Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cyber Attacks. Show all posts
third-party risk
business disruption Cyber Attacks Cyber Insurance Cybersecurity Data Breach Ransomware third-party risk

Cyberattacks on Key Vendors Trigger Widespread Disruptions Across Industries

Cybercriminals are increasingly targeting a single point of failure within companies to create large-scale disruption, according to a recent report by Resilience. The analysis highlights how such attacks can have a ripple effect across entire industries.

In 2024, the global average cost of a data breach was estimated at nearly $4.9 million, based on IBM research. However, certain incidents proved to be significantly more damaging.

One of the most costly breaches occurred when UnitedHealth reported a staggering $3.1 billion expenditure in response to a cyberattack on its Change Healthcare subsidiary. This division processes billions of medical claims annually, and the ransomware attack led to prolonged disruptions in the healthcare sector.

“It was the most significant and consequential cyberattack in the history of U.S. health care,” said John Riggi, national advisor for cybersecurity and risk at the American Hospital Association, in a blog post.

Another major incident targeted CDK Global, a software provider for car dealerships across the U.S. The ransomware attack caused financial damages exceeding $1 billion collectively, as estimated by Anderson Economic Group.

The cyberattacks on Change Healthcare and CDK Global exemplify how disruptions in interconnected organizations can have widespread industry consequences, Resilience noted in its report.

According to Resilience’s analysis, third-party risks have become a leading factor in cyber insurance claims, representing 31% of claims filed by its clients in 2024. While a slightly higher percentage (37%) of third-party claims was recorded in 2023, none resulted in material financial losses.

The study also revealed that ransomware attacks targeting vendors have become a “new and significant” contributor to insurance claims, accounting for 18% of such cases.

Although ransomware remained the primary cause of cyber losses in 2024—responsible for 62% of claims—its overall occurrence may be declining. Resilience attributes this trend to cybercriminals shifting focus toward larger, high-profile organizations that offer bigger financial payouts, moving away from the traditional “spray and prey” strategy.
Read more »
Sensitive Data Leak
Cyber Attacks Data Leak data security Data Theft IT Systems Ransomware attack Ransomware group Ransomwares Sensitive Data Leak

Tata Technologies Cyberattack: Hunters International Ransomware Gang Claims Responsibility for 1.4TB Data Theft

 

Hunters International, a ransomware group known for high-profile cyberattacks, has claimed responsibility for a January 2025 cyberattack on Tata Technologies. The group alleges it stole 1.4TB of sensitive data from the company and has issued a threat to release the stolen files if its ransom demands are not met. Tata Technologies, a Pune-based global provider of engineering and digital solutions, reported the cyberattack in January. 

The company, which operates in 27 countries with over 12,500 employees, offers services across the automotive, aerospace, and industrial sectors. At the time of the breach, Tata Technologies confirmed that the attack had caused disruptions to certain IT systems but stated that client delivery services remained unaffected. The company also assured stakeholders that it was actively restoring impacted systems and conducting an internal investigation with cybersecurity experts. 

However, more than a month later, Hunters International listed Tata Technologies on its dark web extortion page, taking responsibility for the attack. The group claims to have exfiltrated 730,000 files, totaling 1.4TB of data. While the ransomware gang has threatened to publish the stolen files within a week if a ransom is not paid, it has not provided any samples or disclosed the nature of the compromised documents. Tata Technologies has yet to release an update regarding the breach or respond to the hackers’ claims. 

BleepingComputer, a cybersecurity news platform, attempted to contact the company for a statement but did not receive an immediate response. Hunters International emerged in late 2023, suspected to be a rebranded version of the Hive ransomware group. Since then, it has carried out multiple high-profile attacks, including breaches of Austal USA, a U.S. Navy contractor, and Japanese optics company Hoya. 

The group has gained notoriety for targeting various organizations without ethical restraint, even engaging in extortion schemes against individuals, such as cancer patients from Fred Hutchinson Cancer Center. Although many of the gang’s claims have been verified, some remain disputed. For example, in August 2024, the U.S. Marshals Service denied that its systems had been compromised, despite Hunters International’s assertions.  

