Search This Blog

Powered by Blogger.

Blog Archive

Labels

About Me

Showing posts with label HoneyWell. Show all posts

Ransomware Attacks Continue to Rise in an Alarming Trend

 

The frequency and intensity of cyberthreats seem to be increasing despite businesses' ongoing efforts to thwart malicious actors. Honeywell, a global technology and manufacturing firm that also provides cybersecurity solutions, reported a 46% rise in ransomware extortion attacks between October 1, 2024, and March 31, 2025, as compared to the previous six-month period. 

Win32.Worm.Ramnit, a Trojan that typically targets the banking sector to steal account details, was found in 37% of files blocked by Honeywell's SMX product. That represented a 3,000% rise from the second quarter of 2024, when Honeywell last reported on it. 

In its investigation report, Honeywell stated that "it can likely be assumed it has been repurposed to extract control system credentials" due to the Trojan's saturation presence in the ecosystems of its industrial clients. "Existing adversaries continue to disrupt operations across critical sectors, even in the absence of new ransomware variants specifically designed for industrial control systems." 

1,929 ransomware incidents were made public throughout the reporting period. Eight verticals accounted for the vast majority (71%) of the cases, with the industries most affected being manufacturing, construction, healthcare, and technology. 

Given that ransomware attacks are normally "more opportunistic, typically creating a normal distribution of attacks across different industries," Honeywell noted that this was a really unusual pattern. The report claims that supply chain disruptions, manual failovers, and forced production outages caused by ransomware have been experienced by manufacturing plants, water treatment facilities, and energy providers. 

In response to the elevated threats, during the reporting period, some organisations "doubled down on best practices that would be considered baseline," according to Honeywell. Such procedures include, for example, immutable data backups and regular vulnerability assessments. According to Honeywell, as of October 2024, victimised organisations had paid out more than $1 billion in ransomware. 

Another new cybersecurity report, from the Information Security Media Group, focused on artificial intelligence, which it described as the "defining force" of cybersecurity-related disruption. 

As businesses use AI to automate threat detection and scale response capabilities, "adversaries are using the same technologies to enhance phishing, generate polymorphic malware, and conduct identity fraud with unprecedented precision," according to the ISMG research. ISMG added that the combination of AI and quantum computing "further signals a critical shift requiring crypto-agility and forward planning.”

US Defense Industry Targeted in Infostealer Malware Campaign

 


Several major defence contractors, such as Lockheed Martin, Boeing, and Honeywell, as well as the United States Army, and Navy, and several major defence contractors have been recently revealed to be infected with the Infostealer malware, according to Hudson Rock's recent report. This alarming discovery emphasizes the increasing threats critical national security institutions face due to cybersecurity threats. The report shows that U.S. military agencies have been significantly impacted by these infections. 

The U.S. Army has reported infections among 71 employees, while the U.S. Navy has reported infections among 30 employees, and an additional 551 users have been infected. It has also been reported that the Federal Bureau of Investigation (FBI) has been affected, with 24 employees and 26 users affected. This raises concerns about the possible risk of exposure to sensitive law enforcement and intelligence data, as well. 

Further, the report highlights the extent to which cybersecurity breaches have occurred within the defence contracting industry as a whole. One of the most prominent defence contractors in the country, Lockheed Martin, reported that 55 employees and 96 users had been infected with the virus. Boeing, another major player in the defence industry, reported that 66 employees and 114 users had been infected with the virus. 

Honeywell seems to have the most severe case, as there have been a substantial number of infected employees and 472 infected users. One of the most concerning revelations of the report was the ease at which cybercriminals can steal data. Several illicit cyber marketplaces are offering sensitive data such as login credentials, classified access points, and other sensitive data for purchase for as little as $10, according to an investigation conducted by the FBI.

These findings raise serious national security concerns, as they suggest that adversarial entities could exploit these vulnerabilities and gain unauthorized access to critical defence and intelligence networks that are critical to the nation's security. Infostealer malware is becoming increasingly common in the military and defence sectors, which highlights the urgent need to strengthen cybersecurity measures. This report serves as a stark reminder of how cyber threats are evolving and the need to take proactive measures to safeguard sensitive information from governmental agencies and defence companies. 

Several users affiliated with six major defence contractors are infected with Infostealer malware: Lockheed Martin, BAE Systems, Boeing, Honeywell, L3 Harris, and Leidos. As a result of these companies' efforts, advanced military technology, such as warships, fighter jets, and other critical defence systems, is being developed and manufactured. 

