Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Ransomware. Show all posts
Ransomware
Credentialstealing Cyber Security Cybersecurity IdentityTheft infostealers phishing Ransomware

Cybercriminals Shift Tactics Towards Stealth and Identity Theft: IBM X-Force 2025 Report

 

iThe IBM X-Force 2025 Threat Intelligence Index highlights a growing trend of cybercriminals adopting more covert attack strategies. Drawing from analysis of over 150 billion security events daily across 130+ countries, the report notes an 84% spike in email-delivered infostealers in 2024 compared to the previous year. This surge signals a marked pivot towards credential theft, even as enterprise-targeted ransomware attacks show a notable decline.

“Cybercriminals are most often breaking in without breaking anything – capitalising on identity gaps overflowing from complex hybrid cloud environments that offer attackers multiple access points,” said IBM cybersecurity services global managing partner Mark Hughes. “Businesses need to shift away from an ad-hoc prevention mindset and focus on proactive measures such as modernising authentication management, plugging multi-factor authentication holes and conducting real-time threat hunting to uncover hidden threats before they expose sensitive data.”

The report found that critical infrastructure organisations bore the brunt of attacks, accounting for 70% of incidents handled by IBM X-Force last year. More than a quarter of these breaches exploited system vulnerabilities. Data theft (18%) overtook encryption-based attacks (11%) as the preferred method, reflecting improvements in detection tools and increased law enforcement pressure, which have forced threat actors to rethink their strategies.

Asia and North America emerged as the primary targets, together representing almost 60% of all global attacks. Asia faced 34% of the incidents, while North America encountered 24%. For the fourth consecutive year, the manufacturing industry remained the most impacted sector, attributed to its sensitivity to operational disruptions and susceptibility to ransomware.

Emerging AI-related threats also garnered attention. Although no major AI-focused attacks surfaced in 2024, security teams are racing to find and patch vulnerabilities before they are exploited. A critical remote code execution flaw within an AI development framework is expected to gain traction in 2025 as adoption grows. Experts warn that attackers may soon develop dedicated toolkits aimed specifically at AI systems, underlining the urgent need to secure AI infrastructure.Persistent challenges in critical infrastructure security largely stem from outdated technologies and delayed patch management. IBM X-Force revealed that vulnerabilities accounted for over 25% of exploited incidents. Analyzing discussions on dark web forums showed that four of the ten most talked-about CVEs were associated with advanced threat groups, including state-sponsored actors, escalating the risks of disruption and extortion.

Research in collaboration with Red Hat Insights found that over 50% of Red Hat Enterprise Linux users had not patched at least one critical vulnerability, with 18% leaving five or more critical CVEs unaddressed. Moreover, ransomware variants like Akira, Lockbit, Clop, and RansomHub have expanded their capabilities to affect both Windows and Linux systems.

A sharp rise in phishing campaigns distributing infostealers was another key finding, with a 180% jump compared to 2023. The use of credential phishing and infostealers enables hackers to swiftly exfiltrate sensitive information while maintaining a low profile.

While ransomware still accounted for 28% of malware attacks in 2024, its overall prevalence declined compared to previous years. Cybercriminals are increasingly shifting towards identity-based attacks, adapting to countermeasures that have made traditional ransomware operations more difficult.
Read more »
Ransomware
AI Akira Credentials Cyber Crime IBM phishing Ransomware

Cybercriminals Are Now Focusing More on Stealing Credentials Than Using Ransomware, IBM Warns

 



A new report from IBM’s X-Force 2025 Threat Intelligence Index shows that cybercriminals are changing their tactics. Instead of mainly using ransomware to lock systems, more hackers are now trying to quietly steal login information. IBM studied over 150 billion security events each day from 130+ countries and found that infostealers, a type of malware sent through emails to steal data, rose by 84% in 2024 compared to 2023.

This change means that instead of damaging systems right away, attackers are sneaking into networks to steal passwords and other sensitive information. Mark Hughes, a cybersecurity leader at IBM, said attackers are finding ways into complex cloud systems without making a mess. He also advised businesses to stop relying on basic protection methods. Instead, companies should improve how they manage passwords, fix weaknesses in multi-factor authentication, and actively search for hidden threats before any damage happens.

Critical industries such as energy, healthcare, and transportation were the main targets in the past year. About 70% of the incidents IBM helped handle involved critical infrastructure. In around 25% of these cases, attackers got in by taking advantage of known flaws in systems that had not been fixed. Many hackers now prefer stealing important data instead of locking it with ransomware. Data theft was the method in 18% of cases, while encryption-based attacks made up only 11%.