With cybercriminals continuing to exploit vulnerabilities, the Tata Technologies breach serves as another reminder of the persistent and evolving threats posed by ransomware groups.
Read more »
Security Vendors
Cyber Attacks Cyber attacks on Industrial leaders IBM research ransomware attacks Ransomwares resilience Security Vendors

Cyberattacks on Single Points of Failure Are Driving Major Industry Disruptions


Cybercriminals are increasingly targeting single points of failure within companies, causing widespread disruptions across industries. According to cybersecurity firm Resilience, attackers have shifted their focus toward exploiting key vulnerabilities in highly interconnected organizations, triggering a “cascading effect of disruption and chaos downstream.” This strategy allows cybercriminals to maximize the impact of their attacks, affecting not just the initial target but also its partners, clients, and entire industries. 


The financial consequences of these attacks have been severe. According to IBM research, the global average cost of a data breach in 2024 was nearly $4.9 million. However, some breaches were far more expensive. One of the most significant incidents involved a ransomware attack on Change Healthcare, a subsidiary of UnitedHealth that processes billions of medical claims annually. UnitedHealth reported that the attack cost the company $3.1 billion in response efforts, making it one of the most financially damaging cyber incidents in recent history. 

The attack caused major disruptions across the healthcare sector, impacting hospitals, insurance providers, and pharmacies. John Riggi, national cybersecurity advisor for the American Hospital Association, described the incident as “the most significant and consequential cyberattack in the history of U.S. health care.” Another major ransomware attack targeted CDK Global, a software provider for car dealerships across the U.S. The breach resulted in over $1 billion in collective losses for affected dealerships, according to estimates from Anderson Economic Group. 

This attack further demonstrated how cybercriminals can cripple entire industries by targeting critical service providers that businesses rely on for daily operations. Resilience’s analysis indicates that third-party risk has become a dominant driver of cyber insurance claims. In 2024, third-party breaches accounted for 31% of all claims filed by its clients. While the number was slightly higher in 2023 at 37%, none of those incidents resulted in material financial losses. The report also found that ransomware targeting vendors has become a significant concern, contributing to 18% of all incurred claims.  

Ransomware remained the top cause of financial loss in cyber incidents last year, responsible for 62% of claims involving monetary damages. However, Resilience’s research suggests that while ransomware remains a major threat, its frequency may be declining in broader markets. This trend is attributed to cybercriminals shifting their focus from random, large-scale attacks to more strategic operations against high-value targets that offer larger payouts. 

The evolving threat landscape underscores the need for organizations to strengthen cybersecurity measures, particularly in highly interconnected industries. With cyberattacks becoming more sophisticated and financially motivated, businesses must prioritize risk management, enhance third-party security assessments, and invest in cyber resilience to prevent large-scale disruptions.
Read more »
Ransomware
Cyber Attacks Hackers Microsoft Paragon Software Ransomware

Hackers Exploit Flaw in Microsoft-Signed Driver to Launch Ransomware Attacks

 



Cybercriminals are exploiting a vulnerability in a Microsoft-signed driver developed by Paragon Software, known as BioNTdrv.sys, to carry out ransomware attacks. This driver, part of Paragon Partition Manager, is typically used to manage hard drive space, but hackers have found a way to misuse it for malicious purposes.  


How the Attack Works  

The vulnerability, identified as CVE-2025-0289, allows attackers to use a technique called "bring your own vulnerable driver" (BYOVD). This means they introduce the legitimate but flawed driver into a system and exploit it to gain high-level access. Once they obtain SYSTEM-level privileges, they can execute ransomware, steal data, or disable security software without being detected.  

The alarming part is that the vulnerability can be exploited even on devices that do not have Paragon Partition Manager installed, as long as the driver exists on the system.  


Other Vulnerabilities  

Researchers also found four additional flaws in the driver:  

1. CVE-2025-0288: Allows access to kernel memory, helping attackers gain control.  

2. CVE-2025-0287: Can crash the system using a null pointer error.  

3. CVE-2025-0286: Enables attackers to execute malicious code in kernel memory.  

4. CVE-2025-0285: Allows manipulation of kernel memory, escalating control. 


Response from Microsoft and Paragon  

Microsoft confirmed that hackers are already using this flaw to spread ransomware and has responded by blocking the vulnerable driver through its Vulnerable Driver Blocklist. Meanwhile, Paragon Software has released a security patch and advised users to update their drivers immediately to avoid potential risks.  


How to Stay Safe  

To protect your system from these attacks:  

1. Update your drivers from Paragon Software to the latest version.  

2. Install Windows security updates regularly.  

3. Use reliable antivirus software to detect suspicious activities.  

4. Monitor your system for unexpected crashes or slow performance.    

While Microsoft and Paragon Software have taken steps to contain the damage, users must stay proactive in securing their systems through regular updates and vigilant monitoring.

