Tag: winning | Page 2

Week in review: Account pre-hijacking, Sigstore, ransomware still winning

May 29, 2022/in Internet Security

OPIS

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

RansomHouse: Bug bounty hunters gone rogue?
A new cybercrime outfit that calls itself RansomHouse is attempting to carve out a niche of the cyber extortion market for itself by hitting organizations, stealing their data, and offering to delete it and provide a full report on how and what vulnerabilities were exploited in the process – all for a fee, of course.

Account pre-hijacking attacks possible on many online services
Online accounts getting hijacked and misused is an everyday occurrence, but did you know that account pre-hijacking attacks are also possible?

Verizon 2022 DBIR: External attacks and ransomware reign
There has been an alarming rise (13%) in ransomware breaches – a jump greater than the past 5 years combined, Verizon Business has revealed in its 2022 Data Breach Investigations Report (2022 DBIR).

GM, Zola customer accounts compromised through credential stuffing
Customers of automaker General Motors (GM) and wedding planning company Zola have had customer accounts compromised through credential stuffing, and the criminals have used the access to redeem gift cards.

3 key elements to protect a Kubernetes cluster
Kubernetes changed how we structure, deploy, and run our applications and became a de-facto standard for running infrastructure at scale. With the rapid adoption of container-based technologies, organizations are increasingly concerned about the security of their Kubernetes clusters.

Ransomware still winning: Average ransom demand jumped by 45%
Group-IB unveils its guide to the evolution of threat number one “Ransomware Uncovered 2021/2022”.

What does prioritizing cybersecurity at the leadership level entail?
Week after week, month after month, shareholder cyber lawsuits hit the news. Capital One settles for $190 million. A class-action lawsuit was filed against Ultimate Kronos Group for alleged negligence regarding a ransomware attack, identifying a poor cybersecurity system as the root problem.

Elevation of Privilege is the #1 Microsoft vulnerability category
BeyondTrust announced the release of a report which includes the latest annual…

Source…

Ransomware still winning: Average ransom demand jumped by 45%

May 23, 2022/in Internet Security

Group-IB unveils its guide to the evolution of threat number one “Ransomware Uncovered 2021/2022”. The findings of the second edition of the report indicate that the ransomware empire kept its winning streak going with the average ransom demand growing by 45% to reach $247,000 in 2021.

average ransom demand

Ransomware gangs have also become way greedier since 2020. A record-breaking ransom of $240 million ($30 mln in 2020) was demanded by Hive from MediaMarkt. Hive and another 2021 newcomer to the Big Game Hunting, Grief, quickly made its way to the top 10 gangs by the number of victims posted on dedicated leak sites (DLS).

Ransomware assembly line

The new report takes stock of the most up-to-date tactics, techniques, and procedures (TTPs) of ransomware threat actors observed across all geographic locations by Group-IB Digital Forensics and Incident Response (DFIR) team. In addition to the analysis of more than 700 attacks investigated, the report also examines ransomware DLS.

Human-operated ransomware attacks have maintained the global cyber threat landscape lead by solid margins over the last three years. The rise of initial access brokers and the expansion of Ransomware-as-a-Service programs (RaaS) have become the two main driving forces behind continuous growth of ransomware operations. RaaS made it possible for low-skilled cybercriminals to join the game to ultimately bring the victim numbers up.

Based on the analysis of more than 700 attacks in 2021, experts estimated that the ransom demand averaged $247,000 in 2021, 45% more than in 2020. Ransomware evolved with more sophistication which is clearly visible from the victim’s downtime, which increased from 18 days in 2020 to 22 days in 2021.

RaaS programs started offering their affiliates not only ransomware builds, but also custom tools for data exfiltration to simplify and streamline operations. As such, the double extortion technique became even more widespread – sensitive victim data was exfiltrated as a leverage to get the ransom paid in 63% of cases analyzed. Between the Q1’2021 and Q1’2022, ransomware gangs posted data belonging to more than 3,500 victims on DLS.

Most companies whose data was posted on DLS by…

Source…

Winning the battle against blended threats

October 24, 2020/in Internet Security

BlendedThreatsBlog

We’re watching evolution in real-time. The bad guys have industrialized the attack toolbox. They’re a step ahead of firewalls. They know where the tripwires and detection thresholds are for DDOS and Bot Detection solutions. Staying low and slow is cheap and productive. They’re sappers and deftly understand how to stay below the threshold of detection.

From reconnaissance towards pwnage, attack methodologies shift, shimmer and shimmy through cracks in defense systems designed for a less clever attack. What was once a winning defense strategy—tooling designed to block a single variant of an automated attack—just doesn’t cut it anymore.

For good reason, companies are calling ThreatX for help. Their allegedly best-of-breed point-solutions for DDOS mitigation and Bot detection are failing in the face of this evolution in attack sophistication. When we get the call, we start with forensic analysis to determine how and why things went wrong, and we deploy the full power of the ThreatX Platform to get them protected going forward.

Recently, several of these engagements have shared a common theme—the damage was getting done because attackers used a blend of tools and techniques that didn’t fit cleanly into any single layer of the client’s defense perimeter. As we dug into these attacks, obvious questions emerged;

Was it a bot attack?
Was it a large-scale Distributed Denial of Service (DDOS) attack?
Was it an attempt to exploit a known vulnerability deep in some application’s tech stack?

Spoiler Alert: the answer to all three questions is “YES”!
Because attackers are under no obligation to conform to our defense toolchain’s definitions or expectations.

Increasingly, our threat-hunters observe highly sophisticated, multi-faceted, mixed-mode attacks that penetrate defenses by staying just below detection thresholds. Then they morph. Then they move one more step. Then they morph again. Each elusive step applies different tricks to slip between the cracks in a defense perimeter designed for a different scale of attack.

In the cat-and-mouse game of cyber defense, it’s good sport!

In most cases, the problem…

Source…

Adversarial artificial intelligence: winning the cyber security battle – Information Age

February 8, 2020/in Computer Security

Adversarial artificial intelligence: winning the cyber security battle Information Age
“computer security news” – read more

Tag Archive for: winning

Ransomware assembly line