Tag Archive for: Web’

Zero-Day Exploits Dominate Malware from Web Traffic in Q1 — THE Journal


Information Security

Zero-Day Exploits Dominate Malware from Web Traffic in Q1

In the first quarter of 2023, a massive 93% of detected malware from encrypted web traffic and 70% of malware from unencrypted web traffic came from zero day malware, according to a new report. And 51 new ransomware variants were detected.

According to WatchGuard Technologies’ Q1 Internet Security Report, part of an ongoing series of quarterly reports on data security across all sectors, “Zero day malware can infect IoT devices, misconfigured servers, and other devices that don’t use robust host-based defenses….”

Meanwhile, on the ransomware front, according to WatchGuard, “In Q1 2023, the Threat Lab tallied 852 victims published to extortion sites and discovered 51 new ransomware variants. These ransomware groups continue to publish victims at an alarmingly high rate; some are well known organizations and companies in the Fortune 500.”

Other trends noted in the Q1 report included:

  • Malware droppers are targeting Linux systems, “a stark reminder that just because Windows is king in the enterprise space, this doesn’t mean organizations can afford to turn a blind eye to Linux and macOS,” according to WatchGuard;

  • Attackers are exploiting browser notifications more now that browsers have more protections in place against abuse of pop-ups;

  • Three-fourths of new attacks in Q1’s top-10 list originated in China and Russia;

  • Exploits targeting Microsoft Office and Microsoft’s end of life products persist; and

  • “Living-off-the-land” attacks — attacks that use a system’s built-in tools to accomplish their goals — continue to rise. “The continued appearance of Microsoft Office- and PowerShell-based malware in these reports quarter after quarter underscores the importance of endpoint protection that can differentiate legitimate and malicious use of popular tools like PowerShell,” according to the report.

The complete report and an executive summary can be accessed free of…

Source…

Ransomware gang posted 2,800 patient photos to dark web


A court filing from Allentown, Pa.-based Lehigh Valley Health Network says Russian ransomware gang BlackCat posted 2,800 pictures of breast cancer patients undressed from the waist up, WFMZ reported April 12.  

Lehigh Valley Health Network also said BlackCat demanded $5 million ransom after it breached its IT network on Feb. 6. 

This comes after Lehigh Valley Health Network told Becker’s that BlackCat had posted limited patient information on the dark web, including three screenshots, which were “clinically appropriate photographs of cancer patients receiving radiation oncology treatment at LVPG Delta Medix, as well as seven documents containing patient information.”

Lehigh Valley Health Network is currently facing a lawsuit which accuses it of making a “knowing, reckless and willful decision to let the hackers post the nude images,” while “publicly patting itself on the back for standing up to the hackers” and “consciously and intentionally ignoring the real victims.” 

The health system is trying to transfer this suit from a Lackawanna County, Pa., court to the U.S. District Court and said it could cost more than $55 million to resolve it.

Source…