Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Global Attacks. Show all posts
National Security
Cyber Attacks CyberCrime Cybersecurity CyberThreat Global Attacks Google Mandiant Incident Response Groud National Security

National Security Faces Risks from Cybercrime Expansion

 


The incidence of cyberattacks globally increased by 125% in 2021 compared to 2020, posing a serious threat to businesses and individuals alike. Phishing continues to be the most prevalent form of cybercrime worldwide and is expected to continue this upward trend into 2022, showing that cybercrime is becoming more prevalent worldwide. 

 There was a report in 2021 that around 323,972 internet users were victims of phishing attacks, covering nearly half of all the individuals who were affected by data breaches. During the peak COVID-19 pandemic, around 220% of complaints of phishing were reported, further escalating cybersecurity risks. 

Nearly one billion emails were exposed as well in 2021, which has affected approximately one in five users of the internet, with approximately 60 million emails being exposed. The constant exposure of sensitive information may have contributed to the prevalence of phishing attacks, which reinforces the importance of enacting stronger cybersecurity measures to reduce the risk of such attacks. There have been numerous instances where criminal groups have deployed ransomware to disrupt business operations for extortion. 

They have recently included threats concerning the exposure of their stolen data in their extortion strategies. Now that this method is regarded as a standard practice, it has resulted in a significant increase in the amount of sensitive information that is publicized, which has resulted in such data becoming increasingly accessible, which presents opportunities for state intelligence agencies to obtain and utilize such data to their advantage.

The Mandiant Incident Response Group of Google recently released a report that indicated that in 2024, the organization worked to mitigate nearly four times as many cyber intrusions related to financially motivated groups as those related to nation-states. This report may help shed further light on the issue. Despite the differences in motivation, cybersecurity experts have observed that the tactics, techniques, and procedures used by financially motivated cybercriminals and state-sponsored threat actors appear to be merging, potentially by design, together as they pursue their objectives. 

In the opinion of Ben Read, Senior Manager at Google's Threat Intelligence Group, an expansive cybercriminal ecosystem has increased the number of state-sponsored hacking attacks, most likely because the ecosystem provides malware, exploits weaknesses, and, in some cases, facilitates broad-based cyber operations. In the course of his speech, he pointed out that when outsourcing capabilities to third parties, they are frequently more cost-effective and offer greater functionality than when developed directly by governments. 

According to a geopolitical perspective, a market-driven cyber attack can be just as damaging and disruptive as one orchestrated by a nation-state, underscoring the need for a comprehensive cybersecurity strategy that attracts as many resources as possible. Cybercrime played a significant role in the COVID-19 pandemic. Businesses were compelled to change over to remote working environments rapidly as a result of the virus spreading, which created vulnerabilities in security protocols and network misconfigurations that were exploited by cybercriminals. 

Consequently, malware attacks increased by 358% in 2020 and were 100 times greater than in the previous year as a result of the pandemic. Cybercrime victims per hour were also at an all-time high as a result of the epidemic. Cybercrime victims have been reported to have fallen victim to cybercrime on an average of 53 persons every hour for the entire year of 2019. However, the number is projected to be 90 per hour for 2020, which reflects a surge of 69%. 

It has been demonstrated that cybersecurity risks are increasing as a result of the rapid digital transformation resulting from the global health crisis in Pakistan. Cybercrime has become increasingly common in recent years in Pakistan, with financial fraud being the most common reported crime. The number of financial fraud-related cybercrimes reported in 2020, out of 84,764 total complaints received, surpassed incidents of hacking (7,966), cyber harassment (6,023), and cyber defamation (6,004) by a margin of 20,218 victims. 

Social media has further aggravated the problem as well, with the number of complaints submitted about financial fraud on these platforms increasing by 83% between 2018 and 2021. In 2021 alone, 102,356 complaints were filed, with 23% of the cases being linked to Facebook and one other social network. As a consequence, cybercrime has also seen a sharp increase in India, with reported cases of cybercrime increasing significantly over the last few years. 

In 2018, there were 208,456 reported incidents, and in the first two months of 2022, this number had already exceeded 212,485, which is significantly higher than the number of cases in 2018. There is no doubt the pandemic triggered a steady rise in cybercrime incidents, which increased from 394,499 in 2019 to 1,158,208 in 2020 and to 1,402,809 in 2021 due to the pandemic. In 2022, cybercrime in India is projected to increase by 15.3% from the first quarter to the second quarter, in addition to the number of websites that have been hacked in India, increasing from 17,560 in 2018 to 26,121 in 2020. 

