Tag Archive for: Surge

Ransomware Victims Surge as Threat Actors Pivot to Zero-Day Exploits

/in


The number of organizations that became victims of ransomware attacks surged 143% between the first quarter of 2022 and first quarter of this year, as attackers increasingly leveraged zero-day vulnerabilities and one-day flaws to break into target networks.

In many of these attacks, threat actors did not so much as bother to encrypt data belonging to victim organizations. Instead, they focused solely on stealing their sensitive data and extort victims by threatening to sell or leak the data to others. The tactic left even those with otherwise robust backup and restoration processes backed into a corner.

A Surge in Victims

Researchers at Akamai discovered the trends when they recently analyzed data gathered from leak sites belonging to 90 ransomware groups. Leaks sites are locations where ransomware groups typically release details about their attacks, victims, and any data that they might have encrypted or exfiltrated.

Akamai’s analysis showed that several popular notions about ransomware attacks are no longer fully true. One of the most significant, according to the company, is a shift from phishing as an initial access vector to vulnerability exploitation. Akamai found that several major ransomware operators are focused on acquiring zero-day vulnerabilities — either through in-house research or by procuring it from gray-market sources — to use in their attacks.

One notable example is the Cl0P ransomware group, which abused a zero-day SQL-injection vulnerability in Fortra’s GoAnywhere software (CVE-2023-0669) earlier this year to break into numerous high-profile companies. In May, the same threat actor abused another zero-day bug it discovered — this time in Progress Software’s MOVEIt file transfer application (CVE-2023-34362) — to infiltrate dozens of major organizations globally. Akamai found Cl0p’s victim count surged ninefold between the first quarter of 2022 and first quarter of this year after it started exploiting zero-day bugs.

Although leveraging zero-day vulnerabilities is not particularly new, the emerging trend among ransomware actors to use them in large-scale attacks is significant, Akamai said.

“Particularly concerning is the in-house development of zero-day…

Source…

Ransomware attacks surge over 2-fold in India in first half of 2023: Report

/in


India saw a huge surge in ransomware and IoT cyber attacks in the first half of 2023, as criminals shifted to stealthier means of malicious activities, according to a report by SonicWall.

Ransomware

Photograph: Kacper Pempel/Reuterss

While major economies like the US and the UK witnessed a decline in ransomware attacks, India (up 133 per cent) and Germany (52 per cent) are among the countries that saw a huge surge in such attacks, the 2023 SonicWall Mid-Year Cyber Threat Report for the January-June period stated.

At the global level, a variety of other attacks have trended up, including cryptojacking (399 per cent), IoT malware (37 per cent) and encrypted threats (22 per cent), the report said.

At the global level, there was a decline of 41 per cent in ransomware attacks.

 

Cybercriminals are diversifying and expanding their skill sets to attack critical infrastructure, making the threat landscape even more complex and forcing organizations to reconsider their security needs, the report mentioned.

“While India saw a lesser rise in crypto attacks, there has been a huge growth in ransomware and IoT attacks overall.

“These rises in cyberattacks pose great risks to India’s economic ambitions, with industries from manufacturing to pharmaceuticals becoming more vulnerable as they continue to digitize operations,” Debasish Mukherjee, vice president regional sales, APJ, SonicWall said.

The data suggests increased law enforcement activity, heavy sanctions and victims’ refusal to pay ransom demands have altered criminal conduct, and threat actors are targeting other means of revenue, the report said while explaining the reason for fall in ransomware attack at the global level.

“The seemingly endless digital assault on enterprises, governments and global citizens is intensifying, and the threat landscape continues to expand,” said SonicWall President and CEO Bob VanKirk.

Data indicated that threat actors are more opportunistic than ever, targeting schools, state and local governments, and retail organizations at unprecedented rates, the report said.