The study also found that Asia and North America were attacked the most, together making up nearly 60% of global incidents. Asia alone saw 34% of the attacks, and North America had 24%. Manufacturing businesses remained the top industry targeted for the fourth year in a row because even short outages can seriously hurt their operations.

Emerging threats related to artificial intelligence (AI) were also discussed. No major attacks on AI systems happened in 2024, but experts found some early signs of possible risks. For example, a serious security gap was found in a software framework used to create AI agents. As AI technology spreads, hackers are likely to build new tools to attack these systems, making it very important to secure AI pipelines early.

Another major concern is the slow pace of fixing vulnerabilities in many companies. IBM found that many Red Hat Enterprise Linux users had not updated their systems properly, leaving them open to attacks. Also, ransomware groups like Akira, Lockbit, Clop, and RansomHub have evolved to target both Windows and Linux systems.

Lastly, phishing attacks that deliver infostealers increased by 180% in 2024 compared to the year before. Even though ransomware still accounted for 28% of malware cases, the overall number of ransomware incidents fell. Cybercriminals are clearly moving towards quieter methods that focus on stealing identities rather than locking down systems.


Read more »
Supermarket
Cybersecurity Data Breach Ransomware Retail Supermarket

Ahold Delhaize Confirms Data Breach Following Cyberattack in U.S. Operations

 

Ahold Delhaize, one of the globe’s leading food retail giants, has officially acknowledged a data breach involving sensitive information from its U.S. operations following a cyberattack in November 2024.

The confirmation followed after ransomware group INC Ransom listed the company on its leak site, sharing alleged stolen documents as proof of the breach.

"Based on our investigation to date, certain files were taken from some of our internal U.S. business systems," a spokesperson for Ahold Delhaize told BleepingComputer. "Since the incident was detected, our teams have been working diligently to determine what information may have been affected."

In November 2024, Ahold Delhaize had disclosed a cybersecurity breach that prompted the temporary shutdown of segments within its IT infrastructure. The disruption impacted some of its U.S. brands and services, including pharmacies and e-commerce operations.

"This issue and subsequent mitigating actions have affected certain Ahold Delhaize USA brands and services including a number of pharmacies and certain e-commerce operations," the company stated at the time.

The investigation remains ongoing. The company has assured that if any personal data is confirmed to be compromised, affected individuals will be notified accordingly.

"If we determine that personal data was impacted, we will notify affected individuals as appropriate. In addition, we have notified and updated law enforcement," Ahold Delhaize added.

While the full impact is yet to be determined, the company emphasized that all stores and online platforms are functioning normally. The spokesperson confirmed that customers should not expect any disruptions as a result of the breach.

As a Dutch-Belgian multinational with over 7,900 stores across Europe, the U.S., and Indonesia, Ahold Delhaize caters to around 72 million shoppers each week, making the protection of customer data critical.
Read more »
Ransomware
Breach Compliance Cybersecurity Data Breach DaVita dialysis Healthcare Hospital incident ITsecurity patientcare Ransomware

DaVita Faces Ransomware Attack, Disrupting Some Operations but Patient Care Continues

 

Denver-headquartered DaVita Inc., a leading provider of kidney care and dialysis services with more than 3,100 facilities across the U.S. and 13 countries, has reported a ransomware attack that is currently affecting parts of its network. The incident, disclosed to the U.S. Securities and Exchange Commission (SEC), occurred over the weekend and encrypted select portions of its systems.

"Upon discovery, we activated our response protocols and implemented containment measures, including proactively isolating impacted systems," DaVita stated in its SEC filing.

The company is working with third-party cybersecurity specialists to assess and resolve the situation, and has also involved law enforcement authorities. Despite the breach, DaVita emphasized that patient care remains ongoing.

"We have implemented our contingency plans, and we continue to provide patient care," the company noted. "However, the incident is impacting some of our operations, and while we have implemented interim measures to allow for the restoration of certain functions, we cannot estimate the duration or extent of the disruption at this time," the company said.

With the investigation still underway, DaVita acknowledged that "the full scope, nature and potential ultimate impact on the company are not yet known."

Founded 25 years ago, DaVita reported $12.82 billion in revenue in 2024. The healthcare giant served over 281,000 patients last year across 3,166 outpatient centers, including 750+ hospital partnerships. Of these, 2,657 centers are in the U.S., with the remaining 509 located in countries such as Brazil, Germany, Saudi Arabia, Singapore, and the United Kingdom, among others. DaVita also offers home dialysis services.

Security experts warn that the scale of the incident could have serious implications.

