Tag Archive for: info

No Fulton residents’ info leaked by hackers

/in


Many phones are working again, he said. The water-bill payment system is back online, and work continues on the “big three” systems: tax offices, the courts, and the internal employee system, Anderson said.

Election systems, though temporarily taken offline out of caution, were not affected; and early voting is underway for the March 12 presidential primary, he said.

Anderson hopes all computer systems will be restored within the next month. For those functions still down, county offices — especially the judicial system — have gone back to paper or are using other work-arounds.

The county is working on a case study of “lessons learned” from the attack and response, which it plans to share with other governments and the public, Anderson said.

The LockBit ransomware group claimed responsibility for the Fulton cyberattack, setting a countdown timer on the dark web that displayed some stolen county documents and threatened to release far more if an unspecified ransom wasn’t paid.

LockBit has targeted thousands of governments and companies with ransomware attacks, and an international law enforcement crackdown Feb. 19 took down the group’s website. Police agencies also seized computer servers and cryptocurrency accounts.

Although the takedown was not a direct response to the Fulton County hack, it apparently cut off the hackers’ access to stolen Fulton data. LockBit put up a new web page and set another countdown threat, but that Thursday deadline passed with no document release.

After the deadline expired, Commission Chair Robb Pitts said neither the county nor anyone on its behalf paid any ransom.

Source…

Group-IB reveals Hi-Tech Crime Trends 23/24: surge in ransomware, leaks, and info stealers targeting Middle East and Africa

/in


(MENAFN– Active DMC) Dubai, February 28, 2024 — Group-IB, a leading creator of cybersecurity technologies to investigate, prevent, and fight digital crime, has presented a comprehensive overview of the cyber threat landscape in the Middle East and Africa (MEA) for the years 2023/2024 with the release of its annual Hi-Tech Crime Trends report. The report provides a thorough analysis of how cybersecurity challenges in the MEA region have evolved. In 2023, Group-IB’s researchers identified a 68% surge in the number of ransomware attacks, with financial services and real estate companies emerging as the most common victims. The Gulf Cooperation Council (GCC) countries, South Africa, and Turkey were the most frequently targeted locales by Ransomware-as-a-Service (RaaS) affiliates. Information stealers pose a significant concern, impacting 297,106 infected devices in the MEA region whose logs were made available on Underground Clouds of Logs (UCL), and an additional 903,002 hosts, logs from which were put up for sale on underground markets. Additionally, 152 new data leaks were detected in the MEA region in 2023.

Nation-state sponsored hackers target MEA

Group-IB researchers discovered that the Middle East and Africa was a significant target for advanced persistent threats (APTs), also known as nation-state sponsored groups, last year. Overall, Group-IB attributed 523 attacks to nation-state actors across the globe in 2023. Attacks on MEA organizations accounted for 15% of the global total, numbering 77, with Group-IB experts asserting that this may be due to ongoing geopolitical conflicts in the region, along with MEA’s importance to the global energy market.

The top targeted locales in the MEA region in 2023 were Israel (14 attacks), Turkey (12) and the GCC region (8). Government and military organizations suffered the most APT attacks in the MEA region, totalling 20. Transportation (8 attacks) and telecommunications (7) were the second and third most targeted sectors, respectively.

Attacks coordinated by groups such as APT42, Oilrig and Hexane (all from MEA) reflect the desire of certain countries in the region to strengthen their…

Source…

U.S. Offers $10 Million Bounty for Info Leading to Arrest of Hive Ransomware Leaders

/in


Hive Ransomware

The U.S. Department of State has announced monetary rewards of up to $10 million for information about individuals holding key positions within the Hive ransomware operation.

It is also giving away an additional $5 million for specifics that could lead to the arrest and/or conviction of any person “conspiring to participate in or attempting to participate in Hive ransomware activity.”

The multi-million-dollar rewards come a little over a year after a coordinated law enforcement effort covertly infiltrated and dismantled the darknet infrastructure associated with the Hive ransomware-as-a-service (RaaS) gang. One person with suspected ties to the group was arrested in Paris in December 2023.

Hive, which emerged in mid-2021, targeted more than 1,500 victims in over 80 countries, netting about $100 million in illegal revenues. In November 2023, Bitdefender revealed that a new ransomware group called Hunters International had acquired the source code and infrastructure from Hive to kick-start its own efforts.

There is some evidence to suggest that the threat actors associated with Hunters International are likely based in Nigeria, specifically an individual named Olowo Kehinde, per information gathered by Netenrich security researcher Rakesh Krishnan, although it could also be a fake persona adopted by the actors to cover up their true origins.

Blockchain analytics firm Chainalysis, in its 2023 review published last week, estimated that ransomware crews raked in $1.1 billion in extorted cryptocurrency payments from victims last year, compared to $567 million in 2022, all but confirming that ransomware rebounded in 2023 following a relative drop off in 2022.

“2023 marks a major comeback for ransomware, with record-breaking payments and a substantial increase in the scope and complexity of attacks — a significant reversal from the decline observed in 2022,” it said.

Cybersecurity

The decline in ransomware activity in 2022 has been deemed a statistical aberration, with the downturn attributed to the Russo-Ukrainian war and the disruption of Hive. What’s more, the total number of victims posted on data leak sites in 2023 was 4,496, up from 3,048 in 2021 and 2,670 in 2022.

Palo Alto Networks Unit…

Source…

Toyota Financial Services ransom attack exposes customer banking info

/in


Toyota Financial Services (TFS) says personal details, including bank account information, were compromised in last month’s ransomware attack claimed by the Medusa ransomware gang.

The European branch of the Japanese automaker’s vehicle financing and leasing subsidiary sent a notice, to affected individuals informing them of the exposure.

On December 5th, TFS has also announced the breach on its website and that “unauthorized persons had gained access to personal data.”

“As announced on November 16th, Toyota Financial Services Europe & Africa has detected unauthorized activity on systems at a limited number of locations, including Toyota Kreditbank GmbH in Germany,” the post stated, translated from German.


TFS handles auto loans, leases, and other financial services to Toyota customers in every continent.

Toyota Deutschland GmbH is an affiliated company held by Toyota Motor Europe (TME) in Brussels, Belgium and located in Köln (Cologne).

The breach notification letter, also sent in German,
 explains that certain TKG files were accessed during the attack.

Toyota Financial Services breach notice

At this time, TFS can confirm the compromised information of those affected includes first and last names, as well as their residential postal code.

Other contract information that may have been exposed includes “contract amount, possible dunning status, and your IBAN (International Bank Account Number),” the letter stated.

“We regret any inconvenience this may have caused to customers and business partners,” TFS wrote.

“It’s not clear how the attackers initially gained access to Toyota’s systems, but with unauthorized access being detected, this could indicate stolen credentials were involved,” said CEO of My1Login Mike Newman.

Data frequently reveals that phishing and credential theft are two of the most common attack vectors used to deploy ransomware, Newman explained.

Newman said the incident is yet another example of “how criminals hold all the power when it comes to ransomware,” adding that for groups like Medusa, the money-making opportunities are endless.

“It doesn’t matter if the organization pays the ransom demand, attackers always have the upper hand as they can still…

Source…