Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Malicious Hackers. Show all posts
ransomware attacks
children corporate executives Cyber Security Cyber Threats Cybersecurity Malicious Hackers ransomware attacks

Ransomware Attacks Now Targeting Corporate Executives' Children

 

Mandiant, a prominent cybersecurity firm and subsidiary of Google, highlights the escalating creativity of malicious hackers as corporations reinforce their cyber defenses. These hackers have extended their targets to include the children of corporate executives, employing ransomware tactics to hold personal information hostage.

Ransomware assaults, orchestrated by cybercriminals, involve infiltrating companies or entities to pilfer data, subsequently withholding it until a ransom is paid. This maneuver renders victims unable to access vital data, often resulting in significant disruptions until the demanded payment is made.

In recent years, ransomware incidents have surged in the United States. Notable examples include the 2021 takedown of a 5,000-mile gas pipeline on the East Coast by a Russian hacker. In February, Chain Healthcare, a subsidiary handling payment management for healthcare giant UnitedHealth Group, experienced a ransomware attack, causing disruptions in prescription insurance claims processing.

The entry point for ransomware into a company's systems can be as innocuous as an employee inadvertently clicking a link in a phishing email. Despite companies fortifying their defenses, cybercriminals have adapted, becoming more ingenious in their methods, according to Mandiant Chief Technology Officer Charles Carmakal.

At the RSA Conference in San Francisco, Carmakal revealed that some attackers exhibit "no rules of engagement," resorting to tactics like targeting executives' children. He recounted instances where threat actors conducted SIM swapping on the phones of executive's children, using their numbers to make deceptive calls to executives. SIM swapping involves criminals remotely accessing a cellphone's SIM card to assume control over calls and messages.

Carmakal explained that ransomware hackers utilize various methods to gain access to cellphones, including spoofing fake caller IDs. He underscored the psychological impact on executives who receive calls seemingly from their children but are met with another voice, presenting a distressing dilemma.

The proliferation of such scams places additional strain on executives, compelling them to navigate between safeguarding customers, employees, and their families. Carmakal highlighted Google's forecast, anticipating a rise in younger malicious actors leveraging advanced techniques like social engineering through text messages for cybercrimes.

To mitigate the risk of ransomware, Microsoft advises exercising caution by avoiding suspicious websites, refraining from opening file attachments from unfamiliar sources, and being vigilant of links on social media platforms.
Read more »
Technology
Business Security Cloud Security Cloud Services data security Malicious Hackers Technology

Future of the Cloud is Plagued by Security Issues

 

Several corporate procedures require the use of cloud services. Businesses may use cloud computing to cut expenses, speed up deployments, develop at scale, share information effortlessly, and collaborate effectively all without the need for a centralised site. 

But, malicious hackers are using these same services more and more inappropriately, and this trend is most likely to continue in the near future. Cloud services are a wonderful environment for eCrime since threat actors are now well aware of how important they are. The primary conclusions from CrowdStrike's research for 2022 are as follows. 

The public cloud lacks specified perimeters, in contrast to conventional on-premises architecture. The absence of distinct boundaries presents a number of cybersecurity concerns and challenges, particularly for more conventional approaches. These lines will continue to blur as more companies seek for mixed work cultures. 

Cloud vulnerability and security risks

Opportunistically exploiting known remote code execution (RCE) vulnerabilities in server software is one of the main infiltration methods adversaries have been deploying. Without focusing on specific industries or geographical areas, this involves searching for weak servers. Threat actors use a range of tactics after gaining initial access to obtain sensitive data. 

One of the more common exploitation vectors employed by eCrime and targeted intrusion adversaries is credential-based assaults against cloud infrastructures. Criminals frequently host phoney authentication pages to collect real authentication credentials for cloud services or online webmail accounts.

These credentials are then used by actors to try and access accounts. As an illustration, the Russian cyberspy organisation Fancy Bear recently switched from using malware to using more credential-harvesting techniques. Analysts have discovered that they have been employing both extensive scanning methods and even victim-specific phishing websites that deceive users into believing a website is real. 

However, some adversaries are still using these services for command and control despite the decreased use of malware as an infiltration tactic. They accomplish this by distributing malware using trusted cloud services.

This strategy is useful because it enables attackers to avoid detection by signature-based methods. This is due to the fact that many network scanning services frequently trust cloud hosting service top-level domains. By blending into regular network traffic, enemies may be able to get around security restrictions by using legitimate cloud services (like chat).

Cloud services are being used against organisations by hackers

Using a cloud service provider to take advantage of provider trust connections and access other targets through lateral movement is another strategy employed by bad actors. The objective is to raise privileges to global administrator levels in order to take control of support accounts and modify client networks, opening up several options for vertical spread to numerous additional networks. 

Attacks on containers like Docker are levelled at a lower level. Criminals have discovered ways to take advantage of Docker containers that aren't set up properly. These images can then be used as the parent to another application or on their own to interact directly with a tool or service. 

This hierarchical model means that if malicious tooling is added to an image, every container generated from it will also be compromised. Once they have access, hostile actors can take advantage of these elevated privileges to perform lateral movement and eventually spread throughout the network. 

Prolonged detection and reaction

Extended detection and reaction is another fundamental and essential component of effective cloud security (XDR). A technology called XDR may gather security data from endpoints, cloud workloads, network email, and many other sources. With all of this threat data at their disposal, security teams can quickly and effectively identify and get rid of security threats across many domains thanks to XDR. 

Granular visibility is offered by XDR platforms across all networks and endpoints. Analysts and threat hunters can concentrate on high-priority threats because they also provide detections and investigations. This is due to XDR's ability to remove from the alert stream abnormalities that have been deemed to be unimportant. Last but not least, XDR systems should include thorough cross-domain threat data as well as information on everything from afflicted hosts and underlying causes to indicators and dates. The entire investigation and treatment procedure is guided by this data.

While threat vectors continue to change every day, security breaches in the cloud are getting more and more frequent. In order to safeguard workloads hosted in the cloud and to continuously advance the maturity of security processes, it is crucial for businesses to understand current cloud risks and use the appropriate technologies and best practises.
Read more »
Subscribe to: Posts (Atom)