Tag Archive for: Organizations

FBI Says Cuba Ransomware ‘Made’ $60 Million by Attacking More Than 100 Organizations

/in


The FBI and the U.S. Infrastructure and Cyber Security Agency (CISA) report that as of August 2022, Cuba ransomware operators have received more than $60 million in ransom from their victims (initially, the hackers requested more than $145 million in ransoms) and have attacked more than 100 organizations around the world.

The new security bulletin is a direct continuation of a similar document from a year ago. Let me remind you that in December 2021, it was reported that the Cuba ransomware brought its authors about $43.9 million, compromising at least 49 organizations.

We also wrote that Cuba Ransomware Variant Involves Double-Extortion Scheme.

The FBI also said that the $43.9 million was just actual payments to the victims, but the hackers originally demanded more than $74 million from the victims, but some refused to pay.

Since the newsletter was released in December 2021, the number of U.S. organizations compromised by Cuba ransomware has doubled, and ransoms demanded and paid are on the rise. The FBI has observed that Cuba continues to attack US organizations in the following five critical infrastructure sectors, including financial and public sector, healthcare, manufacturing, and IT.experts write.

The FBI and CISA added that in the past year, it became known that ransomware has been improving its tactics and methods, and now they are associated with the RomCom remote access trojan (RAT) and Industrial Spy ransomware.

Law enforcement officers also said at the time that they tracked Cuba attacks on systems infected with the Hancitor malware, which uses phishing emails, exploits vulnerabilities in Microsoft Exchange, compromised credentials, or RDP brute force to access vulnerable Windows machines. Once Hancitor is infected, access to such a system is rented out to other hackers using the Malware-as-a-Service model.

Interestingly, the statistics of the ID-Ransomware platform do not allow to call the Cuba ransomware particularly active, and this only proves that even such a ransomware can have a huge impact on victims and bring profit to its operators.

FBI and CUBA ransomware

Source…

Ransomware Attacks Pose Biggest Threat to UK Organizations

/in


Fraud Management & Cybercrime
,
Geo Focus: The United Kingdom
,
Geo-Specific

Security Agency Says 18 Incidents in 2022 Needed Nationally Coordinated Mitigation

Akshaya Asokan (asokan_akshaya) •
November 1, 2022    

Ransomware Attacks Pose Biggest Threat to UK Organizations
Westminister Bridge in London (Image:Martin Dunst/CC BY-SA 4.0)

Ransomware attacks against U.K. hospitals and schools remained the biggest cybersecurity threat facing country in 2022, the country’s cybersecurity agency warns, adding that these attacks are likely to surge in the coming months.

See Also: OnDemand | API Protection – The Strategy of Protecting Your APIs

While the United Kingdom witnessed an uptick in various attacks, including low-level tactics such as spear-phishing, ransomware attacks against its critical infrastructure persisted throughout the year, with 18 incidents in the country requiring national-level coordination to mitigate the malware from systems.

These include the attacks on attacks on a supplier to the country’s national emergency helpline, and a water supply company at South Staffordshire, according to the 2022 cyber threat report released by the National Cyber Security Centre.

The NCSC attributes the uptick in ransomware attacks to the proliferation of ransomware-as-a-service groups, which it says are empowering lower-skilled attackers and group affiliates that normally lack the expertise to deploy sophisticated malware. These services have opened multiple attack vectors to a broader range of hackers, NCSC says.

Further, less sophisticated hackers are now equipping themselves with advanced intrusion software such as military-grade spyware and off-the-shelf…

Source…

Hackers maintained deep access inside military organization’s network, U.S. officials reveal

/in


Written by Suzanne Smalley
Oct 4, 2022 | CYBERSCOOP

U.S. cybersecurity, law enforcement and intelligence officials revealed on Tuesday that sophisticated hackers infiltrated a likely U.S. military contractor and maintained “persistent, long-term” access to their system.

The National Security Agency, the Cybersecurity and Infrastructure Security Agency and the FBI released a detailed, joint advisory containing the notification, explaining that in November 2021 CISA responded to a report of malicious activity on an anonymous “Defense Industrial Base (DIB) Sector organization’s enterprise network.”

CISA uncovered a likely compromise, and said that some of the intruders had “long-term access to the environment.” After breaking in, officials said, hackers leveraged an open-source toolkit known as Impacket to “programmatically” construct and manipulate network protocols.

Impacket is a collection of Python libraries that “plug into applications like vulnerability scanners, allowing them to work with Windows network protocols,” Katie Nickels, director of threat intelligence at Red Canary, said via email. Hackers favor Impacket because it helps them retrieve credentials, issue commands and deliver malware onto systems, she said.

The digital intruders in this case also used a custom data exfiltration tool, CovalentStealer, to steal sensitive data and exploited a Microsoft Exchange vulnerability on the defense organization’s server to gain access remotely, officials said. From there, the hackers used the compromised company accounts to further infiltrate the targeted organization.

Nickels said hackers could have gained access by exploiting vulnerabilities in Exchange, but there is “no evidence to support this right now, nor is there evidence that adversaries knew about the ProxyNotShell,” a reference to a new Exchange Server zero-day vulnerability.

There have been a number of Exchange vulnerabilities reported over a span of years, Nickels said. Given how difficult it can be to patch on-premise Exchange servers, she said, many of these vulnerabilities go unfixed, and become vectors for attack.

The…

Source…

Can Cloud Telephony Services with Military Grade Security Enable Organizations to Create High Brand Value?

/in


By Shubham Patidar, Research Consultant at Fact.MR

In today’s technology driven world, the workforce is spread out between those working remotely and those working in offices, with some planning on returning to their office full-time and others remaining on a hybrid or remote model for the foreseeable future. While several companies worldwide have remained invested in the on-premises calling system, the reality is that, today, the shortest way to communicate is often through a stable internet connection.

Companies are thus investing huge sums in the development of a unified communications system with a cloud calling feature. Adapting their communication systems to this new technology can potentially improve or even future-proof the line of communication in and outside of an organization.

Cloud calling, often referred to as cloud telephony, helps in making a company’s overall phone system cost less. It provides voice communication services primarily through a third-party host. It is gradually replacing the need for traditional enterprise telephone systems, including private branch exchange across the globe.

Cloud telephony services further frees organizations from the burden of purchasing and storing stand-alone hardware such as handsets and private branch exchange boxes. It also sets the stage for equipping complementary unified communications as a service (UCaaS) features such as artificial intelligence (AI)-enabled customer support, keyword and voice analysis, interactive voice response (IVR), and call center capabilities.

Organizations nowadays are utilizing cloud telephony services to better connect their teams and make their employees more satisfied, engaged, and focused in their roles. The term ‘cloud telephony’ signifies a multi-tenant access model, with subscribers paying to utilize a provider’s pool of shared and commoditized resources.

As per Fact.MR, a leading market research firm, the global cloud telephony services industry is projected to reach a valuation of US$ 51.5 Billion by the end of 2032 and exhibit growth at a CAGR of 9.5% from 2022 to 2032. Surging need to reduce phone bills and the overall teleconferencing cost in an organization is expected to…

Source…