Cyber threat actors continue to adapt to break the latest technologies, practices, and data privacy laws. All organizations must stay ahead of cybercrime by implementing strong cybersecurity measures and programs for today and the New Year.
Expect an increase in digital supply chain attacks - With the rapid modernization and digitization of supply chains come new security risks. Gartner predicts that by 2025, 45% of organizations worldwide will have experienced attacks on their software supply
In the past several weeks, our analysts were asked their opinions of what they believe will be the most pressing cyber security issues for the upcoming year. I told them that you really can’t be wrong, as the malware used by all levels of hackers – is constantly changing. Our job as cyber security professional is to try our best, based upon what we have seen recently, to identify immediate challenges in our profession.
Are we guessing…… or do we use facts and evidence to make our expectations
Cybersecurity researchers have published the inner workings of a new wiper called Azov Ransomware that's deliberately designed to corrupt data and "inflict impeccable damage" to compromised systems. Azov is the name of ransomware, malware that blocks access to files by encrypting them. It encrypts all files (except files with .ini, .dll, and .exe extensions) and appends the ".azov" extension to their filenames. Also, Azov drops ransom notes (the "RESTORE_FILES.txt" files) in all folders that i
Recently, victims of a recently uncovered form of ransomware are being warned not to pay the ransom demand simply because the ransomware is not able to decrypt files it just destroys them instead. Coded in Python, Cryptonite ransomware first appeared in October 2022 as part of a free-to-download open-source toolkit available to anyone with the skills required to deploy it in attacks against Microsoft Windows systems, with phishing attacks believed to be the most common means of delivery.
An anal
Ransomware attacks keep increasing in volume and impact largely due to organizations' weak security controls. Mid-market companies are targeted as they possess a significant amount of valuable data but lack the level of protective controls and staffing of larger organizations. According to a recent RSM survey, 62% of mid-market companies believe they are at risk of ransomware in the next 12 months.
As ransomware is still the preferred way for actors to monetize their access, there is a need to u
Cloud computing giant Rackspace, located in San Antonio TX, confirmed earlier this week that a ransomware attack caused a widespread outage that halted email services for thousands of people. Since last Friday, the company has been dealing with an outage that took down the Microsoft Outlook Web App for thousands of customers and caused other downstream issues. The company runs a lucrative business centered on hosting Microsoft Exchange infrastructure, which offers customers Microsoft email, cal
A recent cyber-attack caused the trains operated by Denmark’s largest train service DSB to come to a halt. Threat actors hit a third-party IT service provider associated with DBS, which slammed the brakes on. The cyber-attack hit the Danish company Supeo, an IT service that provides enterprise asset management solutions to railway companies, transportation infrastructure operators and public passenger authorities. DSB is the largest train operating company in Denmark.[1]
“Trains throughout th
Red Sky Alliance maintains a substantial dark web collections data set and we make this data available to our customers through our CTAC, RedXray, and API products. This gives customers the opportunity to explore and perform analyses on dark web data without the need for establishing a safe infrastructure for navigating the Tor network. To date we have collected over 1.4 million data points across 80 dark web sites. The set of sites that we collect from on an ongoing basis will change with ne
Over two and a half years, a Russian-speaking ransomware group named OldGremlin has been attributed to 16 malicious campaigns aimed at entities operating in the transcontinental Eurasian nation. The group's victims include companies in logistics, industry, insurance, retail, real estate, software development, banking, and arms manufacturing.
OldGremlin is using custom backdoors (TinyPosh and TinyNode) and ransomware (TinyCrypt, a.k.a decr1pt) along with third-party software for reconnaissance a
The White House has begun its second annual International Counter Ransomware Summit in which Biden administration officials will convene with representatives of three dozen nations, the EU, and private business to discuss the growing threat posed by data-destroying cyberattacks. President Biden will not be attending the meetings.
According to administration officials previewing the summit over the weekend, the two-day event will focus on priorities like improving system resilience and developing
Our Friends at Fortinet have provided its latest technical analysis of the Ragnar Locker ransomware.
Affected platforms: Microsoft Windows
Impacted parties: Microsoft Windows Users
Impact: Encrypts files on the compromised machine and demands ransom for file decryption
Severity level: High
Ragnar Locker is ransomware for Windows and Linux that exfiltrates information from a compromised machine, encrypts files using the Salsa20 encry
Ransomware is currently one of the most significant cybersecurity issues facing all business and government sectors, as cyber criminals hack into businesses, schools, hospitals, critical infrastructure and more so as to encrypt files and demand a ransom payment for the decryption key. Despite warnings, many victims pay these ransoms, under the impression that it is the quickest way to restore their network, particularly if the cyber criminals are also threatening to leak stolen data. But all t
A victim of a ransomware attack paid to restore access to their network, but the cybercriminals did not hold up their end of the deal. The real-life incident, as detailed by cybersecurity researchers at Barracuda Networks, occurred in August 2021, when hackers from the BlackMatter ransomware group used a phishing email to compromise a single victim's account at an undisclosed company. First seen in July 2021, BlackMatter is a ransomware-as-a-service (RaaS) tool that allows the ransomware's dev
Encevo Group, an energy corporation based in Luxembourg, is dealing with an ongoing cyberattack by ransomware-as-a-service gang BlackCat. Some digital services are still disrupted 12 days after the attack began, but the company says that energy supply has not been affected. BlackCat is believed by researchers to retain hackers of DarkSide, the now-defunct ransomware group that attacked US gas provider Colonial Pipeline in 2021.
Encevo Group cyberattack: In a dark web blog post on 29 July, Bla
Israeli media sources are reporting a cyber-attack on 30 June at Sapir College. Students at Sapir College near the southern city of Sderot had received text messages stating that their personal information was being held for ransom by hackers. “Last night at around 9:00 p.m., local time some seniors and graduates of Sapir College received a text message about their account being hacked. We would like to clarify and reassure you: that the hacking of the college’s network is being handled by the
Link to full report: IR-22-210-002_weekly210.pdf
A new cross-platform ransomware named Luna can encrypt files on Windows, Linux, and ESXi, but its developers only offer it to Russian-speaking affiliates. The ransomware is fairly simple, according to researchers who analyzed the malware, but it uses an encryption scheme that is not typically used by ransomware a combination of X25519 elliptic curve Diffie-Hellman key exchange using Curve25519 with the Advanced Encryption Standard (AES) symmetric encryption algorithm. The Diffie-Hellman key ex
Digital security giant Entrust has confirmed that it suffered a cyberattack where threat actors breached their network and stole data from internal systems. Entrust is a security firm focused on online trust and identity management, offering a wide range of services, including encrypted communications, secure digital payments, and ID issuance solutions. Depending on what data was stolen, this attack could impact a large number of critical, and sensitive, organizations who use Entrust for ident
The cyber insurance market has matured in recent years, but it may fall short when it comes to certain major attacks, says a US government spending watchdog. The US Government Accountability Office (GAO) has called for a federal response to insurance for "catastrophic" cyberattacks on critical infrastructure. A functioning insurance market is essential for businesses, consumers, and, as GAO highlights, for critical infrastructure operators. The GAO, which audits the trillions of dollars the
Gartner’s top eight cybersecurity predictions warn organizations that they need to employ greater resilience to reduce the impact of more severe cyberattacks. Reducing the blast radius of larger, more potentially devastating attacks is key. Implied in the predictions is advice to focus not just on ransomware or any other currently trending type of cyberattack, but to prioritize cybersecurity investments as core to managing risks and see them as investments in the business. By 2025, 60% of or
