a copy of an internal presentation published last year by German news website Netzpolitik, DSIRF advertises Subzero as a “next generation cyber warfare” tool which can take full control of a target’s PC, steal passwords, and reveal its location.
Another one of the slides in that presentation showed several uses for the spyware, including anti-terrorism and the targeting of human trafficking and child pornography rings.
Microsoft’s findings come as the United States and Europe mull tighter rules around vendors of spyware, a fast-growing and under-regulated…
