Tag Archive for: latest

Carpetright is latest British business to be hit by cyber attack as hackers target company HQ to affect hundreds of customer orders

/in


  •  Hackers targeted the company HQ in Purfleet, Essex on Tuesday



Flooring chain Carpetright is the latest British business to be hit by a cyber attack affecting hundreds of customer orders. 

Hackers targeted the company HQ in Purfleet, Essex on Tuesday, sending malware to gain unauthorised access. 

Carpetright’s network was taken offline due to the cyber attack but bosses insist that the virus was isolated before any data was swiped. 

However phone lines are still down with callers met with the automated message ‘Thank you for your patience while we work on a solution’.

Staff and hundreds of customers were affected by the malicious virus with employees reportedly unable access their payroll information.   

Flooring chain Carpetright is the latest British business to be hit by a cyber attack affecting hundreds of customer orders (file pic)
Hackers targeted the company HQ in Purfleet, Essex on Tuesday, sending malware to gain unauthorised access (stock photo)

A source told The Sun: ‘Some staff networks were taken down including the portals that workers use to book time off and look at payslips.

‘It happened abruptly and was worrying because customers couldn’t get through to helplines.

READ MORE: Hackers publish NHS patients’ data after cyber attack including names, addresses and medical conditions – as they vow to post thousands more unless ransom is paid

‘Everything at HQ was taken offline as that was the best way to stop the attack spreading to customer data.’

A spokesperson for Carpetright said: ‘We would like to apologise for any inconvenience caused.

‘We are not aware of any customer or colleague data being impacted by this incident and are testing and resetting systems, with investigations ongoing.’

The cyber attack at the flooring chain comes after hackers managed to access a ‘small number’ of patients’ data last month. 

Ransomware group – INC Ransom – targeted NHS Dumfries and Galloway and claimed it was in possession of three terabytes of data from NHS Scotland.

A post on its dark web blog included a ‘proof pack’ of some of the data, which was…

Source…

Beware of encrypted PDFs as the latest trick to deliver malware to you

/in


Russian-backed hackers are using malware disguised as a PDF encryption tool to steal your information. According to the Threat Analysis Group report, COLDRIVER will send victims encrypted PDFs. When the unsuspecting victim replies saying they can’t see the PDF, the group will send a download link that poses as an encryption tool. But it’s really malware.

According to Threat Analysis Group (TAG), which is a specialized team within Google that focuses on identifying and countering various security threats, COLDRIVER primarily deals with phishing attacks. So this new malware-based attack is relatively new territory for the group.

 

COLDRIVER’s backdoor malware attack

The attack itself is pretty simple. As previously mentioned, attackers will send an encrypted PDF and then a malware-loaded “encryption tool” once the victims respond. That “encryption tool” will even display a fake PDF document to really sell the ruse. However, it’s really backdooring a piece of malware called Spica into your device.

Spica will steal cookies from Google Chrome, FireFox, Edge and Opera in order to get your information. Google says it’s been in play since September 2023. However, there are instances of COLDRIVER dating back to 2022.

Google says it’s added all domains, websites and files involved in the attacks to its Safe Browsing service. The company has also notified targeted users that they were at risk of an attack.

MORE: HOW CRYPTO IMPOSTERS ARE USING CALENDLY TO INFECT MACS WITH MALWARE 

 

How to protect yourself

1) Don’t download bootleg software: It’s not worth the risk to download bootleg software. It exposes your device to potential security threats, such as viruses and spyware.  If someone emails you a link for a download, make sure it’s from a reputable source and scan it. Downloading software from reputable app stores is definitely the way to go to protect your devices.

2) Don’t click on suspicious links or files: If you encounter a link that looks suspicious, misspelled, or unfamiliar, avoid clicking on it. Instead, consider going directly to the company’s website by manually typing in the web address or searching for it in a trusted search engine….

Source…

Polycab, Motilal Oswal, Bira91 Among Latest Companies To Be Hit By Ransomware Attacks

/in



Polycab, Motilal Oswal, Bira91 among latest companies to be hit by ransomware attacksImage: Shutterstock

India is one of the most attacked countries in cyberspace, and ransomware attacks are the biggest growing threat. In the last two weeks, multiple reports published by global cybersecurity companies point out that ransomware and malware attacks have surged in the country. Despite this, only a handful of organisations have a formal ransomware plan in place, with some of them even resorting to paying the ransom demands.
On March 17, Polycab India was targeted by LockBit, the most active global ransomware group. According to Polycab, the incident did not impact the core systems and operations of India’s largest wire and cable maker. “The technical team of the company along with a specialised team of external cybersecurity experts are working actively on analysing the incident,” it said in a filing with the stock exchanges. There was no mention of any ransom paid in the filing.
Similarly, prominent brokerage firm Motilal Oswal (MOSL), which has over 6 million clients, was attacked by the same ransomware group in mid-February. LockBit claimed the attack on its dark website. MOSL detected a cyber-incident in the form of some malicious activity on a few of the employees’ computers. Their IT security team activated its cybersecurity incident response process to investigate, contain, and remediate the incident in an hour.
“This incident has not affected any of our business operations or IT environment. It is business as usual. We also proactively went ahead and reported this matter to relevant law enforcement and regulatory authorities immediately,” the company said in a formal statement.

Lockbit has hacked some of the world’s largest organisations recently. On February 19, Britain’s National Crime Agency, the US Federal Bureau of Investigation, Europol, and a coalition of international police agencies disrupted Lockbit’s operations by taking over its website. “This site is now under the control of the National Crime Agency of the UK, working in close cooperation with the FBI and the international law enforcement task force, ‘Operation Cronos’,” a post on the ransomware group’s website said.
Shortly…

Source…

Global malware surge revealed in WatchGuard’s latest Internet Security Report

/in


A recent Internet Security Report revealed a significant surge in evasive malware, amplifying the total volume of malware globally. Global cybersecurity leader WatchGuard Technologies compiled the report, which also outlined crucial trends among top malware and both network and endpoint security threats, exploring data collected and analysed by their Threat Lab researchers.

Key findings showed threat actors increasingly exploiting on-premises email servers and a continuing decline in ransomware detections, potentially due to law enforcement’s concerted international efforts to dismantle ransomware extortion groups.

Corey Nachreiner, WatchGuard’s Chief Security Officer, stated that their latest research shows threat actors using various techniques to target vulnerabilities, especially in older software and systems. He emphasised, “Organisations must adopt a defence-in-depth approach to protect against such threats. Updating the systems and software on which organisations rely is a vital step toward addressing these vulnerabilities.”

Among the report’s key findings was a parallel increase in evasive, basic, and encrypted malware in Q4 2023, contributing to an overall rise in malware. The average malware detection per Firebox grew by 80% compared to the previous quarter, evidencing a significant volume of malware threats arriving at the network perimeter. Geographically, the Americas and the Asia-Pacific region experienced the most significant increase in malware instances.

TLS and zero-day malware instances were also noted to rise. Approximately 55% of malware arrived over encrypted connections, a 7% increase from Q3. Meanwhile, zero-day malware detections jumped to 60% of all malware detections, up from 22% the previous quarter. However, zero-day malware detections with TLS fell to 61%, exhibiting a 10% decrease from Q3, shedding light on the unpredictability of malware in the wild.

Two of the top five malware variants led users to the DarkGate network. JS.Agent.USF and Trojan.GenericKD.67408266, both in the top five, redirected users to malicious links. Both of these malware loaders also attempted to load DarkGate malware onto the victim’s computer.

A resurgence of…

Source…