As Ransomware attacks have risen over the years, it has also become a major concern for Indian organizations, with 78% affected by these attacks in 2021, which resulted in 80% of them encrypting data, a number that is higher than the global average of 66% for attacks and 65% for encryption. According to the Home Ministry, financial fraud continues to account for the largest percentage of reported incidents among cybercriminals in India, accounting for 75% of them between 2020 and 2023, reaching a peak at over 77% in that period. 

As a result of joint sanctions imposed on Tuesday by the United States, the United Kingdom, and the Australian governments, security experts and experts are concerned about a Russian bulletproof hosting provider, Zservers. Zservers is suspected of facilitating ransomware attacks, including those orchestrated under LockBit. There are certain applications that, according to the UK government, form part of an illicit cyberinfrastructure that facilitates cybercriminal activities, such as ransomware attacks, extortion, and storage of stolen data, and sustains the operations of cybercriminal businesses, which are responsible for such operations.

The British Foreign Secretary, David Lammy, has described Russia as a corrupt and implacable country characterized by its ruthlessness and corruption, stating that it is not at all surprising that some of the world's most notorious cybercriminals operate within its borders. Russian intelligence agencies themselves have been reported to use these cybercriminal tools and services. Google's Threat Intelligence Group has highlighted that Russian military operations in Ukraine are being supported by criminal cyber capabilities as part of Russia's strategy for bolstering military operations.

There are several specific examples, including the Russian military intelligence unit Sandworm, also known as APT44, that utilizes commercial hacking tools for cyber espionage and disruption, and Moscow also uses the RomCom group to conduct espionage activities against Ukraine, a group normally associated with cybercrime. It should also be noted that Russia is not the only country accused of blurring the line between state-sponsored hacking and crime. 

The Iranian threat actors have been reported to use ransomware to generate financial resources. They are also known to engage in cyber espionage, while Chinese cyber espionage groups are known to also get involved in cybercrime as a means to complement their activities. It is suspected that North Korea is a nation that actively exploits cyber operations for financial gain, and it heavily targets cryptocurrency exchanges and individual crypto wallets to generate revenue for its regime to support its nuclear programs. 

The threat of cybercrime is on the rise, and the government is being urged to take stronger measures to combat it. In a recent report, the Google Threat Intelligence Group emphasized the critical importance of disrupting cybercriminal operations, emphasizing that cyber threats are becoming a major national security threat. Google Threat Intelligence head Sandra Joyce recently issued a warning that cybercrime no longer needs to be seen as a minor issue and that considerable efforts are required to mitigate its impacts on international security going forward.
Read more »
Supply Chain Attack
Cyber Attacks File Transfer Tool Global Attacks Global Firms Malicious Payload Supply Chain Attack

BBC, British Airways Among High Profile Victims in Global Supply-Chain Hack

 

A rising number of organisations, including the BBC, British Airways, Boots, and Aer Lingus, are being impacted by a widespread attack.

Staff members have received warnings that personal information, including social security numbers and, in some circumstances, bank information, may have been stolen.

The hackers used a well-known piece of software as a gateway to access numerous businesses simultaneously. There are no reports of money being taken or requests for ransom.

One of the impacted businesses in the UK is the payroll services provider Zellis, which reported that data from eight of its customer organisations had been stolen. 

Organisations are notifying employees on their own, though it wouldn't give names. The BBC informed the staff via email that the stolen data contained staff ID numbers, dates of birth, residential addresses, and national insurance numbers. 

British Airways employees have been told that some of their bank information may have been stolen. The National Cyber Security Centre of the UK stated that it was keeping an eye on the situation and recommended businesses using the affected software to apply security updates.

The attack was initially made public last week when US business Progress Software said that hackers had discovered a way to access its MOVEit Transfer application. The majority of MOVEit's users are in the US, although the programme is well-known throughout the world for safely moving sensitive files.

When the exploit was found, according to Progress Software, it immediately informed its clients and made a security update available for download. 

A company spokeswoman stated that the company is collaborating with the police to "combat increasingly sophisticated and persistent cybercriminals intent on maliciously exploiting vulnerabilities in widely used software products".

Businesses using MOVEit were advised to download a security patch on Thursday by the US Cybersecurity and Infrastructure Security Agency to prevent further breaches. 

However, security researcher Kevin Beaumont claimed that because many impacted companies had not yet installed the remedy, internet scans revealed that thousands of company datasets may still be exposed.

