Tag: leaders | Page 2

US government offers $10 million reward in bid to track down Hive ransomware leaders

February 12, 2024/in Internet Security

The Department of State also announced it is offering $5 million for any information that leads to the arrest of any individual around the world conspiring to participate in Hive ransomware activity.

In 2023, the State Department’s ‘Rewards for Justice’ program issued rewards for any information that could link Hive or other groups targeting US critical national infrastructure to a foreign government.

At the same time, the department revealed the FBI had penetrated servers and domains controlled by Hive as early as 2022.

Coordinated efforts from German and Dutch law enforcement led to the infiltration of Hive’s communication servers, with authorities claiming to have disrupted the group’s ability to continue its operations.

Following the operation, the FBI was able to provide over 1,000 decryption keys to active and previous Hive victims, reporting its actions had saved $130 million in unpaid ransoms.

Deputy attorney general Lisa O. Monaco said government agencies around the world are beginning to seize the initiative in their ongoing struggle to suppress ransomware.

“[O]ur investigative team turned the tables on Hive, swiping their decryption keys, passing them to victims, and ultimately averting more than $130 million dollars in ransomware payments. We will continue to strike back against cybercrime using any means possible and place victims at the center of our efforts to mitigate the cyber threat.”

FBI director Christopher Wray said the operation’s success demonstrates the value of counter-offensive tactics to disrupt groups like Hive in combination with crowd-sourcing information.

“The coordinated disruption of Hive’s computer networks, following months of decrypting victims around the world, shows what we can accomplish by combining a relentless search for useful technical information to share with victims with investigation aimed at developing operations that hit our adversaries hard”.

Is this the end of the road for Hive ransomware?

The Hive ransomware group has targeted over 1,500 companies across more than 80 countries and received over $100 million in ransom payments since June 2021, according to the FBI.

Previous attacks linked to the group include the…

Source…

U.S. Offers $10 Million Bounty for Info Leading to Arrest of Hive Ransomware Leaders

February 12, 2024/in Internet Security

The U.S. Department of State has announced monetary rewards of up to $10 million for information about individuals holding key positions within the Hive ransomware operation.

It is also giving away an additional $5 million for specifics that could lead to the arrest and/or conviction of any person “conspiring to participate in or attempting to participate in Hive ransomware activity.”

The multi-million-dollar rewards come a little over a year after a coordinated law enforcement effort covertly infiltrated and dismantled the darknet infrastructure associated with the Hive ransomware-as-a-service (RaaS) gang. One person with suspected ties to the group was arrested in Paris in December 2023.

Hive, which emerged in mid-2021, targeted more than 1,500 victims in over 80 countries, netting about $100 million in illegal revenues. In November 2023, Bitdefender revealed that a new ransomware group called Hunters International had acquired the source code and infrastructure from Hive to kick-start its own efforts.

There is some evidence to suggest that the threat actors associated with Hunters International are likely based in Nigeria, specifically an individual named Olowo Kehinde, per information gathered by Netenrich security researcher Rakesh Krishnan, although it could also be a fake persona adopted by the actors to cover up their true origins.

Blockchain analytics firm Chainalysis, in its 2023 review published last week, estimated that ransomware crews raked in $1.1 billion in extorted cryptocurrency payments from victims last year, compared to $567 million in 2022, all but confirming that ransomware rebounded in 2023 following a relative drop off in 2022.

“2023 marks a major comeback for ransomware, with record-breaking payments and a substantial increase in the scope and complexity of attacks — a significant reversal from the decline observed in 2022,” it said.

The decline in ransomware activity in 2022 has been deemed a statistical aberration, with the downturn attributed to the Russo-Ukrainian war and the disruption of Hive. What’s more, the total number of victims posted on data leak sites in 2023 was 4,496, up from 3,048 in 2021 and 2,670 in 2022.

Palo Alto Networks Unit…

Source…

Microsoft hack: Five questions enterprises should ask their IT leaders

February 4, 2024/in Computer Security

Software giant Microsoft revealed in mid-January 2024 that its systems were successfully infiltrated at the end of 2023 by Russia-backed hacking group Midnight Blizzard, as part of a coordinated and targeted information-gathering exercise.

Microsoft confirmed the details of the attack in a statement published online on Friday 19 January 2024, where it revealed the attack was first detected on 12 January 2024 and the immediate activation of its internal response processes meant it was able to immediately remove the hackers from its systems.

“To date, there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI [artificial intelligence] systems,” said Microsoft in its statement.

“We will notify customers if any action is required. This attack does highlight the continued risk posed to all organisations from well-resourced nation-state threat actors like Midnight Blizzard.”

And while Microsoft made it clear in its statement that no customer data or services were put at risk during the attack, Microsoft did publish a broader warning in its Security Threat Intelligence Blog on 25 January 2024 that stated its investigation into the hack is still on-going and further details about the impact of the attack may still come to light.

As a result, here are five questions enterprise users of Microsoft’s cloud services should be asking of their CIO, CTO and CISO in the wake of this attack.

Microsoft presents itself as being an intrinsically secure platform – is that still the case?

This is a key question because a company’s risk profile should be under continuous, ongoing re-assessment in any event, and the flurry of recent Microsoft hacks ought to be on their risk radar.

It is not clear how (or even if) Microsoft will be able to 100% guarantee its entire cloud environment is now clean and free from hackers, and they’ve reported being attacked successfully multiple times by Chinese and Russia-backed hacking groups.

Are we relying on the same security controls as Microsoft do?

Microsoft disclosed the Midnight Blizzard hackers were inside its systems for up to 42 days before they were…

Source…

Microsoft says state-sponsored Russian hacking group accessed email accounts of senior leaders | Business

January 22, 2024/in Internet Security

State

Zip Code

Country

Source…

Tag Archive for: leaders

Microsoft presents itself as being an intrinsically secure platform – is that still the case?

Are we relying on the same security controls as Microsoft do?