Tag: report | Page 6

Delinea report highlights switch in ransomware techniques

January 30, 2024/in Internet Security

Delinea recently published its annual State of Ransomware report. The analysis revealed an upward trend in ransomware, signalling a shift in cybercriminal strategies. Traditional techniques of incapacitating a business and demanding a ransom have given way to stealthier methods, such as exfiltrating confidential data to sell to the top payer on the darknet or utilising it to demand substantial cyber insurance settlements.

The research, entitled ‘State of Ransomware 2024: Anticipating the Battle and Strengthening Your Defenses,’ analysed Censuswide survey data from more than 300 American IT and Security decision makers. The research sought to uncover significant shifts compared to previous year data and determine emerging trends. Primary among them is a resurgence of ransomware; even though the numbers have not yet reached the 2021 peak, the proportion of organisations citing themselves as recent victims more than doubled from 25% to 53%. Mid-sized businesses have emerged as the prime targets of cybercriminals, with 65% of these organisations noting incidents of ransomware in the last 12 months. There are also more victims paying ransoms than before, with the figure increasing from 68% to 76% since the last year.

Interestingly, the survey shed light on new motives, strategies, and tactics. There was a 39% surge in data exfiltration, shifting from 46% to 64% and becoming the motive of choice for attackers. This move towards stealing sensitive data to sell on the darknet is demonstrated in the significant decline in traditional money extortion, which dropped from 69% to 34% this year.

Rick Hanson, President at Delinea, stated, “Ransomware certainly appears to have reached a critical sea change – it’s no longer just about the quick and easy payout. Even as organisations are investing more in safety nets like cyber insurance which often have ransomware payouts included in coverage policies, cybercriminals are finding that using stealth tactics to stay under the radar and access sensitive, valuable information to sell is the better investment of their effort.”

Another notable development is the shift in cyber criminals’ tactics. The preferred method moved from email (down…

Source…

How to Report Illegal Website Hacking

January 26, 2024/in Computer Security

Contact your Internet service provider or website hosting service. Alerting them of the suspected hacking can help them take action against any security breaches, preventing others from being …

Source…

Security Report Blows The Whistle On A Massive Android TV Botnet Campaign

January 19, 2024/in Mobile Security

Botnet activities are usually sniffed out and found fairly routinely, but it seems that a previously unknown cybercrime gang named Bigpanzi has been laying low and getting away with it. New reports suggest that this gang has amassed a 170,000-device-strong botnet since 2015, developing along with it an admittedly impressively vast infrastructure network.

This week, researchers out of Qianxin Xlabs, a Chinese research group, published a report on the threat group Bigpanzi. This discovery began with the finding of a virus sample called pandoraspear, which contained nine hardcoded C2 domain names. Two of these domain names were expired, so the researchers elected to register the domains and determine the botnet’s size. This allowed them to find that the network had 170,000 daily active bots which are primarily based out of Brazil.

apps security report blows the whistle on a massive android tv botnet campaign — *Examples of some of the sites for the malicious apps.*

While the Bigpanzi gang went after the researchers after they made this discovery, the investigation continued. This allowed them to find several download scripts and other information, further revealing the threat actor group’s infrastructure and motives. Namely, it is noted that the group “primarily targets Android OS TVs and set-top boxes, as well as eCos OS set-top boxes.” This is based on getting users to install apps or updates to gain control of the systems rather than relying on leveraging vulnerabilities.

map security report blows the whistle on a massive android tv botnet campaign

Beyond standard botnet activities like distributed denial-of-service (DDoS), this network can “disseminate any form of visual or audio content, unbound by legal constraints.” The concern is that the botnet could “broadcast violent, terroristic, or pornographic content, or to employ increasingly convincing AI-generated videos for political propaganda, poses a significant threat to social order and stability.”

How this group operates and its potential capabilities are rather interesting, as this is something that has yet to be seen. Further, it is fascinating that they have been able to lay low for so long without discovery while being so widespread. You can see the full coverage of the group on the Xlabs site, but perhaps the key takeaway is that one should not just install…

Source…

Google Downplays Undocumented Chrome API Exploited by Malware to Extend Account Theft: Report

January 8, 2024/in Computer Security

Updated Jan 8, 2024, 07:45 AM IST

While Google downplays the severity, security experts raise alarms about the implications of this undocumented Chrome API vulnerability.

A simmering cyberwarfare saga just took a concerning turn, with researchers uncovering a novel technique employed by malware to prolong access to stolen Google accounts. While Google downplays the severity, security experts raise alarms about the implications of this undocumented Chrome API vulnerability.

Malware’s New Trick: In late November, reports emerged of malware like Lumma and Rhadamanthys reviving expired Google authentication cookies, essentially granting attackers persistent access to victims’ accounts. Now, this tactic has gained traction, with four more malware families including Stealc, Medusa, RisePro, and Whitesnake adopting the same method.

The Undocumented Weapon: The key to this extended breach lies in an obscure Google OAuth “MultiLogin” API endpoint, discovered by cybersecurity firm CloudSEK. This API, initially believed to sync accounts across Google services, seems vulnerable to manipulation.

Exploiting the Loophole: Researchers suspect malware abuses this API by stealing two crucial tokens from Chrome: regular authentication cookies and a special “Refresh” token. With the Refresh token, even after stolen cookies expire, the malware can generate new ones, perpetuating unauthorized access. This essentially extends the malware’s lifespan within targeted accounts.

Google’s Murky Response: BleepingComputer’s attempts to understand the MultiLogin API have been met with silence from Google. The only documentation exists within Chrome’s source code, leaving security experts and users in the dark about its intended purpose and potential vulnerabilities.

Concerns on the Rise: Security researchers like Pavan Karthick of CloudSEK are sounding the alarm. They highlight the ease with which malware exploits this undocumented API, granting attackers extended access to sensitive user data, including emails, documents, and contacts. Furthermore, the lack of transparency from Google regarding the purpose and security of this API only amplifies the concerns.

Beyond Technicalities: The…

Source…

Tag Archive for: report

While Google downplays the severity, security experts raise alarms about the implications of this undocumented Chrome API vulnerability.