Experts predicted that instead of extorting money from individuals, cybercriminals would try to do so from businesses. Although no public ransom demands have been made as of yet, it is anticipated that cybercriminals will start emailing impacted firms to demand payment. They'll probably threaten to release the info online for other hackers to browse. 

Victim organisations caution personnel to be alert for any dubious communications that could result in additional cyberattacks. Microsoft stated that it felt the perpetrators were connected to the infamous Cl0p ransomware organisation, which is thought to have its base of operations in Russia, despite the fact that no official attribution had been established.

The US tech giant claimed in a blog post that it was attributing assaults to Lace Tempest, a ransomware operator and owner of the Cl0p extortion website where victim data is exposed. According to the business, the hackers who were behind the attack have previously used similar methods to extort victims and steal data. 

"This latest round of attacks is another reminder of the importance of supply chain security," stated John Shier, from cyber security company Sophos. "While Cl0p has been linked to this active exploitation it is probable that other threat groups are prepared to use this vulnerability as well."
Read more »
Threat Intelligence
Cyber Crime Cybersecurity Agencies Global Attacks IRS Pilot Program Threat Intelligence

IRS Sends Cyber Attachés Abroad to Combat Cybercrime

 

The Criminal Investigation (CI) of the Internal Revenue Service (IRS) is taking a courageous initiative in the fight against cybercrime by sending cyber attachés across four continents. Earlier on Thursday, the regulator provided this update.

The most recent plan focuses on preventing tax and financial crimes involving cryptocurrencies, decentralised finance, peer-to-peer payments, and mixing services; the CI hopes to improve global cooperation in the struggle against these illegal practises. 

The effort highlights the IRS's dedication to always being one step ahead of cybercriminals in the rapidly changing digital environment. 

Beginning of the global cyber showdown

A pilot programme run by the IRS CI will begin in June and place cyber attachés in key sites throughout the world. Sydney, Singapore, Bogota, and Frankfurt were selected as the cities for deployment, representing Australia, Asia, South America, and Europe, respectively. 

These attachés will use their specialised expertise in close cooperation with regional law enforcement organisations to combat tax evasion, financial fraud, and other illegal actions made possible by digital currency. 

The IRS CI seeks to foster a seamless interchange of knowledge, information, and resources with foreign counterparts by stationing cyber attachés abroad. This proactive strategy is aware that a unified worldwide front is necessary to effectively battle cybercrime.

Jim Lee, Chief of the CI, emphasises the significance of providing international partners with the same level of expertise and resources as those available within the United States. To address the global scope of cyber threats, this programme will need to forge powerful multinational coalitions. 

The use of cyber attachés expands on the CI's prior international cooperation initiatives. A permanent cyber attaché from the CI has been based at the Europol headquarters in The Hague, Netherlands, since 2020. 

To promote collaboration and coordination with European law enforcement authorities, this role was created. With the expansion of the attaché programme, the CI is now able to reach more people and have a greater influence in areas that are known to be hubs for cybercriminal activity. 

An emphasis on crypto-inspired crimes 

Cybercriminals are using cryptocurrency for different illegal activities as the world becomes more digitised. The IRS's decision to give tax and financial crimes involving cryptocurrencies top priority shows how determined it is to confront these new dangers head-on. 

The CI attempts to safeguard people, businesses, and the economy by focusing on criminal activity such as tax fraud, drug trafficking, money laundering, public corruption, and healthcare fraud.

U.S. authorities are increasingly going after cybercriminals, especially those who use cryptocurrencies or decentralised finance (DeFi) to do their crimes. In a recent development, the IRS seized two domains connected to the notorious mixing service, ChipMixer, which is notorious for its involvement in hacking schemes, fraud, cryptocurrency heists, and ransomware operations. 

Such measures strongly suggest that law enforcement organisations are aggressively going after persons who use digital currencies for illegal purposes. Nevertheless, despite the ongoing cybercrimes in the sector, the cryptocurrency market has remained calm. With a valuation firmly above $1 trillion, the global cryptocurrency market has lost 1.1% during the last 24 hours.
Read more »
User Privacy
Cyber Attacks Data Safety Global Attacks Ransomware Gang Ransomware Operation User Privacy

Targeting Businesses Globally, the Medusa Ransomware Gang Gains Momentum

 

In 2023, a ransomware operation by the name of Medusa began to gain momentum. It targets corporate targets globally and demands a million-dollar ransom.

Starting in June 2021, the Medusa operation saw just a small number of victims and a low level of activity. However, the ransomware gang ramped up its operations in 2023 and established a "Medusa Blog" that allowed victims who declined to pay a ransom to have their data released. 

