Tag Archive for: latest

Cactus Ransomware Using Qlik Bugs, DanaBot in Latest Attacks

/in


Fraud Management & Cybercrime
,
Ransomware

Operators Exploit Flaws in Data Analytics Platform to Access Corporate Networks

Mihir Bagwe (MihirBagwe) •
December 1, 2023    

Cactus Ransomware Using Qlik Bugs, DanaBot in Latest Attacks
Operators of Cactus ransomware are staying active, security researchers say. (Image: Shutterstock)

Operators of a new ransomware strain dubbed Cactus are using critical vulnerabilities in a data analytics platform to gain access to corporate networks. Cactus ransomware operators are also getting an assist from deploying Danabot malware that is distributed through malvertising.

See Also: M-Trends 2023 Report

Cactus ransomware first emerged in March and adopted a double-extortion tactic – stealing and encrypting data. It has visibly ramped up operations in the past few months and has participated in a surge of ransomware activities this fall, setting record-breaking levels of ransomware attacks. Cactus listed 33 victims in September, U.K.-based cybersecurity firm NCC Group said in October (see: Known Ransomware Attack Volume Breaks Monthly Record, Again).

Cactus’ campaign, which cybersecurity firm Arctic Wolf said affects data analytics platform Qlik Sense, uses vulnerabilities initially detected by researchers in August. One vulnerability, identified as CVE-2023-41266, is a path traversal bug that could be exploited to generate anonymous sessions and execute unauthorized HTTP requests. Another flaw, CVE-2023-41265, has a critical-severity CVSS rating of 9.8. It does not require authentication and allows privilege escalation and execution of HTTP requests on the back-end server hosting the application.

In September, Qlik discovered that hackers could bypass the fix for CVE-2023-41265, prompting a new…

Source…

Cerber Ransomware Operators Exploit Latest Atlassian Bug

/in


Fraud Management & Cybercrime
,
Governance & Risk Management
,
Patch Management

Analysts Suggest Cerber Ransomware Is a Conti Derivative

Mihir Bagwe (MihirBagwe) •
November 8, 2023    

Cerber Ransomware Operators Exploit Latest Atlassian Bug
Ransomware hackers are exploiting a recently patched zero-day flaw in Atlassian Confluence instances. (Image: Shutterstock)

Ransomware hackers have seized on an exploit of a recently disclosed zero-day vulnerability in Atlassian Confluence instances days after the company urged its customers to patch immediately.

See Also: Live Webinar | Generative AI: Myths, Realities and Practical Use Cases

Security companies Rapid7 and GreyNoise said they began detecting on Sunday a surge in hacks exploiting a bug Atlassian described as an improper authorization vulnerability (see: Atlassian Urges Patching Against Data Loss Vulnerability).

The Australian content collaboration and management workspace developer on Monday elevated the bug’s criticality to 10, the maximum possible on the CVSS scale.

Researchers initially described the danger from the flaw, tracked as CVE-2023-22518, as data destruction. Multiple cybersecurity firms said hackers are using it to deploy Cerber ransomware.

Security volunteers from The DFIR Report said a group using the name “C3RB3R” in the ransom note had exploited the Atlassian bug.

Cerber was among the top three ransomware variants of 2021, along with Ryuk and SamSam, according to Proofpoint. The company counted 52.5 million Cerber attacks that year, second only to Ryuk’s 93.9 million. Whether those attacks came…

Source…

New York State Gaming Commission Is Latest Casino Hacking Target

/in


First casinos, and now the regulators. It’s been a tough couple of months for cyber security teams in the casino industry. That continued over the weekend at the New York State Gaming Commission.

The state’s casino regulator was hacked, bringing some grief not just to the gaming commission, but also for some New York slot venues. The commission’s slot management system was left inoperable for a time on Oct. 17, affecting some operators.

“Everi, the licensed operator of New York’s video lottery gaming central system, experienced a cybersecurity event that remains under investigation,” commission representative Brad Maione told the New York Post. “The commission has no indication that personal identifiable information was compromised. The Commission continues to monitor the situation.”

Latest Casino Industry Entity Victimized by Cyber Attack

MGM Resorts was recently victimized in a cyber attack that crippled many of the company’s operations around the country, including slot machines. In Canada, Gateway Casinos experienced a similar issue in April, leading to the closure of several casinos north of the border.

Caesars Entertainment also saw a similar ransomware attack as well. That company chose instead to pay a $30 million ransom to regain access to its computer systems, according to the Wall Street Journal. That may have been the best financial decision, given MGM recent disclosure that the hack will cost the company upwards of $100 million before insurance payouts.

New York State Gaming Commission representatives don’t believe any personal data was retrieved by hackers during the Empire State attack. The commission continues to investigate, but the attack has been another wake-up call for some in the industry.

“We shut down for a brief period,” James Featherstonhaugh, a part owner of Saratoga Casino, told the Post. “It got cleared up fairly quickly. It was all the same issue. It got everyone’s attention.”

Prevention Steps

Cyber crimes have cost MGM, Caesars, and Gateway millions of dollars in lost revenue and additional IT work. As the industry faces a growing number of cyber security issues, some experts say additional planning and training could…

Source…

Most Canadian firms pay a ransomware gang, latest CIRA survey suggests

/in


The vast majority of organizations in this country are still giving in and paying ransomware gangs after successful attacks, the annual survey of infosec pros by the Canadian Internet Registry Authority (CIRA) suggests.

That’s one possible conclusion from the results of an online survey of 500 Canadian cybersecurity professionals from organizations that had at least 50 employees that was released Tuesday by CIRA.

CIRA oversees the .ca registry.

Released in conjunction with Cybersecurity Awareness Month, the survey shows 41 per cent of respondents said their organization had experienced an attempted or successful cyber attack in the last 12 months. Of those, 23 per cent said that their organization had been a victim of a successful ransomware attack in the last 12 months, one per cent more than 2022.

And of those, 70 per cent said their organization paid ransom demands — and nearly a quarter of those paid up to $100,000. The responses are roughly similar to those of previous CIRA surveys. In 2022, 73 per cent of those hit by ransomware said their firm paid up, while 69 per cent said their firm paid a ransom in 2021.

The numbers “went the wrong way in terms of a trend this year,” admitted Jon Ferguson, CIRA’s general manager of cybersecurity.

“The challenge for a lot of organizations is if they’re not well prepared for an attack before it happens, remediation may not be easy,” he said. “So they perceive paying is the simplest resolution of the problem. Maybe they lack the ability to recover without getting access (to data) back.”

They may also be worried about damage to their reputation if word gets out about a ransomware attack, he added.

Asked why in 2023 an organization would not be well prepared for ransomware, Ferguson said some firms may have trouble understanding the threats new technologies adopted by IT will pose.

He also noted evidence in the survey numbers that IT pros recognize ransomware is a problem. Three-quarters of respondents said they would support a law forbidding organizations from making ransom payments. (That’s up from 64 per cent in the 2021 survey).

Among other troubling survey numbers pointed out to Ferguson, 64 per cent of…

Source…