Tag Archive for: month

RA ransomware gang attacks four companies in less than a month

/in


Leaked source code from cybercriminal gang Babuk continues to wreak havoc, with a new ransomware gang, RA, using it to launch cyberattacks. RA has built malware based on Babuk’s code and used it to steal 2.5 terabytes of data from four victim companies in the US and South Korea. 

RA Ransomware
RA ransomware has struck four companies in less than a month. (Photo by ROB ENGELAAR/ANP/AFP via Getty Images)

RA was first spotted in April, and has already racked up a list of victims according to a report released today by security company Cisco Talos.

RA ransomware gang attacks four companies

The Cisco Talos research says: “RA Group launched their data leak site on April 22, 2023, and on April 27, we observed the first batch of victims, three in total, followed by another one on April 28.

“We also observed the actor making cosmetic changes to their leak site after disclosing the victim’s details, confirming they are in the early stages of their operation.” 

The cybercrime group employs the same tactics as other ransomware gangs, using double extortion to press the victims into paying. This is where a criminal will exfiltrate data from a system before encrypting it so they can blackmail them into paying the ransom as well as charging them for the decryption key.

Victims are also posted onto a dark web blog to leverage the threat of data being released.

The gang is a little more ruthless than most, selling the data after three days, according to the ransom note published in the report: “Your data has been encrypted when you read this letter. We have copied all data onto our server, but don’t worry, your data will not be compromised or made public if you do not want,” it says. Typically criminals give their victims weeks or months to pay up.

“We took your data and encrypted your servers,” it continues. “Contact us, pay for decryption. If there is no contact within three days, we will make the sample file public. If there is no contact within seven days, we will make the file public. Do not contact us through other companies, they just earn the difference.”

Content from our…

Source…

Infosec products of the month: April 2023

/in


Here’s a look at the most interesting products from the past month, featuring releases from: Abnormal Security, Arista Networks, Armorblox, BigID, Binarly, Cofense, Cyera, Cynalytica, D3 Security, Eclypsium, GitGuardian, Guardz, Halo Security, Immuta, Malwarebytes, ManageEngine, Netskope, Obsidian Security, Searchlight Cyber, Sotero, Stamus Networks, ThreatX, Traceable AI, Venafi, Veracode, Versa Networks, Wazuh, and Zyxel Networks.

infosec products April 2023

Malwarebytes unveils WorldBytes to help users reveal the hidden cyber threats around them

Powered by Malwarebytes and AI technology, WorldBytes empowers users to use their mobile devices to scan the world around them and get real-time threat assessments of anything and everything – including questionable Tinder dates, the unlabeled sauce at the back of their fridge and their neighborhood cat. The responses, powered by ChatGPT, humorously explain the potential cyber risks lurking within.

infosec products April 2023

Guardz releases cybersecurity platform for MSPs and IT professionals

Guardz’s new MSP cybersecurity platform is an all-in-one solution providing businesses with both 24/7 cyber protection and cyber insurance coverage. Within the platform, MSPs can seamlessly control multiple customers’ cyber posture, subscription plans, and remediation from a single, multi-tenant dashboard.

infosec products April 2023

Obsidian’s SSPM solution enables organizations to increase their SaaS security

Obsidian Security released its latest suite of SaaS security solutions. This suite of solutions comprising Obsidian Compliance Posture Management, Obsidian Integration Risk Management, and Obsidian Extend will together enable security and GRC teams to increase their SaaS security and compliance posture measurably.

infosec products April 2023

Stamus Networks U39 uncovers hidden anomalies in a proactive threat hunt

With U39, Stamus Security Platform users now have access to 21 new guided threat hunting filters and additional sources of threat intelligence, including 2 lateral movement rulesets and 3 suspicious domain lists. SSP can now detect activity from a match on the media type (also known as mime-type) and can ingest additional third-party threat intelligence feeds to trigger a detection event based on a match on IP…

Source…

Outlook for Android, iOS to get own Multi-factor authentication capability this month

/in


Microsoft plans to inject a dedicated multi-factor authentication (MFA) capability into Outlook for Android and iOS, and its general availability is expected to arrive this month.

Microsoft wants to make it easier for its Outlook users to perform MFA. With this, the Redmond company revealed in its latest Microsoft 365 roadmap entry that it will introduce a so-called “Authenticator Lite” in the app. According to the feature description, it will cover work or school accounts being used on Microsoft 365 app, Azure Active Directory, and Outlook.

“Authenticator Lite (in Outlook) is a feature that allows your users to complete multi-factor authentication (MFA) for their work or school account using the Outlook app on their iOS or Android device,” the roadmap entry reads.

Despite this, it is important to note that the company already offers the Microsoft Authenticator that Android and iOS users can use for Outlook, other Microsoft products, and other third-party applications. And while introducing the Authenticator Lite might sound redundant for those who already have the Microsoft Authenticator, this will make Outlook a more comprehensive app armed with its own MFA feature. Additionally, this might be one of the software giant’s initiatives to further boost the security capabilities of Outlook as more authorities put scrutinizing eyes on tech companies.

Last month, it can be recalled that the director of the Cybersecurity and Infrastructure Security Agency, Jen Easterly, called out Microsoft and Twitter due to the low MFA usage rate among their customers. According to Easterly, only one-quarter of Microsoft’s enterprise customers use it. The official, meanwhile, praised Apple for the high usage rate of the security feature due to its decision to make the feature a default.

Microsoft is also determined to promote the use of MFA in its products, starting with Outlook. However, instead of going the same path Apple is taking by making MFA default, it seems the software company wants to achieve this by making the security feature more convenient and accessible to encourage more users to embrace it. Once Authenticator Lite is completely rolled out, we will see how effective this…

Source…

Cyberattack has kept an entire nation’s government offline for over a month

/in


The big picture: Cyberattacks targeting government institutions are nothing new, but they may be approaching new levels of severity. Recent cases this fall reveal that entire municipal or even national governments could be vulnerable to major disruptions from cybercriminals. The effects can knock whole populations decades back in time technologically.

Since early November, the government of the Pacific Island nation of Vanuatu has been offline due to a cyberattack. Details on the nature of the attack are still unclear, and only around 70 percent of government services have been restored after a month.

Vanuatu’s newly elected government started noticing problems with official computer systems on the first day of its term on November 6. Eventually, all government computer services were disabled.

Officials couldn’t access government email accounts, citizens couldn’t renew their driver’s licenses or pay taxes, and medical and emergency information became inaccessible. For many everyday functions, the country reverted to pen and paper.

The government admits that it detected a breach in its centrally-connected systems in early November but won’t say any more. Some sources, including the press in nearby Australia, which sent specialists to help repair systems, claim the incident was a ransomware attack. However, Vanuatu’s government hasn’t yet confirmed the nature of the breach.

One reason to believe it could be ransomware is that a very similar incident occurred in a New York county about a month before Vanuatu’s government systems shut down.

On September 8, Suffolk County detected a ransomware attack and responded by shutting down its computer systems. The blackout affected government divisions ranging from the police to social services, which were forced to revert to early 90s technology for weeks. That meant using radio dispatches, paper checks, and fax machines.

Furthermore, the county announced that the attackers stole citizens’ personal information like driver’s license numbers. A county executive blamed a cyber gang called BlackCat – previously known for attacks in Italy and Florida.

Little information has emerged about Vanuatu’s level of preparedness…

Source…