Last week, Medusa came under public scrutiny after claiming responsibility for an attack on the Minneapolis Public Schools (MPS) district and sharing a video of the data that was taken. 

Will the genuine Medusa rise up? 

Medusa is the name of several malware families, including the well-known MedusaLocker ransomware operation, an Android malware family, and a Mirai-based botnet with ransomware capabilities.

Owing to the family's popularly used name, there has been some ambiguous information about it, leading many people to believe it is the same as MedusaLocker. Yet, there are significant operational differences between the Medusa and MedusaLocker malware.

The MedusaLocker operation debuted in 2019 as a Ransomware-as-a-Service, with a large number of affiliates, a ransom note typically called How_to_back_files.html, and a wide range of file extensions for encrypted files. 

For negotiation, the MedusaLocker operation uses a Tor website at qd7pcafncosqfqu3ha6fcx4h6sr7tzwagzpcdcnytiw3b6varaeqv5yd.onion. 

However, the.MEDUSA static encrypted file extension and the !!!READ_ME_MEDUSA!!!.txt ransom notes have been used by the Medusa ransomware operation since its launch in June 2021. 

Using Windows devices to encrypt data 

Currently, it is unknown if BleepingComputer has a Medusa encryption programme for Linux; they have only been able to analyse the Windows version. The Windows encryptor will accept command-line arguments that let a threat actor control the encryption settings for files on the system. For instance, the ransomware will display a console and display status messages as it encrypts a device if the -v command line argument is used.

The Medusa ransomware terminates over 280 Windows services and processes for programmes that might stop files from being encrypted on a regular basis, without command line parameters. Windows services for database servers, backup servers, and security applications are among them. Then, in order to impede file recovery, the ransomware will erase Windows Shadow Volume Copies. 

Michael Gillespie, a ransomware expert, examined the encryptor as well and revealed to BleepingComputer that it encrypts files using AES-256 + RSA-2048 encryption with the BCrypt library. 

Like the majority of ransomware operations that target businesses, Medusa features a website called "Medusa Blog" that leaks data. The usage of this website is a part of the gang's double-extortion scheme, in which victims who decline to pay a ransom are given access to their data. 

A victim's data is not instantly made public when they are joined to the data leak. As an alternative, the threat actors offer the victims payment choices to delay the release of data, erase the data, or download the entire set of data. The cost of each of these choices varies. 

The ransom is demanded to increase the victim's stress and frighten them into paying a ransom. Regrettably, there are no documented flaws in the Medusa Ransomware encryption that allow victims to recover their files without paying.
Read more »
ransomware attacks
Cyber Attacks Global Attacks Healthcare Hacking Healthcare system ransomware attacks

Significant Rise in Cyberattacks Against Healthcare Facilities, 68 Attacks in Q3 2021

 

Cyberattacks against healthcare facilities increased alarmingly last month, around 68 healthcare providers were locked out of their networks by ransomware attacks in the third quarter of this year, putting patient security and privacy at risk. 

Without a holistic whole-facility cybersecurity approach, specialists fear that patients would be unable to get essential care at a targeted facility. The Hillel Yaffe Medical Center in Hadera, Israel, and Johnson Memorial Health Hospital in Franklin, Indiana, are just two examples of the medical facilities targeted. 

The early-October cyberattack at Johnson Memorial Hospital locked databases and compromised patient data. A ransom amount was surprisingly not demanded. Hillel Yaffe Medical Center was attacked by Black Shadow, a reportedly Iran-backed group, in early November. Investigators believed it would take many weeks to recover and grasp the full scope of what had happened because 290,000 people's personal data had been leaked. 

Healthcare facilities' legacy OT equipment becomes exposed to hackers as they upgrade. Water, HVAC, oxygen, electrical, and other key systems are all connected, yet they may not be properly monitored or protected in terms of cybersecurity. Any of these utilities being compromised will have a detrimental influence on patient care, perhaps putting the lives of individuals being treated at risk. 

Ilan Barda, CEO of Radiflow stated, “Accessing patient data is worrisome, but the idea of hackers gaining access to components in a specific ward or even a single operating room is alarming.” 

“CISOs at facilities should focus on both IT systems and OT environments, starting from risk assessment to threat monitoring. There should be continuous holistic risk management for more mature organizations that combine both IT and OT systems. With Radiflow, teams can monitor the full range of a healthcare OT security from one central location.” 

With 68 global attacks on healthcare facilities in Q3 of this year alone, the US Department of Health and Human Services (HHS) had warned of worrisome trends in 2021.
Read more »
Subscribe to: Posts (Atom)