Tag Archive for: global

Record-breaking year for global ransomware incidents- new report

/in




Record-breaking year for global ransomware incidents- new report | Insurance Business Canada















Activity greatly surpassed the total seen in the prior year

Record-breaking year for global ransomware incidents- new report


Cyber

By
Abigail Adriatico

Ransomware activity for 2023 had surpassed the total number recorded in 2022 by 68%, according to a report by Corvus Insurance (Corvus), a cyber underwriter.

Corvus’ Q4 2023 Ransomware Report found that ransomware attacks occurred at a record-setting pace during 2023. It revealed that for the first three quarters of the year, ransomware attacks had been increasing, only slightly declining by the last quarter.

Source…

Inside the Cyber Av3ngers Global PLC Hack

/in


There is perhaps no organization that better embodies the true spirit of a villain like the hacktivist group. Ripped from the pages of a graphic novel, these organizations are as altruistic in the motives as they are ruthless in getting results. Fueled by an unwavering belief in a cause that they know is right, these groups are bold, intelligent and dangerous. 

One such case is a group that goes by the name of the Cyber Av3ngers. The Iran-affiliated group has been vehement in their anti-Israel stance, using social media to propagate a narrative that the social and economic issues of the region are the result of corrupt and over-zealous military action by Israel. 

The group first registered on the cybersecurity radar in September of last year, taking credit for attacks against Israeli infrastructure and tech companies that were widely disputed. However, in November a municipal water authority in Pennsylvania revealed that they had been the victim of a Cyber Av3ngers attack that compromised OT assets by accessing the organization’s programmable logic controllers. 

The attack was made possible by exploiting poor password protocols and unsecure internet connections. According to several reports, including the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Cyber Av3ngers utilized basic techniques to scan the internet, identify the devices made by Israel-based Unitronics, and then log in using default credentials that were never changed during implementation.

For those unfamiliar with PLCs, these devices are used help control and monitor various production processes, and can include regulating the functionality of instrumentation and automation equipment. By obtaining access to the PLC, a hacker has a way into the industrial control system and, depending on the level of segmented cyber defense, potentially unlimited control of the production facility or enterprise. It’s a gateway into critical OT systems. 

In this instance, the group could have turned pumps on or off to control water supply, or infiltrated key operational systems that impact water treatment. Fortunately, the utility in question was able to identify the attack quickly…

Source…

Researchers Uncover Major Surge in Global Botnet Activity

/in


Security researchers have discovered a significant increase in global botnet activity between December 2023 and the first week of January 2024, with spikes observed exceeding one million devices.

Writing in an advisory published on Friday, Netscout ASERT explained that, on a typical day, approximately 10,000 such devices engaged in malicious reconnaissance scanning last year, with a high watermark of 20,000 devices. 

However, on December 8 2023, this number surged to 35,144 devices, signaling a notable departure from the norm.

According to the technical write-up, the situation escalated on December 20, with another spike reaching 43,194 distinct devices. Subsequent spikes, occurring in shorter intervals, culminated in a record-breaking surge on December 29, involving a staggering 143,957 devices, nearly ten times the usual levels. 

Disturbingly, this heightened activity persisted, with high watermarks fluctuating between 50,000 and 100,000 devices.

As the new year unfolded, the scale of the threat became even more pronounced, with January 5 and 6 witnessing spikes exceeding one million distinct devices each day – 1,294,416 and 1,134,999, respectively. A subsequent spike of 192,916 on January 8 affirmed the sustained intensity of this cyber onslaught.

Read more on botnets: Zyxel Vulnerability Exploited by DDoS Botnets on Linux Systems

Further analysis revealed that this surge emanated from five key countries: the United States, China, Vietnam, Taiwan and Russia. 

“Analysis of the activity has uncovered a rise in the use of cheap or free cloud and hosting servers that attackers are using to create botnet launch pads,” Netscout wrote. “These servers are used via trials, free accounts or low-cost accounts, which provide anonymity and minimal overhead to maintain.”

Adversaries utilizing these new botnets focused on scanning global internet ports, particularly ports 80, 443, 3389, 5060, 6881, 8000, 8080, 8081, 808 and 8888. Additionally, signs of potential email server exploits surfaced through increased scanning of ports 636, 993 and 6002.

“These consistently elevated levels indicate a new weaponization of the cloud against the global internet,” reads the…

Source…

Ransomware attack targets global Lutheran group | Yle News

/in


Finland’s Evangelical Lutheran Church is a major member of the hacked global Christian organisation.

Close-up of ornate green and white cathedral cupola.

In Finland, the Evangelical Lutheran Church and the Orthodox Church have legal status as state-supported national churches. Image: Henrietta Hassinen / Yle

The Lutheran World Federation (LWF) has fallen victim to cyber extortion, Finnish news agency STT reports on Sunday.

The Finnish Evangelical Lutheran Church is one of the largest members of the LWF, a global Lutheran organisation.

Earlier this month perpetrators carried out ransomware attacks on the federation and released screenshots of the captured material, including images of people’s passports.

Responding to STT via email, the LWF confirmed that it was aware of the extortion attempt. The federation, however, declined to comment on how many individuals’ information had been compromised or whether there were Finns among this group.

Some 65 percent of people in Finland belong to the country’s Evangelical Lutheran Church.

Users with an Yle ID can leave comments on our news stories. You can create your Yle ID via this link. Our guidelines on commenting and moderation are explained here.

Source…