The government's contract with Lockheed Martin will award it $5 billion alone in 2024, which shows that Lockheed Martin is a key player in the defence industry in the United States. Malware infections have exposed corporate credentials in various ways, raising concerns regarding the security of corporate data in general. The firm discovered that 472 third-party corporate credentials were compromised, including those linked to essential enterprise applications such as Cisco, SAP Integrations, and Microsoft systems used by defence contractors. 

Cybercriminals are increasingly targeting supply chain vendors as businesses, government agencies, and organizations become more interconnected as a result of cybercrime. In light of this growing vulnerability, it is clear that an adversary could have access to stolen credentials to breach the supply chain of a defence contractor if they intended to do so. Honeywell's infrastructure was one of the most vulnerable places in the world, which revealed significant security vulnerabilities. According to researchers, Honeywell's internal systems, including the company's intranet, Active Directory Federation Services login, and Identity and Access Management system, had been compromised for several reasons. 

Honeywell employees and employees connected to the company were identified as infected three times over the past decade. An especially concerning case occurred when a single compromised employee was found to have 56 corporate credentials to Honeywell's internal systems, as well as 45 additional credentials from third parties. 

In light of this level of access, unauthorized access to sensitive systems can be scaled up, highlighting the need for strengthened cybersecurity measures, which have become increasingly important in the defence sector due to the growing number of cyber threats. The threat of exploitation of sensitive military and corporate data becomes more sophisticated as time passes, so users must prioritize the protection of these data to prevent further exploitation. 

Having Infostealer malware present within a defence organization raises serious security concerns since each infected employee represents one possible weak point in critical operations within the military and intelligence communities. There is no doubt that these individuals could range from engineers building advanced military artificial intelligence systems to procurement officers who handle classified contracts to defence analysts who have access to mission-critical data. 

As a result of compromised credentials, not only can their login information be exposed, but their entire digital footprint can also be compromised. Several factors could have contributed to further security breaches, such as browsing history, autofill data, internal documents, and session cookies that allow users access to sensitive applications. According to cybersecurity experts, such thefts of data pose a serious national security threat, and they warn against them. 

It is believed by Thomas Richards, a principal consultant at Black Duck, that adversaries could exploit the stolen credentials to gain unauthorized access to highly secure networks so that they could move laterally within the system and compromise additional personnel and infrastructure, allowing them to reach further into the network. If such a breach occurs, affected users should reset their passwords immediately. A comprehensive forensic investigation should be conducted to assess the extent of the compromise and determine whether unauthorized access to classified information has occurred. 

Information stealer computers can be infected by a wide range of sources, making them an extremely persistent and widespread threat to the computer community. A phishing attack, a drive-by download from a compromised website, and even applications that look legitimate, such as an unsuspicious meeting program, are the most frequent sources of these infections. Further, there is a growing awareness that cybercriminals are spreading malware via misleading Google Adwords, YouTube video descriptions, and even pirated software in addition to malicious Google Adwords. According to a recent study, millions of computers have been infected with infostealer malware, emphasizing the urgent need to enhance security measures across critical industries. 

A spokesperson for Hudson Rock, Alon Gal, says that Infostealer malware has infected employees at major U.S. defence contractors as well as the U.S. Army and Navy, as well as government agencies like the FBI and GAO. The threat of cybercriminals targeting individual computers for as little as $10 poses a serious threat to investigative and cybersecurity personnel, and they can be found online for as little as $10. By downloading modified game content, pirated software, or infected documents, employees inadvertently download malware, which is far more effective than using force to gain entry into networks. 

Infostealer malware exploits human error as opposed to forcing entry into networks. Upon entering the system, this malware extracts sensitive information silently, such as VPN credentials, authentication session cookies, e-mail login information, and access to internal development tools, as well as putting not only individual users at risk but also entire defence networks at risk. As well as identifying infections, cybersecurity experts emphasize the importance of addressing how these threats penetrate in users' system. 

Roger Grimes, a cybersecurity expert at KnowBe4, argues that Infostealers are secondary problems—what matters is their initial access, whether it be social engineering, unpatched software, or outdated firmware. Organizations that fail to address these entry points risk much more than a theft of credentials, which is why proactive cybersecurity defences are essential for national security protection.