Tag Archive for: Record

Meris Botnet Sets Record with Massive DDoS Attacks Across Global Servers

/in


In a startling display of cyber force, the Meris botnet has successfully executed the largest DDoS (Distributed Denial of Service) attacks in history this summer, targeting a wide range of countries including the United States, Russia, New Zealand, and the United Kingdom. This malicious network, comprising over 250,000 devices, overwhelmed some of the most robust servers worldwide, marking a significant moment in cyber warfare.

Research conducted by the Russian search engine Yandex, alongside insights from DDoS mitigation service Qrator Labs, has unveiled that Meris is a new breed of botnet. Its capacity to generate an unprecedented 21.8 million requests per second (RPS) during an attack on Yandex on September 5 highlights its potential to cripple almost any infrastructure, including highly resilient networks.

Unprecedented Scale and Impact

The Meris botnet’s capability to launch attacks of such magnitude lies in its unique focus on the number of requests per second, a method that sets it apart from traditional DDoS attacks which generally aim to saturate servers with massive amounts of data. This strategy has enabled Meris to take down significant infrastructures, as evidenced by the disruption caused to major companies in New Zealand, including banks like ANZ and Kiwibank, NZ Post, MetService, and even the New Zealand Police.

Technical Sophistication

Unlike typical ‘Internet of Things’ (IoT) devices often associated with botnets, the devices commandeered by Meris are high-performance and likely connected via Ethernet, contributing to the botnet’s formidable power. This revelation, coupled with the attackers’ technique of rotating devices to avoid revealing their full capacity, complicates efforts to mitigate the botnet’s impact.

Global Response and Mitigation

The emergence of Meris has prompted a global response, with entities like Cloudflare and Yandex at the forefront of efforts to counteract the botnet’s attacks. The record-breaking assault on Yandex, which surpassed previous incidents attributed to the Mirai botnet, underscores the escalating challenge of safeguarding digital infrastructure against such sophisticated…

Source…

Record Earnings for Ransomware Hackers in 2023

/in


In 2023, ransomware hackers made more money than ever before. They earned $1.1 billion, setting a new record. This is a big increase from the $567 million they got in 2022. Chainalysis, a company that watches blockchain activities, shared this information.

Ransomware earnings hit $1.1 billion in 2023, a record high, up from $567 million in 2022, Chainalysis reports.

The rise in earnings comes after a year when the money from ransomware dropped. But in 2023, things changed. More hackers joined in, and some big attacks brought in a lot of money. One hacking group, CL0P, made over $100 million by finding a way to break into a file-transfer service called MOVEit. This service is used by many businesses and governments. CL0P’s attack on MOVEit made it the top ransomware for a while.

More people are trying ransomware because it can be very profitable. For instance, a group called Phobos lets other hackers use its ransomware. This makes it easier for more attacks to happen, even by those who are not very skilled.

Ransomware-as-a-service gangs, like LockBit and ALPHV, have made ransomware attacks go up by 68% in 2023. The US saw almost half of these attacks. The UK, Canada, Italy, and Germany also saw many attacks. The biggest ransom asked for was $80 million by the LockBit gang from Royal Mail.

The ransomware business is now worth billions. It has its own system with different roles like access brokers and software sellers. It even has things like employee of the month awards. LockBit was the biggest name in ransomware in 2023, but others are catching up.

Hackers are also finding new ways to stay hidden. They use normal tools in a way that does not look suspicious to carry out their attacks. This makes it hard to notice them. Malvertising, or harmful ads, also came back in 2023. These ads trick people into downloading malware.

Attacks on phones and computers have gotten more sophisticated. Android banking trojans were found 88,500 times. They pretend to be normal apps to steal banking details. Macs are also targeted more because they are used by many businesses.

As we moved into 2024, companies had smaller IT and security teams and budgets, making it a challenge to fight against these attacks.

Read next: OpenAI Sets Eyes On New AI Project Worth Trillions As Sam Altman Begins Talks With Potential…

Source…

Ransomware Payments Exceed $1 Billion in 2023, Hitting Record High After 2022 Decline

/in


Chainalysis got everyone’s attention with their new report. They write, in part:

2023 marks a major comeback for ransomware, with record-breaking payments and a substantial increase in the scope and complexity of attacks — a significant reversal from the decline observed in 2022, which we forewarned in our Mid-Year Crime Update.

Ransomware payments in 2023 surpassed the $1 billion mark, the highest number ever observed. Although 2022 saw a decline in ransomware payment volume, the overall trend line from 2019 to 2023 indicates that ransomware is an escalating problem. Keep in mind that this number does not capture the economic impact of productivity loss and repair costs associated with attacks. This is evident in cases like the ALPHV-BlackCat and Scattered Spider’s bold targeting of MGM resorts. While MGM did not pay the ransom, it estimates damages cost the business over $100 million.

The following figure from their report captures 2023 in terms of the number of different groups, the median ransom payment and frequency of payments per group.  A text description is provided in their report.

Source: Chainalysis

Read more at Chainalysis.

Source…

Ransomware payments soared in 2023 to a new record says Chainalysis

/in


Ransomware attacks grew larger in scope and more complex last year, resulting in record high payments that defied the previous year’s lull.

A recent analysis from blockchain data platform Chainalysis found that in 2023 people paid $1.1 billion worth of cryptocurrency for ransomware payments, the highest sum since at least 2019, when it was a “mere” $220 million. The 2023 figures stand in contrast to 2022’s $567 million, which represented a sudden unexpected drop.

Chainalysis said this shows the previous year was more of an aberration than a new normal, fueled by geopolitical factors such as the Russian invasion of Ukraine. This conflict not only disrupted operations for certain actors, but the remaining ones shifted their focus from financial gain to politically motivated cyberattacks that steal information and wreak havoc. Other factors at play included a reluctance among western entities to pay ransoms to groups due to potential sanction risks, as some are linked to Russian intelligence agencies. There were also successful high-profile operations against the Hive ransomware network.

This was only a temporary lull, however, as ransomware attacks have since come roaring back. There were 538 new ransomware variants in 2023, pointing to the rise of new, independent groups. Ransoms have also been growing bigger; the analysis found that cybercriminals have increasingly preferred to go after a smaller number of higher value targets versus large numbers of low-value ones. This strategy, which is termed “big game hunting” in their world, had been growing more popular over the last few years and, over 2023, grew more popular still.

The report also pointed to the rise of, effectively, ransomware-as-a-service type networks where outsiders known as affiliates can access the malware to carry out attacks, and in exchange pay the strain’s core operators a cut of the ransom proceeds. This means a lower barrier to entry for less sophisticated players, which means a much greater quantity of attacks can be launched.

The analysis also noted the rise of what’s called Initial Access Brokers, who penetrate the networks of potential victims, then sell that access to ransomware attackers for as little…

Source…