Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Global Security. Show all posts
Ransomware
ALPHV Blackcat Ransomware Black Basta Cyber Security CyberCrime CyberThreat Global Security Ransomware

Persistent Increase in Ransomware Attacks Raises Global Security Concerns

 


It was concluded that in the first five weeks of 2025, there was a significant increase in ransomware attacks targeted at the United States, marking a nearly 150% increase compared to the first five weeks of 2024. Based on a series of high-profile incidents in which certain organisations decided to pay ransoms to avoid detection, cybercriminals have inadvertently increased their interest in the U.S. and made the country a more attractive target for cybercriminals. 

Consequently, this factor is largely responsible for the increase in ransomware activity in the last few months, as successful ransom payments have likely incentivized other ransomware attacks. In the past year, despite fluctuations in the most active ransomware groups and specific timeframes, the frequency of ransomware incidents in the United States has substantially increased. There has been a significant rise in ransomware incidents since the fall of 2024, and a steady increase has continued into the new year. Security firm NCC Group reports 590 new ransomware victims in January, a 3% increase from the previous month, which already set a record for that period. 

The threat intelligence company Cyble has also identified 518 new victims in January, and this number has increased to 599 within the past 27 days. Approximately two-thirds of the attacks were conducted against organizations located in the United States. Additionally, other cybersecurity monitoring organizations have noted a rise in ransomware incidents over the past two months. The difference in victim counts between cybersecurity firms may be attributed to the difference in methodologies, in particular whether victims of previously compromised cybersecurity systems who have just been revealed should be classified as new victims. 

However, despite these discrepancies, industry experts all agree that ransomware activity has increased in recent months. There are several notable ransomware groups responsible for driving this increase, among which RansomHub, Play, and Akira stand out as prominent threat actors. As a result of their increased activity, organizations across the globe are facing increasing cybersecurity challenges as a result of their increased activities. There is still a persistent threat of ransomware, however, individual ransomware groups emerge and dissipate frequently. 

Some of these groups, such as Black Basta, are now in decline or are nearing obsolescence, while others are suffering disruption due to law enforcement intervention, as LockBit appears to be the case. Groups that suffer from internal conflict, often driven by financial disputes, are prone to collapse. For instance, Alphv, also known as BlackCat, was notorious for conducting an exit scam 12 months ago, retaining the entire $22 million ransom paid by UnitedHealth Group following the Change Healthcare hack, rather than sharing it with the affiliate that carried out the scam. 

Although some ransomware groups have disbanded at the end of last year, the landscape of ransomware continues to be highly dynamic, with new actors continuously emerging. In many instances, these "new" actors are not merely rebranded entities, but individuals already entrenched in the cybercrime ecosystem himself. A significant percentage of these attacks are the result of affiliates, threat actors who work with several ransomware operations. Regardless of which specific group name they operate under, affiliations are responsible for a significant portion of these attacks, according to cybersecurity firm BlackFog. In 2024, 48 new ransomware groups surfaced. 

There are four victims mentioned publicly on RunSomeWare's data leak sites, whereas Linkc only has one victim posted on its data leak site, as reported by threat intelligence firm Cyble. It is unclear how long these emerging groups will survive in this business. In December 2024, Anubis, a Russian-speaking ransomware group that first became active, appears to be the work of former ransomware affiliates, as indicated by the sophistication of its tactics. 

Kela reports that Anubis maintains a presence on cybercrime forums like RAMP and XSS, which reinforces its network within the cybercriminal underground by ensuring it maintains its visibility on these forums. In addition to offering a range of illicit services, this group also operates a traditional ransomware-as-a-service model, where affiliates are rewarded with 80% of the ransom money collected from victims they infect. 

As well as targeting Windows, Linux, network-attached storage (NAS), and ESXi environments, Anubis' ransomware can also be used to spread the virus. In addition, the group maintains a data leak blog based on Tor, where so far only a few people have been listed. The Anubis ransomware operation offers two distinct services in addition to conventional ransomware. In the first case, participants receive 60% of the revenue extorted from victims using stolen data, based on the data-ransom-as-a-service model. If the stolen data are unpublished, have been obtained within the past six months, and considered valuable enough for public exposure, they are eligible for this program. By releasing a press release and notifying local data privacy regulators about the breach, Anubis claims to amplify pressure on victims. 