Prominent attacks continued to plague enterprises, cities, airlines, and K-12 schools, causing widespread system downtime, economic loss and…

Source…

Hacking healthcare: With 385M patient records exposed, cybersecurity experts sound alarm on breach surge

/in


Healthcare companies more than ever are using electronic records and tapping digital services. That’s also creating more opportunities for cybercriminals — who already have exposed the private medical information of millions of patients — and bolsters the case for the industry to make security priority No. 1, experts say.

Healthcare breaches have exposed 385 million patient records from 2010 to 2022, federal records show, though individual patient records could be counted multiple times.

Hacking incidents, a type of breach, at healthcare firms have skyrocketed in the past five years as cybercriminals demand ransoms in exchange for restoring access to sensitive medical data.

Hacking or IT incident is the most common breach type

Other types include unauthorized access/disclosure, theft, loss, improper disclosure, other and unknown.

While healthcare companies have to improve their cybersecurity given the rise in breaches and cyberattacks, regulators need to raise the bar on cybersecurity standards, experts told Healthcare Dive.

“Could all these organizations do a better job? Absolutely,” said Jim Trainor, former assistant director of the Cyber Division at the Federal Bureau of Investigation and who is now a senior vice president of Aon Cyber Solutions, a global professional services firm.

Disrupting any one of the nation’s 16 critical infrastructure sectors, including the healthcare industry, poses a national security threat. These sectors are vital to daily life for millions of Americans and disabling them would have a debilitating effect on society, according to the Cybersecurity and Infrastructure Security Agency, or CISA, the country’s cyber defense agency.


Cyberattacks that disrupt hospital operations put patients’ lives at risk. The FBI said that the healthcare industry was hit the hardest by ransomware attacks in 2021 compared to other critical infrastructure. And the threats come as hospitals struggle with staffing shortages and financial pressures exacerbated by the COVID-19 pandemic.

In the wake of a ransomware attack on one of the nation’s largest hospital operators last year, Healthcare Dive analyzed more than 5,000 breaches…

Source…

Nuspire Threat Report Reveals Continued Surge in Q3 2022 Threat Activity

/in


Threat activity in Q3 continued to surge following Q2, one of the most active quarters in recent history. According to Nuspire’s Q3 Threat Landscape Report, the company’s researchers noted that threat actors remain opportunistic, preying on organizations that are slow to patch against new vulnerabilities. They also continue to launch widespread phishing campaigns, hoping to lure a victim into interacting with their malicious payloads.

These researchers – Josh Smith, Cyber Threat Analyst, and Justin Heard, Threat Intelligence Manager – spent time reviewing their findings during a recent webinar. Read on for a recap of the key data points, attack vectors and mitigation strategies Josh and Justin shared.

Malware – CoinMiner activity decreases while Kryptik is on the rise

Malware saw an overall decrease in Q3 of 15.73%, however Nuspire witnessed surges in info stealer malware variants like Kryptik.

“Kryptik is a type of trojan malware that seeks to steal credentials from browsers and applications, as well as cryptocurrency wallets, files and SSH keys,” said Josh. “We saw a 236% increase over Q2, which is indicative of a rising usage of information-stealing malware.”

CoinMiner was a top malware in Q2, and while its usage decreased in Q3, it still remained a top variant.

“CoinMiner activity decreased almost 40% in Q3, which could have to do with the struggles we’re seeing in the cryptocurrency arena,” said Josh. “Perhaps this malware isn’t as attractive as it used to be, however I don’t see it going away, because this is a passive income strategy, meaning threat actors don’t have to do a lot of work to reap their rewards.”

Mitigation

There are several ways to combat malware threats to protect your environment from a breach.

“Next generation antivirus is great because it’s not only looking for a specific signature, but also, it can detect certain behaviors that are indicative of a threat,” said Justin. “Another strategy is network segmentation, where you segregate devices in a way that disallows a threat actor to get into other areas of your network.”

Botnets – Torpig Mebroot continues to dominate

Botnets shot up over 100% in Q2, and…

Source…