Tag Archive for: target

Ransomware cybercriminals continue to target manufacturers


If your manufacturing clients are seeing cyber premiums increase, more ransomware incidents could be why.

Although many manufacturing businesses like this perfume factory were quick to digitalize, many also failed to invest in IoT security at the same time they were building out their technological capacity. (Credit: Lena Wurm/Adobe Stock)

According to a new report by industrial cybersecurity firm Dragos, out of 905 ransomware incidents Dragos tracked, 638, or 70%, affected the manufacturing sector.

Dragos noted about a 50% increase in ransomware attacks against industrial organizations between 2022 and 2023.

But what could be of more value than the knowledge of increased premium expectations is the reason why this sector is seeing so many ransomware attacks. If manufacturers are not willing to plug the holes in the dike, then they should prepare themselves for attack, as attackers will always pursue the most vulnerable risks.

Exploiting vulnerabilities

Lax defenses and the significant costs incurred by any impact to operations of industrial risks make them vulnerable to digital extortion. In looking at the manufacturing sector, the industry was quick to move into digital transformation and internet connectivity but did not invest in IoT security at the same time. Ransomware attacks not only impact operational efficiency but also lead to financial and reputational costs, and further still have trickle-down effects on downstream businesses and outputs.

As with many sectors, the manufacturing sector still struggles with segmenting networks like those that deal with human resources from operational technology networks that control operations. This gives a hacker broad access to the organization. Water and wastewater utilities moving into digitization are also vulnerable, with a need to secure entry to access points as they…

Source…

How Not to Become the Target of the Next Microsoft Hack


COMMENTARY

The cybersecurity landscape, particularly within the Microsoft 365 ecosystem, constantly evolves. Recent incidents involving major tech companies and cybersecurity firms highlight a critical reality: Understanding security best practices for Microsoft 365 differs from implementing them effectively.

Kaspersky reports that 2023 saw a 53% increase in cyber threats targeting documents, including Microsoft Office documents, daily. Attackers tended to use riskier strategies, like breaking into systems covertly through backdoors. In one instance, a non-production test account lacking multifactor authentication (2FA/MFA) was exploited, while in another, a backdoor was added to a file, leading to a supply chain attack.

These incidents serve as stark reminders that even low-risk accounts and trusted updates within Microsoft 365 can become vectors for security breaches if they’re not adequately protected and monitored. Despite organizations’ deep expertise, those targeted organizations fell victim to advanced cyberattacks, emphasizing the crucial need for diligent application of security measures within the Microsoft 365 space.

The Role of AI in Governance

Artificial intelligence (AI) has grown tremendously over the past few years, and it can now be found in almost every facet of technology. In this transformative era of AI and large language models (LLMs), advanced AI models can be leveraged to enhance cloud security measures. AI is more than on its way to becoming standard practice, and organizations have no choice but to embrace it. By fine-tuning AI algorithms for expert domain knowledge, AI can provide organizations with actionable insights and predictive capabilities to proactively identify and address potential security threats before they become an issue. These kinds of proactive strategies empower organizations to safeguard their digital assets effectively.

On the other hand, AI also increases the need for heightened cloud security. Just as the good guys are using AI to advance technology practices, hackers also use AI to uncover new organizational vulnerabilities and develop more sophisticated attacks. Open source LLM models available on the Internet can be leveraged to…

Source…

Government facilities were third largest ransomware target in 2023, FBI says


Government facilities were the third largest critical infrastructure sector targeted by ransomware attacks in 2023, according to cybercrime statistics released Wednesday by the FBI.

The agency’s Internet Crime Complaint Center, or IC3, unveiled the findings in its annual report that unpacks complaints, financial losses and other metrics used to determine the severity of cybercrime activities reported to federal authorities.

Of the 1,193 complaints IC3 received from organizations belonging to U.S.-designated critical infrastructure sectors, government facilities came in third place with 156 complaints, while critical manufacturing and healthcare centers took the second and top spots, respectively.

“Of the 16 critical infrastructure sectors, IC3 reporting indicated 14 sectors had at least 1 member that fell to a ransomware attack in 2023,” the report adds.

LockBit, ALPHV/BlackCat, Akira, Royal and Black Basta were the top ransomware gangs tied to those critical infrastructure complaints, the report added. ALPHV, which recently claimed responsibility for its attack on Change Healthcare that has caused widespread logjams in the prescription drug market, reportedly staged a takedown after hauling away a $22 million ransom payment from the company.

Ransomware operatives targeted companies around the world last year, with the number of firms targeted reaching an all-time high compared to findings in previous years, according to a January Check Point analysis.

The U.S. has been working with international partners to take a firm stance against ransom payments, though experts have not agreed on a single policy.

“The FBI does not encourage paying a ransom to criminal actors. Paying a ransom may embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities. Paying the ransom also does not guarantee that an entity’s files will be recovered,” IC3 says.

The IC3 report also found $350 million were lost from scams in which hackers impersonated government officials attempting to collect money. Older adults are overwhelmingly targeted in such scams, according to the data.

A total of 14,190…

Source…

Hacker group hides malware in images to target Ukrainian organizations


A group of attackers targeting Ukraine-affiliated organizations has been delivering malicious payloads hidden within the pixels of image files. Known as steganography, it is just one of many advanced techniques the group uses to evade detection as part of a malware loader known as IDAT.

Tracked as UAC-0184 by several security firms, as well as the Computer Emergency Response Team of Ukraine (CERT-UA), the group was seen targeting Ukrainian servicemen via phishing emails masquerading as messages from Ukraine’s ​​3rd Separate Assault Brigade and the Israeli Defense Forces (IDF). While most of the recipients of these messages were located in Ukraine, security firm Morphisec has confirmed targets outside of the country as well.

“While the adversary strategically targeted Ukraine-based entities, they apparently sought to expand to additional entities affiliated with Ukraine,” researchers said in a new report. “Morphisec findings brought to the forefront a more specific target — Ukraine entities based in Finland.” Morphisec also observed the new steganography approach in delivering malicious payloads after the initial compromise.

Staged malware injection ends with Remcos trojan

The attacks detected by Morphisec delivered a malware loader known as IDAT or HijackLoader that has been used in the past to deliver a variety of trojans and malware programs including Danabot, SystemBC, and RedLine Stealer. In this case, UAC-0184 used it to deploy a commercial remote access trojan (RAT) program called Remcos.

“Distinguished by its modular architecture, IDAT employs unique features like code injection and execution modules, setting it apart from conventional loaders,” the Morphisec researchers said. “It employs sophisticated techniques such as dynamic loading of Windows API functions, HTTP connectivity tests, process blocklists, and syscalls to evade detection. The infection process of IDAT unfolds in multiple stages, each serving distinct functionalities.”

The infection happens in stages, with the first stage making a call to a remote URL to access a .js (JavaScript) file. The code in this file tells the executable where to look for an…

Source…