It is the second offering of Anubis that targets initial access brokers, who facilitate cyber intrusions by selling credentials to compromised networks to gain access to them. Under Anubis' model, the IABs become eligible for 50% of all ransoms demanded by victims whose credentials they have supplied. A specific set of eligibility criteria applies, including being a citizen of the United States, Canada, Europe, or Australia, not having been targeted by another ransomware group within the last 12 months, and not being employed by the government, the educational system, or any non-profit organization. 

Ransomware groups are long collaborating with initial access brokers and have often paid a premium for exclusive access to compromised networks, but the healthcare industry remains a viable target. Cybercrime brokers are increasingly becoming increasingly reliant on each other, and this indicates that their role is growing within the cybercrime economy. According to a recent report by CrowdStrike, access broker activity is expected to grow by almost 50% in 2024, as cybercriminals continue to look for ways of infiltrating high-value targets in an increasingly swift and stealthy manner. 

Despite the persistence of ransomware, it is important to remember that individual ransomware groups emerge and dissipate regularly. Several groups, such as Black Basta, appear to have declined over the years or are on the verge of obsolescence, whereas others, such as LockBit, seem to be facing disruptions because of law enforcement interventions. As it seems with LockBit, these groups collapse in the face of internal conflicts, often caused by financial disagreements. Alphv, also known as BlackCat, is one example that exemplifies an exit scam that was carried out 12 months ago. 

According to reports, Alphv kept the entire $22 million ransom paid by UnitedHealth Group to resolve the Change Healthcare breach, instead of sharing it with the affiliate that perpetrated the attack. It is important to note that while some groups have disbanded, the ransomware landscape still remains a highly dynamic place, with new actors constantly emerging on the scene. The so-called "new" groups are usually nothing more than rebranded entities that already have a place in the cybercrime ecosystem. 

These so-called "new" groups include individuals already well versed in the criminality ecosystem. Affiliates - threats actors who collaborate with multiple ransomware operations - are responsible for a significant portion of these attacks, regardless of who they use as their operating name. In 2024, 48 new ransomware groups were discovered, according to cybersecurity firm BlackFog. RunSomeWares claims to have identified four victims on their data leak site which has been compiled by Linkc, while only one victim has been identified by RunSomeWares, according to threat intelligence firm Cyble. However, the long term viability of these emerging groups is uncertain. 

As indicated by the sophistication of the attacks of Anubis, a Russian-speaking ransomware group that became active by December 2024, its tactics were likely developed by former ransomware affiliates. Anubis maintained a visible presence, according to threat intelligence firm Kela, on cybercrime forums such as RAMP and XSS, thereby enhancing its connections within the black market for cybercrime. The group offers a range of illicit services to its customers. There are two main models of ransomware-as-a-service (RaaS) that the organization uses, in which affiliates receive 80% of any ransom payments that are collected from victims that are infected by the group. 

The ransomware of Anubis is capable of attacking Windows, Linux, network-attached storage (NAS), and ESXi environments, as well. Furthermore, the group maintains a Tor-based blog that leaks data, but so far, it has only listed a few victims that have been affected. It advertises two distinctive services in addition to conventional ransomware. The first is a model called data-ransom-as-a-service (DraaS), in which participants receive 60% of all the revenue extorted from victims by using stolen data. 

To qualify, the stolen data must not have been published, must have been obtained within the last six months, and should be considered valuable enough to be published. In its second offering, Anubis claims that publicizing the data breach and notifying local data privacy regulators will increase pressure on victims. The offering targets initial access brokers (IABs) who facilitate cyber intrusions by selling access credentials to compromised networks. Under Anubis' model, it will award half of the ransom obtained from victims who provide their access credentials to the IAB, which will be used to secure a ransom. 