Read more »
Phishing Attacks
Cyber Attacks cyberattacks trending news Netflix cybersecurity News phishing Phishing Attacks

Netflix Users Warned About AI-Powered Phishing Scam

 

Netflix subscribers are being warned about a sophisticated phishing scam circulating via email, designed to steal personal and financial information. 

The deceptive email mimics an official Netflix communication, falsely claiming that the recipient’s account has been put on hold. It urges users to click a link to resolve the issue, which redirects them to a fraudulent login page that closely resembles Netflix’s official site. 

Unsuspecting users are then prompted to enter sensitive details, including their Netflix credentials, home address, and payment information. Cybersecurity experts caution that phishing scams have become more advanced with the rise of AI-driven tactics. 

According to Jake Moore, Global Cybersecurity Advisor at ESET, artificial intelligence has enabled cybercriminals to launch phishing campaigns at an unprecedented scale, making them appear more legitimate while targeting a larger number of users. 

“Despite these advancements, many scams still rely on urgency to pressure recipients into acting quickly without verifying the sender’s authenticity,” Moore explained. 

Users are advised to remain vigilant, double-check email sources, and avoid clicking on suspicious links. Instead, they should visit Netflix directly through its official website or app to verify any account-related issues.
Read more »
Voice Phishing
AI Attacks Cyber Attacks cyber intrusion threat report Voice Phishing

CrowdStrike Report Reveals a Surge in AI-Driven Threats and Malware-Free Attacks

 

CrowdStrike Holdings Inc. released a new report earlier this month that illustrates how cyber threats evolved significantly in 2024, with attackers pivoting towards malware-free incursions, AI-assisted social engineering, and cloud-focused vulnerabilities. 

The 11th annual CrowdStrike Global Threat Report for 2025 details an increase in claimed Chinese-backed cyber activities, an explosion in "vishing," or voice phishing, and identity-based assaults, and the expanding use of generative AI in cybercrime. 

In 2024, CrowdStrike discovered that 79% of cyber incursions were malware-free, up from 40% in 2019. Attackers were found to be increasingly using genuine remote management and monitoring tools to circumvent standard security measures. 

And the breakout time — the time it takes a perpetrator to move laterally within a compromised network after gaining initial access — plummeted to 48 minutes in 2024, with some attacks spreading in less than a minute. Identity-based assaults and social engineering had significant increases until 2024. 

Vishing attacks increased more than fivefold, displacing traditional phishing as the dominant form of initial entry. Help desk impersonation attempts grew throughout the year, with adversaries convincing IT professionals to reset passwords or bypass multifactor authentication. Access broker adverts, in which attackers sell stolen credentials, increased by 50% through 2024, as more credentials were stolen and made available on both the clear and dark web. .

Alleged China-linked actors were also active throughout the year. CrowdStrike's researchers claim a 150% rise in activity, with some industries experiencing a 200% to 300% spike. The same groups are mentioned in the report as adopting strong OPSEC measures, making their attacks more difficult to track. CrowdStrike's annual report, like past year's, emphasises the growing use of AI in cybercrime.

Generative AI is now commonly used for social engineering, phishing, deepfake frauds, and automated disinformation campaigns. Notable AI initiatives include the North Korean-linked group FAMOUS CHOLLIMA, which used AI-powered fake job interviews to penetrate tech companies. 

Mitigation tips 

To combat rising security risks, CrowdStrike experts advocate improving identity security through phishing-resistant MFA, continuous monitoring of privileged accounts, and proactive threat hunting to discover malware-free incursions before attackers gain a foothold. Organisations should also incorporate real-time AI-driven threat detection, which ensures rapid response capabilities to mitigate fast-moving attacks, such as those with breakout periods of less than one minute. 

In addition to identity protection, companies can strengthen cloud security by requiring least privilege access, monitoring API keys for unauthorised use, and safeguarding software-as-a-service apps from credential misuse. As attackers increasingly use automation and AI capabilities, defenders should implement advanced behavioural analytics and cross-domain visibility solutions to detect stealthy breaches and halt adversary operations before they escalate.
Read more »
Qilin Ransomware
Cyber Attacks Data Theft Double extortion Media Firm Qilin Ransomware

Qilin Ransomware Outfit Claims Credit for Lee Enterprises Breach

 

The Lee Enterprises attack that caused disruptions on February 3 has been linked to the Qilin ransomware group, which has released samples of data they claim were stolen from the enterprise. The ransomware actors have now threatened to release all of the allegedly stolen material unless a ransom demand is fulfilled.

