Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Internet Security Awareness. Show all posts
NGate
AI Attacks Cyber Security Cyberscams data security Data stealing malware fake ads Internet Security Awareness NGate

Rising Cyber Threats in Q3 2024: AI’s Dual Role in Attacks and Defense

 

The Q3 2024 Threat Report from Gen unveils a concerning rise in the sophistication of cyber threats, shedding light on how artificial intelligence (AI) is both a tool for attackers and defenders. 

As cybercriminals evolve their tactics, the line between risk and resilience becomes increasingly defined by proactive measures and advanced technology. One significant trend is the surge in social engineering tactics, where cybercriminals manipulate victims into compromising their own security. A staggering 614% increase in “Scam-Yourself Attacks” highlights this evolution. 

Often, these attacks rely on fake tutorials, such as YouTube videos promising free access to paid software. Users who follow these instructions unknowingly install malware on their devices. Another emerging strategy is the “ClickFix Scam,” where attackers pose as technical support, guiding victims to copy and execute malicious code in their systems. Fake CAPTCHA prompts and bogus software updates further trick users into granting administrative access to malicious programs. 

Data-stealing malware has also seen a significant rise, with information stealers increasing by 39%. For instance, the activity of Lumma Stealer skyrocketed by 1154%. Ransomware attacks are also on the rise, with the Magniber ransomware exploiting outdated software like Windows 7. Gen has responded by collaborating with governments to release free decryption tools, such as the Avast Mallox Ransomware Decryptor, to help victims recover their data. Mobile devices are not spared either, with a 166% growth in data-stealing malware during Q3 2024. 

The emergence of NGate spyware, which clones bank card data for unauthorized transactions, underscores the growing vulnerabilities in mobile platforms. Banking malware, including new strains like TrickMo and Octo2, has surged by 60%, further amplifying risks. Malicious SMS messages, or “smishing,” remain the most common method for delivering these attacks. According to Norton Genie telemetry, smishing accounted for 16.5% of observed attacks, followed by lottery scams at 12% and phishing emails or texts at 9.6%. 

AI plays a dual role in these developments. On one hand, it powers increasingly realistic deepfakes and persuasive phishing campaigns, making attacks harder to detect. On the other hand, AI-driven tools are vital for cybersecurity defenses, identifying threats and mitigating risks in real time. 

As cyber threats grow more complex, the Q3 2024 report underscores the urgency of staying vigilant.
Proactive measures, such as regular software updates, using advanced AI-powered defenses, and fostering awareness, are essential to mitigate risks and safeguard sensitive information. The battle against cybercrime continues, with innovation on both sides defining the future of digital security.
Read more »
Threat actors
Cyber Attacks cybercriminals Cybersecurity Internet Security Awareness LockBit Network Ransomware Threat actors

Northern European Criminals Copy the Lockbit Gang

 


The threat group, known as LockBit, is one of the most notorious ransomware groups operating currently. As a result, they have become very active on dark web forums. In addition, they are exploiting the negative publicity created by other ransomware groups to recruit more hardened cybercriminals for their agenda. 

The rate at which ransomware attacks have targeted companies in northern Europe has increased significantly. It appears that these attacks are being conducted using a device known as the LockBit locker. This is believed to be one of the tools used by a criminal affiliation program dubbed Gangrel. 

There is a wide range of industries that have been targeted by the LockBit group. It has caused significant disruptions and financial losses for a wide range of companies, from small to multinational. 

As a result of the nature of these new attacks, one of the most concerning characteristics is how they are being undertaken. A company's network is at risk from the LockBit Locker group. This group exploits a variety of advanced security techniques to gain initial access to the network through phishing and social engineering, among others. Having gained access to a network, attackers use a wide variety of tools and techniques to reach various parts of the network and steal sensitive information. These include sensitive system information. 

There has been an increase in attacks on small and medium-sized businesses in Belgium, as reported by Computerland in the country. There was, however, a report by the company that explained that the company was targeted by a group of cybercriminals using a variant of the LockBit locker malware. This variant appeared to have been used by the company. Following a thorough investigation, it was discovered that these attackers were unlikely to be connected with the LockBit group but rather were "wannabes" who had gained access to leaked versions of the malware. Despite not being the real LockBit Locker group, these micro-criminals were still able to inflict significant damage by encrypting a large number of internal files. 

There was, however, no impact on the company's computer system as a result of the intrusion, as backups had been made, and none of the client workstations were lost. 

The incident is one of many highlighting the dangers of outdated software and systems. This is true especially for less sophisticated actors, even in the criminal underground, where extortion practices seem to be gaining popularity. 

According to the report, in this case, the attackers were able to utilize the company's FortiGate firewall to gain access to the company's sensitive data. They did this by taking advantage of unpatched vulnerabilities. According to the Known Exploited Vulnerabilities Catalog maintained by the Center for Internet Security Awareness, unpatched FortiGate firewalls are prone to several vulnerabilities currently being exploited by cybercriminals. However, in these recent cases, the flaws exploited were the infamous "Fortifuck" flaws that date back as far as 2018. 

Unattended exposure through a branch internet gateway has allowed exploits to be made of these flaws to be discovered and exploited. As a result, these gateway sites are usually less well-protected than the central network, which may put attackers at an advantage in terms of gaining access to the network. 

The recent ransomware attacks against small and medium-sized businesses in North Europe are highly concerning for several reasons. Even though the criminal operators' lack of experience reduced their effectiveness, extended outages and data exfiltration were experienced by the targeted industries despite the reduced effectiveness of the criminal operators. 

Briefing on Threat Actors   

There is a well-known ransomware affiliation program known as LockBit, which started in September of 2019 and involves the developers of the malicious software hiring unethical penetration testing teams to spread the ransomware as a third party. There are a few gangs that have established double-extortion practices. The Stealbit malware was part of the toolkits used by this gang to support such attacks.

It is well known that during Lockbit's infamous career, a large number of small and medium businesses and large corporations such as Accenture and Royal Mail were targeted. During the infection process, the victim will be redirected to a gang payment site managed by the ransomware developers once they have infected the environment. The attackers threatened the victim that they would leak the victim's data to get her to pay more money.
Read more »
Subscribe to: Posts (Atom)