"There is potential for a very large impact, given DaVita’s scale of operations," said Scott Weinberg, CEO of cybersecurity firm Neovera. "If patient records were encrypted, sensitive data like medical histories and personal identifiers might be at risk. DaVita has not reported data exfiltration, so it’s not clear if data was stolen or not."

Weinberg added, "For dialysis patients needing regular treatments to survive, this attack is extremely serious. Because of disrupted scheduling or inaccessible records, this could lead to health complications. Ransomware disruptions in healthcare may lead to an increase in mortality rates, especially for time-sensitive treatments such as dialysis."

The breach may also bring regulatory challenges due to DaVita’s international footprint.

"Regulations can differ with respect to penalties and reporting requirements after a breach based on the country and even the state in which the patients live or were treated," said Erich Kron, security awareness advocate at KnowBe4.

"A serious cybersecurity incident that affects individuals in multiple countries can be a legal nightmare for some organizations," Kron said. "However, this is something that organizations should plan for and be prepared for prior to an event ever happening. They should already know what will be required to meet regulatory standards for the regions in which they operate."

In a separate statement to Information Security Media Group, DaVita added, "We have activated backup systems and manual processes to ensure there's no disruption to patient care. Our teams, along with external cybersecurity experts, are actively investigating this matter and working to restore systems as quickly as possible."

This cyberattack mirrors similar recent disruptions within the healthcare industry, which continues to be a frequent target.

"The healthcare sector is always considered a lucrative target because of the serious sense of urgency whenever IT operations are disrupted, not to mention potentially disabled," said Jeff Wichman, director of incident response at Semperis. "In case of ransomware attacks, this serves as another means to pressure the victim into paying a ransom."

He added, "At this time, if any systems administering dialysis have been disrupted, the clinics and hospitals within DaVita’s network are most certainly operating machines manually as a last resort and staff are working extremely hard to ensure patient care doesn’t suffer. If any electronic machines in their network are down, the diligence of staff will fill the gaps until electronic equipment is restored."

DaVita joins a growing list of specialized healthcare providers facing cybersecurity breaches in 2025. Notably, Community Care Alliance in Rhode Island recently reported a hack that impacted 115,000 individuals.

In addition, DaVita has previously disclosed multiple health data breaches. The largest, in July 2024, affected over 67,000 individuals due to unauthorized server access linked to the use of tracking pixels in its patient-facing platforms.
Read more »
VPN
At-Bay Cyber Security CyberCrime Cyberhackers CyberThreat Digital Threat RaaS Ransomware remote access VPN

Increasing Exploitation of Remote Access Tools Highlights Ransomware Risks

 


Among the latest findings from cybersecurity insurance provider At-Bay, ransomware incidents witnessed a significant resurgence in 2024, with both the frequency and the severity of these attacks escalating significantly. Based on the firm's 2025 InsurSec Report, ransomware activity rose 20 percent from the previous year, returning to the high level of threat that had been experienced in 2021, when ransomware activity soared to 20 per cent. 

There is an overwhelmingly large number of remote access tools and virtual private networks (VPNS) that have been exploited as entry points for these attacks, according to the report. In particular, mid-market organisations, particularly those with annual revenues between $25 million and $100 million, have been severely hit by this surge, with targeted incidents on the rise by 46 per cent. As a result of the At-Bay claims data, it is apparent that the severity of ransomware breaches has increased by 13 per cent year over year, highlighting how sophisticated and financially destructive these threats are becoming. 

It was also found that attacks originating from third parties, such as vendors and service providers, have increased by 43 per cent, compounding the risk. It is also important to note that the economic toll of these supply chain-related incidents increased by 72 per cent on average, which increased the overall cost associated with them. This study highlights the need to reassess the cybersecurity postures of businesses, especially those that are reliant on remote access infrastructure, as well as strengthen defences across the entire digital ecosystem. 

A study published by At-Bay highlights the widespread misuse of conventional cybersecurity tools, particularly those intended to enhance remote connectivity, as well as the deterioration of the effectiveness of traditional cybersecurity tools. Virtual private networks (VPNS) and remote access software, which are frequently deployed to ensure secure access to internal systems from off-site, are increasingly being repurposed as a gateway for malicious activities. 

As a matter of fact, At-Bay’s analysis illustrates a concerning trend that threatens the flexibility of work environments. Threat actors are frequently exploiting these same tools to get access to corporate networks, extract sensitive data, and carry out disruptive operations. Due to their visibility on the public internet, cybercriminals are actively searching for potential vulnerabilities in these systems to attack them. 