The US-based media firm Lee Enterprises owns and runs 350 magazines, 77 daily newspapers, digital media platforms, and marketing services. The company's internet viewership reaches tens of millions each month, and its main concentration is local news and advertising.

In a report with the Securities and Exchange Commission (SEC) earlier this month, the company disclosed that it was subjected to a cyberattack on February 3, 2025, resulting in major operational disruption. Threat analysts discovered that the outage created serious issues, including lost access to internal systems and cloud storage, as well as non-functioning corporate VPNs.

A week later, Lee Enterprises filed a new statement with the SEC, stating that the attackers "encrypted critical applications and exfiltrated certain files," implying that they had been targeted by ransomware. 

Earlier this week, Qilin ransomware added Lee Enterprises to its dark web extortion site, publishing samples of allegedly stolen data such as government ID scans, non-disclosure agreements, financial spreadsheets, contracts/agreements, and other private papers reportedly stolen from the company. 

Evolution of Qilin ransomware

Despite not being one of the most active ransomware groups, Qilin has advanced significantly since being introduced in August 2022 under the alias "Agenda.”

In the years that followed, the cybercriminals claimed hundreds of victims, with prominent examples including automotive manufacturer Yangfeng, Australia's Court Services Victoria, and many major NHS hospitals in London. 

In terms of technical evolution, Qilin delivered a Linux (VMware ESXi) variation in December 2023, began deploying a custom Chrome credentials stealer in August 2024, and launched a Rust-based data locker with stronger encryption and better evasion in October. 

Microsoft released a report last year claiming that the infamous members of the hacking group known as "Scattered Spider" had started using the Qilin ransomware in their attacks.
Read more »
Russia
Aerospace Cyber Attacks Europe Poland Russia

Poland’s Space Agency Investigates Cyberattack, Works On Security Measures

 



Poland’s space agency, POLSA, has reported a cyberattack on its systems, prompting an ongoing investigation. In response to the breach, the agency quickly disconnected its network from the internet to prevent further damage. As of Monday, its official website was still offline.  


Government and Cybersecurity Teams Take Action

Poland’s Minister of Digital Affairs, Krzysztof Gawkowski, confirmed that cybersecurity experts detected unauthorized access to POLSA’s systems. Security specialists have since secured the affected infrastructure and are now working to determine who was behind the attack. However, officials have not yet shared whether the hackers were financially motivated cybercriminals or politically driven groups. The method used to infiltrate the agency’s network also remains undisclosed.  


Why Hackers Target Space Agencies

Organizations involved in space research and technology are often appealing targets for cybercriminals. Many of these agencies collaborate with defense and intelligence sectors, making them vulnerable to attacks that could expose confidential projects, satellite communications, and security-related data. A cyberattack on such an agency could disrupt critical operations, leak classified research, or even interfere with national security.  


Poland Faces a Surge in Cyberattacks

Poland has become one of the most frequently targeted countries in the European Union when it comes to cyber threats. Earlier this year, Gawkowski stated that the country experiences more cyber incidents than any other EU nation, with most attacks believed to be linked to Russian actors. Poland’s strong support for Ukraine, both in military assistance and humanitarian aid, has likely contributed to this rise in cyber threats.  

The number of cyberattacks against Poland has increased drastically in recent years. Reports indicate that attacks doubled in 2023 compared to previous years, with over 400,000 cybersecurity incidents recorded in just the first half of the year. In response, the Polish government introduced a cybersecurity initiative in June, allocating $760 million to strengthen the country’s digital defenses.  


Other Space Agencies Have Also Been Targeted

This is not the first time a space agency has fallen victim to cyberattacks. Japan’s space agency, JAXA, has faced multiple breaches in the past. In 2016, reports suggested that JAXA was among 200 Japanese organizations targeted by suspected Chinese military hackers. In 2023, unknown attackers infiltrated the agency’s network, raising concerns that sensitive communications with private companies, such as Toyota, may have been exposed.  

As space technology continues to advance, protecting space agencies from cyber threats has become more crucial than ever. These organizations handle valuable and often classified information, making them prime targets for espionage, sabotage, and financial cybercrime. If hackers manage to breach their systems, the consequences could be severe, ranging from stolen research data to disruptions in satellite operations and defense communications.  

POLSA’s ongoing investigation will likely uncover more details about the cyberattack in the coming weeks. For now, the incident highlights the increasing need for governments and space organizations to invest in stronger cybersecurity measures to protect critical infrastructure.

Read more »
Subscribe to: Posts (Atom)