It is important to note, however, that there are some eligibility requirements for this program. The victim must reside in the United States, Canada, Europe, or Australia, and not have been targeted by another ransomware group in the past 12 months. The victim must also not be a government or educational employee. It is, however, still very possible to target the healthcare industry. 

A long history of ransomware groups collaborating with initial access brokers has shown that these brokers often pay a premium for exclusive access to compromised networks. Their increasing dependence on these brokers indicates that their role within the cybercrime economy is growing. According to a recent report published by CrowdStrike, access broker activity increased by nearly 50% in 2024 compared to the previous year, as cybercriminals continued to search for faster and stealthier methods of infiltrating high-value targets as they continued to grow.
Read more »
Technology
AI Development Artificial Intelligence Cyberattacks CyberCrime CyberThreat Global Security Technology

AI Development Needs Global Oversight, UN Experts State


 

In a time of increasing popularity for artificial intelligence (AI), the United Nations has warned that market forces should not be the sole determining factor as the technology becomes more widely used. United Nations experts called for creating tools for global cooperation as the technology becomes increasingly popular and raises concerns about its misuse. 

A high-level United Nations body that advises the government said Thursday that developing a global framework for artificial intelligence is an "imperative". In a statement released by The World Bank last week, the bank called on the United Nations to establish the first comprehensive global organizations to regulate the fast-growing technology market. 

An analysis published by the group in a 100-page report on AI concluded that the technology "is changing our world," holding an abundance of incredible potential for good, such as opening new fields of science and accelerating economic growth as well as improving public health and agriculture, as well as optimizing energy systems. 

A report by the World Economic Forum stated that if AI is left unregulated, it would provide benefits only to a small number of countries, companies, and individuals, while it warned that even more powerful systems than those in existence today "could upend the world of work," develop autonomous weapons, and threaten peace and stability worldwide. 

There are approximately 40 experts from the fields of technology, law, and data protection on the panel, which was established by United Nations High Representative Antonio Guterres in October last year as part of his Global Agenda Council. There is a need to raise awareness about the lack of global governance of artificial intelligence such as the exclusion of developing countries from discussions concerning AI's future and its regulatory framework within the context of high-profile "Summit of the Future" events. 

Only seven of the U.N.'s 193 members belong to one of the seven major AI initiatives, while 118 others are absent from all of them -- mostly countries from the South of the globe. Recent years have seen impressive achievements in the areas of large language models and chatbots, and this has sparked high hopes for a revolution in economic productivity, but some experts have also warned that AI technology may be developing too rapidly, which may lead to problems in creating control over it in the future. 

In less than a month after ChatGPT appeared, several scientists and entrepreneurs came together and signed a letter asking for a temporary pause of the technology's development for six months to assess the risks associated with it. Among the more immediate concerns, there are the ones relating to disinformation automated through artificial intelligence, the generation of deepfake audio and video, the mass replacement of workers, and the worsening of societal algorithmic bias on an industrial scale. 

As Nelson says, "There is a sense of urgency about the situation, and people feel that we need to come together to find a solution.". The UN proposals reflect a strong commitment by government officials worldwide to regulate AI to minimize these risks to the environment. This research comes at a time when the world's major powers, including the United States and China, are frantically competing to lead the way in the development and use of technology that offers enormous economic, scientific, and military benefits, and as these countries stake out their visions for how they should be used and managed. 

As a result, differences are already beginning to appear between the sexes. It is important to remember that whole parts of the world have been left out of international discussions regarding AI governance; that is the lack of representation. It should be pointed out that seven countries (Canada, France, Germany, Italy, Japan, the UK, and the United States) are parties to seven prominent non-UN initiatives on artificial intelligence, whereas only 118 countries, predominantly in the Global South, are parties to none of these initiatives. 

"The risks caused by artificial intelligence might become more severe and might become more concentrated, leading to Member States considering the need for a more robust international institution that has authority over monitoring, reporting, verification, and enforcement. Because of the remarkable speed with which AI is advancing, the authors accept that it would be useless to compose a detailed list of the dangers, that AI poses, to demonstrate the impact of AI on society.