The Remote Access Tools are essentially a front door that provides access to your company's network and can typically be viewed by the general public. For that reason, remote access tools are prone to being attacked by attackers, according to Adam Tyra, Chief Information Security Officer for At-Bay's customer service department. In addition to this, the report highlights the disproportionately high risk posed by mid-sized enterprises, which generate annual revenue of between $25 million and $100 million. 

The number of direct ransomware claims has increased significantly within the segment, which highlights both the increased exposure to cyber threats as well as the potential limitations in resources available to defend against them. As part of this report, the authors point out that “remote” ransomware activity has increased dramatically, a tactic that has gained considerable traction among threat actors over the past few years. 

In 2024, this type of attack is expected to have increased by 50 per cent compared to the year before, representing an astounding 141 per cent increase since the year 2022. As far as traditional endpoint detection systems are concerned, remote ransomware campaigns are typically carried out by unmanaged or personal devices. In these kinds of attacks, rather than deploying a malicious payload directly onto the victim's machine, networks file-sharing protocols are used to access and encrypt data between connected systems by using the network file-sharing protocol. Therefore, the encryption process is often undetected by conventional security tools, such as malware scanners and behaviour-based defences. 

These stealth-oriented methodologies pose a growing challenge to organizations, particularly small and medium-sized businesses (SMBS), as a result of this stealth-oriented methodology. In the study conducted by Sophos Managed Detection and Response (MDR), the most common threat vector in the SMB sector is ransomware and data exfiltration, which accounted for nearly 30 per cent of all cases tracked within this sector. 

Even though sophisticated attack techniques are on the rise, the overall volume of ransomware-related events in 2024 saw a slight decline in volume compared with 2023 despite the rise in sophisticated attack techniques. There has been a marginal decrease in ransomware-as-a-service (Raas) incidents. 

The advancement of defensive technologies and the dismantling of several of the most high-profile ransomware-as-a-service (Raas) operations have both contributed to this decline. This combined study emphasises the urgent need for businesses to modernise their cybersecurity strategies, invest in proactive threat detection, and strengthen the security of their remote access infrastructure to combat cybercrime. 

With the development of ransomware tactics in complexity and scale, the resilience of organisations targeted by these threats has also evolved. As a result of these developments, organisations are increasingly expected to reevaluate their risk management frameworks to adopt a more proactive cybersecurity policy. To ensure that a robust defense strategy is implemented, it is imperative that remote access security systems are secured and access controls are implemented and advanced monitoring capabilities are deployed. 

Besides raising awareness of cybersecurity throughout the workforce and fostering close cooperation between technology and insurance partners, it is also possible to significantly reduce the risk of ransomware being a threat to organisations. In the wake of cyber adversaries that keep improving their methods, businesses will have to take not only technical measures to strengthen their resilience, but also a wide range of strategic measures to anticipate and neutralise emergent attack vectors before they can cause significant damage.
Read more »
VPN
Breach Cyber Security DomainControllers Hackers Ransomware Reconnaissance VPN

Majority of Human-Operated Cyberattacks Target Domain Controllers, Warns Microsoft

 

Microsoft has revealed that nearly 80% of human-operated cyberattacks involve compromised domain controllers, according to a recent blog post published on Wednesday. Alarmingly, in over 30% of these incidents, attackers use the domain controller—a central system in corporate IT networks—to spread ransomware across the organization.

A breached domain controller can give hackers access to password hashes for every user in the system. With these credentials, cybercriminals can identify and exploit privileged accounts, including those held by IT administrators. Gaining control of these accounts allows attackers to escalate their access levels.

"This level of access enables them to deploy ransomware on a scale, maximizing the impact of their attack," Microsoft stated.

One such attack, observed by the tech giant, involved a group known as Storm-0300. The hackers infiltrated a company’s systems by exploiting its virtual private network (VPN). After acquiring administrator credentials, they tried to access the domain controller through the remote desktop protocol (RDP). Once inside, they carried out a series of actions including reconnaissance, bypassing security measures, and escalating their privileges.

Despite the growing frequency of attacks, Microsoft emphasized the difficulty in protecting domain controllers due to their critical role in network management and authentication.

Defenders often face the challenge of “striking the right balance between security and operational functionality,” the blog noted.

To improve protection, Microsoft suggested enhancing domain controllers’ ability to differentiate between legitimate and malicious activity—an essential step toward minimizing server compromises.

Jason Soroko, senior fellow at cybersecurity firm Sectigo, stressed the importance of proactive security measures.

"Ultimately, even the most advanced defense mechanisms may falter if misconfigured or if legacy systems create vulnerabilities. Hence, vigilant customer-side security practices are critical to fortifying these systems against modern cyberthreats," Sectigo said.

