Tag Archive for: remains

Philadelphia Inquirer cyberattack remains under investigation

/in


The Philadelphia Inquirer and outside cybersecurity experts have yet to determine the full extent of a cyberattack on the news organization last week, but the disruption won’t affect coverage of the hotly contested mayoral primary election Tuesday.

Lisa Hughes, The Inquirer’s publisher and chief executive, declined to say how seriously the cyberattack affected The Inquirer’s systems while the investigation continues. The attack prevented the publication of the regular Sunday print edition; subscribers received the early edition composed on Friday evening.

The attack is The Inquirer’s most significant publication disruption since a blizzard in 1996. With Inquirer offices closed as a precaution, staffers worked from home Monday as they did through the pandemic. But this time, they had to use workarounds to access publishing software and business systems. The Inquirer published a print edition Monday, but without classified ads, including death notices, which are expected to return to the newspaper Wednesday.

News staffers covering Tuesday’s election will work together at a temporary newsroom in Center City. The cyberattack affected internet servers and the effort to restore them requires systems to intermittently be turned off, Hughes said. The newsroom is expected to reopen Wednesday.

The cyberattack gained international attention, with CNN, Fortune, the New York Times, Associated Press, and the Guardian reporting on the news.

» READ MORE: The Philadelphia Inquirer’s operations continue to be disrupted by a cyber incident

Who committed the attack, how they accessed The Inquirer’s systems, what was targeted, and whether this was a result of ransomware remained unanswered. News organizations, including the Los Angeles Times and the Guardian have been victims of ransomware, software that freezes systems until the organization pays the perpetrators, in recent years.

Hughes declined to say Monday whether The Inquirer received a ransom demand or whether the individual or group responsible for the attack contacted the news organization.

The Inquirer notified the FBI of the attack, Hughes said. The federal law enforcement agency has said it typically does conduct an…

Source…

LockBit 3.0 remains the most active threat actor as ransomware attacks drop in January

/in


In a surprising finding, a new report from NCC Group plc finds that the number of ransomware attacks dropped in January from December, but the number of attacks was still the highest for January in three years.

The NCC Group Monthly Threat Pulse for January 2023 details 165 ransomware attacks in January, down 38% from December 2022. Lockbit 3.0 was found to remain the most active threat actor, with 50 attacks, 30% of those detected. Vice Society sat in second place with 13% of attacks, followed by Blackcat at 12%.

Lockbit 3.0, which emerged midway through last year, targeted 32% of its attacks against the industrial sector, followed by consumer cyclicals at 16% and technology organizations at 14%. By contrast Vice Society, a Russian ransomware-as-a-service group, targeted 45% of their attacks at academic and educational services.

BlackCat had a broader attack range, with 25% of its attacks targeting the industrial sector, followed by basic materials, healthcare and consumer cyclicals, each hitting 15% of the group’s targets.

By region, North America topped the ransomware attack list in January, attracting 41%, or 68 attacks, followed by Europe at 34% and Asia at 12%. By sector, industrials attracted 30% of attacks, followed by consumer cyclicals at 15% and academic and education at 11%. The report notes that it was the first time in a year that academic and education had surpassed the technology and government sectors into third place, driven by a spike in activity from Vice Society.

The report also highlights the rise of threat actor “AcridRain.” The group first emerged in October 2022 and has started to gain traction with a revamped “infostealer,” which is malware designed to steal victim information, including passwords.

The new iteration of malware from AcridRain is described as “one to look out for,” since it rebrands itself to fit the current “market” standard functionality of infostealers. This is said to allow the group to refocus on targeting cryptocurrency and crypto wallets specifically, renting out stealer software to other actors. NCC Group expects AcridRain to evolve further and develop its operations, capability and reach over the coming…

Source…

Ransomware Remains Top Cyber Threat, Former NCSC Chief Says

/in


Fraud Management & Cybercrime
,
Ransomware

Ciaran Martin Warns 2023 Will See Increased High-Profile Attacks

Akshaya Asokan (asokan_akshaya) •
January 18, 2023    

Ransomware Remains Top Cyber Threat, Former NCSC Chief Says
Ciaran Martin, Oxford University professor and former NCSC CEO (Image: ISMG)

Ransomware continues to be the United Kingdom’s most prominent cybersecurity threat, and the country can expect to see a surge in destructive attacks in 2023, warns the former head of the UK’s national cybersecurity agency.

Ciaran Martin, now an Oxford University professor, says while overall ransomware activities across the world slumped in 2022, attacks are likely to surge in the coming months. He adds that recent hacks against The Guardian newspaper and the British Royal Mail are an example of these early-stage attacks.

See Also: Live Webinar | Navigating the Difficulties of Patching OT

Martin, who was the U.K. National Cyber Security Centre’s CEO until 2020, points out one of the contributing factors behind the success of ransomware continues to be that most criminal groups operate out of Russia, which he says is a “safe haven” for the crooks to “operate with impunity.”

“Cyber criminals thrive in weaker states, they don’t thrive in France, in the United States or Canada,” Martin tells Information Security Media Group during the Cyberthreat UK conference this week. “So, for the foreseeable future, I think this region is likely to be a source of significant cyber.”

The 23% decline in ransomware attacks in 2022, which is based on a SonicWall report, is likely tied to disruption caused by the ongoing war in Ukraine and Russia, with most ransomware operators in the region being forced to flee or join as conscripts in the state security service, he says.

“In 2023, the early signs, sadly, are that there’s a bit more of it…

Source…

Internet AppSec Remains Abysmal & Requires Sustained Action in 2023

/in


Can we build a defensible Internet? To improve the security of the Internet and the cloud applications it supports in 2023, we need to do better, experts say. Much better.

At the beginning of 2022, companies famously scrambled to hunt down and mitigate a critical vulnerability in a widespread component of many applications: the Log4j library. The following 12 months of Log4Shell woes highlighted that most companies do not know all the software components that make up their Internet-facing applications, do not have processes to regularly check configurations, and fail to find ways to integrate and incentivize security among their developers. 

The result? With the post-pandemic increase in remote work, many companies have lost their ability to lock down applications and remote workers and consumers are more vulnerable to cyberattacks from every corner, says Brian Fox, chief technology officer for Sonatype, a software security firm.

“Perimeter defense and legacy behavior worked when you had physical perimeter security — basically everyone was going into an office — but how do you maintain that when you have a workforce that increasingly works from home or a coffee shop?” he says. “You’ve stripped away those protections and defenses.”

As 2022 nears its close, companies continue to struggle against insecure applications, vulnerable software components, and the large attack surface area posed by cloud services.

The Software Supply Chain’s Gaping Holes Persist

Even though software supply chain attacks grew 633% in 2021, companies still do not have the processes in place to do even simple security checks, such as weeding out known vulnerable dependencies. In March, for example, Sonatype found that 41% of downloaded Log4jcomponents were vulnerable versions.

Meanwhile, companies are increasingly moving infrastructure to the cloud and adopting more Web applications, tripling their use of APIs, with the average company using 15,600 APIs, and traffic to APIs quadrupling in the last year.

This increasingly cloudy infrastructure makes users’ human fallibility the natural attack vector into enterprise infrastructure, says Tony Lauro, director of security technology and strategy at Akamai.

“The…

Source…