However, they focused on the dangers posed by disinformation, deep fakes, particularly pornographic deep fakes, as well as the continued development of autonomous weapons and the use of artificial intelligence (AI) by terrorist and criminal groups. A more immediate response, given the speed, autonomy, and opacity of artificial intelligence systems, may not prove to be feasible if people wait for a threat to emerge before finding out what is happening, according to the report. 

Continual assessments and policy dialogue will help to ensure that the world will not be surprised by the events of the future. As the authors acknowledge, owing to the breakneck speed of change in the field of artificial intelligence, it would not be possible to put together a comprehensive list of the potential dangers associated with the fast-evolving technology no matter how hard they tried. 

There were 3 key points they emphasized in their report: the threat of disinformation for democracy, the rise of more realistic deep fakes - especially those associated with pornography - as well as the evolution of autonomous weapons and the use of AI for criminals and terrorists.
Read more »
Threat Intelligence
Cyber Attacks ESET Global Security North Korea Threat Intelligence

Defending Digital Frontiers: Strategies for Organizations in an Unstable World

Global Stability Issues Alter Cyber Threat Landscape

An overview

  • Geopolitical Tensions: Regional stability issues, such as political conflicts and economic tensions, have a direct impact on cyber threats. As geopolitical events unfold, threat actors adapt their strategies to exploit vulnerabilities.
  • Attack Trends: While no groundbreaking attack methods have emerged, existing techniques continue to evolve. Advanced Persistent Threat (APT) groups remain active, targeting government entities, critical infrastructure, and private organizations.
  • Leading Actors: ESET’s research identifies Russia-aligned APT groups as the most prolific attackers. Their sophisticated campaigns target various sectors, including energy, finance, and defense. China-aligned actors follow closely, focusing on espionage and intellectual property theft.

The current landscape

A recent analysis from threat intelligence analysts ESET claims that threat actors are increasing their attacks worldwide, with geographic events determining which locations are most heavily targeted. The principal author of the research recommends that CISOs to intensify their protection plans in light of the activity, even if he claims that no new attack techniques have been discovered.

The director of threat research at ESET, Jean-Ian Boutin said  that current attack methods "still work well." Thus, attackers don't always need to use innovative vectors. According to Boutin, CISOs are defending against these attacks properly; they only need to fortify themselves even more.

Impact on regional stability

The researchers claim that because the primary worldwide assault trends that ESET has identified have been directly impacted by regional stability difficulties, these challenges are also affecting the cyber sphere. The report focuses on activities of specific advanced persistent threat (APT) groups from October 2023 to March 2024, the experts said in the report.

Researchers from ESET also observed that organizations connected with Russia were concentrating on espionage activities throughout the European Union in addition to assaults against Ukraine.

Along with operations against Ukraine, ESET researchers also saw that entities connected with Russia were concentrating on espionage across the European Union. However, the researchers noted that several threat actors with ties to China took use of flaws in software and public-facing hardware, including firewalls and VPNs, as well as Confluence and Microsoft Exchange Server, to gain first access to targets across a variety of sectors.

Analysis of attacks

Using emotions to keep the assault from being disclosed is one of the more recent strategies ESET is witnessing in North Korea; this will probably increase the tactic's usefulness and duration. According to Boutin, the method has been used for years, but North Korean APT organizations are making a small adjustment.

Under the guise of a job application, the hack targets programmers and other technical talent at numerous significant US corporations. The victim is exposed to the malware and the trap is set when the attacker poses as a recruiter for such companies and requests that the victims complete an online test to demonstrate their technical proficiency.

Implications for CISOs

  • Defense Strategies: Organizations must strengthen their defense mechanisms. Proactive threat intelligence, robust network security, and employee training are essential. Zero-day vulnerabilities and supply chain attacks require constant vigilance.
  • Threat Attribution: Understanding threat actors’ motivations and affiliations is crucial. Attribution helps tailor defenses and prioritize resources effectively. Collaboration among security professionals and law enforcement agencies is vital.
  • Risk Assessment: Organizations should assess their risk exposure based on geopolitical events. Consider the impact of regional instability on critical assets and operations. Regular risk assessments inform decision-making.

Read more »
Subscribe to: Posts (Atom)