While Microsoft offers strong protective tools, their success hinges on users maintaining up-to-date systems and activating features like multifactor authentication.


Read more »
Ransomware
Cyber Crime Everest Gang Hackers Personal Data Ransomware

Cybercriminal Group's Website Taken Over by Unknown Hacker

 


A criminal group known for using ransomware was recently caught off guard when its own website was tampered with. The website, which the gang normally uses to publish stolen data from their victims, was replaced with a short message warning against illegal activity. The message read: “Don’t do crime. CRIME IS BAD. xoxo from Prague.” What a sneaky way to reference gossip girl, isn't it? 

At the time of this report, the website remained altered. It is not yet known if the person or group behind the hack also accessed any files or data belonging to the ransomware gang.

The group, known by the name Everest, has been involved in several cyberattacks since it first appeared in 2020. It is believed to be based in Russia. Over the years, Everest has taken credit for stealing large amounts of data, including information from a popular cannabis store chain, which affected hundreds of thousands of customers. Government agencies in the United States and Brazil have also been listed among their victims.

Ransomware attacks like these are designed to scare companies and organizations into paying money in exchange for keeping their private information from being made public. But recent reports suggest that fewer victims are giving in to the demands. More businesses have started refusing to pay, which has made these attacks less profitable for criminals.

While international law enforcement agencies have had some success in shutting down hacking groups, Everest has managed to stay active. However, this incident shows that even experienced cybercriminals are not safe from being attacked themselves. Some believe this could have been done by a rival group, or possibly even someone from within the gang who turned against them.

It’s also not the first time that cybercrime groups have been sabotaged. In the past few years, other well-known ransomware gangs have faced setbacks due to both police actions and internal leaks.

This unusual case is forces us to face the inevitable reality that no one is completely untouchable online. Whether it’s a company or a hacker group, all digital systems can have weak points. People and organizations should always keep their online systems protected and stay alert to threats.

Read more »
WhiteHat
Compliance Cyber Security Encryption EthicalHacking Firewalls PenTesting Ransomware Vulnerabilities WhiteHat

Ethical Hacking: The Cyber Shield Organizations Need

 

Ethical hacking may sound paradoxical, but it’s one of the most vital tools in modern cyber defence. Known as white hat hackers, these professionals are hired by companies to simulate cyberattacks, uncover vulnerabilities, and help fix them before malicious actors can strike.

“Ethical hackers mimic real-world threats to identify and patch security flaws. It’s about staying a step ahead of the bad guys,” says a cybersecurity expert.

As cyber threats surge globally, ethical hackers are in high demand. A recent Check Point Software report revealed a staggering 44% rise in global cyberattacks. From ransomware gangs to state-sponsored intrusions, the risks are growing—and the need for skilled defenders is greater than ever.

The ethical hacking process begins with reconnaissance—mapping a company’s digital infrastructure. Next comes scanning and vulnerability testing, using the same techniques as criminal hackers. Once issues are identified, they’re reported, not exploited. Some ethical hackers work independently, participating in bug bounty programs for companies like Google and Microsoft.

Industries like finance, healthcare, and tech—where sensitive data is a prime target—rely heavily on ethical hackers. Their techniques include penetration testing, system and network hacking, internal assessments, and web application testing.

In 2019, a team at Positive Technologies uncovered a Visa card flaw that could’ve allowed contactless payments to exceed set limits—just one example of ethical hacking saving the day.

Penetration testing simulates real breaches, such as injecting code, overloading systems, or intercepting data. System hacking targets devices with tools to crack passwords or exploit system weaknesses. Internal testing flags human errors, like weak credentials or poor security training. Web app testing scans for issues like XSS or SQL injections before launch. Network hacking exposes flaws in protocols, open ports, or wireless vulnerabilities.

The biggest advantage? Ethical hackers reveal blind spots that internal teams might miss. They prevent data breaches, build customer trust, and ensure compliance with regulatory standards—saving organizations from reputational and financial harm.

“Finding flaws isn’t enough. Ethical hackers offer the roadmap to fix them—fast,” a security analyst shares.

With the right skills, anyone can break into this field—often with significant rewards. Major companies offer million-dollar payouts through bug bounty programs. Many ethical hackers hold certifications like CEH, OSCP, or CySA+, with backgrounds ranging from military service to degrees in computer science.

The term “hacker” doesn’t always mean trouble. Ethical hackers use the same tools as their criminal counterparts—but to protect, not exploit. In today’s digital battlefield, they’re the unsung heroes safeguarding the future.


Read more »
Subscribe to: Posts (Atom)