Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Sony Data Breach. Show all posts

Time Taken by Ransomware to Infect Systems Witnesses a Significant Drop


The amount of time it will take for a threat actor to completely infect the targeted system with ransomware has decreased significantly over the past 12 months. 

According to a report published by The Register, the average dwell time — the interval between the start of an assault and the deployment of ransomware — was 5.5 days in 2021 and 4.5 days in 2022. The dwell duration was less than 24 hours last year, but less this year. Ransomware was even distributed within five hours after first access in 10% of cases, according to Secureworks' annual State of the Threat Report.

It is interesting to note that the cybersecurity industry has become much better at spotting the activity that occurs before a ransomware outbreak, which is one of the factors contributing to this dramatic decrease in infection time. Because of this, Secureworks explains, "threat actors are focusing on simpler and quicker to implement operations, rather than big, multi-site enterprise-wide encryption events that are significantly more complex."

Also, this year has witnessed a considerable increase in the number of ransomware victims and data leaks due to the significant emergence of "several new and very active threat groups." Attacks are therefore occurring more frequently and in greater numbers.

The ransomware groups are now majorly utilizing three vectors to try and infect targeted systems. The first is known as scan-and-exploit, which looks for exploitable flaws in a system. When detected, stolen credentials are also exploited, and phishing emails are used to try to deceive people into giving attackers access to secure systems quickly.

Currently, Sony is one of the most recent high-profile victims of ransomware gang, but the company did not yet reveal the extent to which its systems are affected or data stolen. Another ransomware attack was recently witnessed in a Danish cloud-hosting company that compromised most of its customer data. Furthermore, a case came to light when the LockBit ransomware gang stole data from 8.9 million dental insurance customers earlier this year. 

However, on a positive note, the FBI was able to take down the renowned Qakbot botnet, which was revealed to be in charge of 700,000 compromised machines and was utilized in numerous ransomware assaults.  

After Attack on Sony, PLAYSATION Released Advisory With 5 Essential Steps

In the aftermath of the reported cyberattack by the hacker group Ransomed.vc on Sony, PLAYSTATION has issued a crucial advisory to its users. Back in 2011, the PlayStation Network experienced a hack that resulted in the compromise of personal information and passwords for approximately 70 million users. 

Given the potential exposure of personal information and passwords for millions of PlayStation owners, the company recommends taking the following five essential steps to safeguard the system.   

1. Change your password, avoid repetition, and make substantial changes. 

Regular Password Updates: It's crucial to refresh your passwords regularly. Ensure to keep them confidential and update the passwords for your accounts and devices every six months. 

Avoid Repetition: Never use the same password for different accounts (e.g., your social media password should differ from your banking password, and so on). 

Substantial Changes: When updating your password, make sure to implement significant alterations. Avoid simple substitutions like replacing a letter with a number. 

"If you own or use a PlayStation, we recommend changing your PlayStation Network (PSN) password immediately as a precaution. Make sure to use a strong and unique password that uses a combination of letters, numbers, and symbols. Consider using a password generator, such as LastPass. This is a free tool which is accessible on Google," the experts from the PLAYSTATION said in the advisory. 

2. Two-factor authentication

It means you need two different ways of proving it's really you before you can get into your PSN account. This extra step helps make sure your account and the stuff in it stay safe. 

This security measure entails entering a code, usually sent via text message or another service, after providing your username and password. Even if a hacker manages to decipher your password, this additional step significantly deters unauthorized access to your account.   

3. Stay vigilant with account monitoring 

Remaining vigilant about your Sony accounts is a smart move to ensure everything stays secure. Experts advise setting up alerts to prompt you for regular checks. They also stress the importance of reporting any unusual activity promptly, suggesting contacting both your bank and Sony immediately. This proactive approach helps maintain the safety of your accounts. 

4. Reach Out to Sony Support

If you think someone may have accessed your account without permission, reach out to Sony's customer support right away. The experts also recommend giving them a call first and then sending an email to keep a record of your communication. This way, the company can help you quickly and efficiently. 

5. Stay Informed with Updates 

The organization's experts emphasized the importance of staying informed. They suggested keeping an eye on reliable news sources and watching for official updates from Sony. This way, you'll be well-informed about the situation. 

"These updates might come in the form of a press release or a statement on the company website or social media profile. They will likely detail the next steps to take,” said the experts.

RansomedVC Ransomware Group Claims to Have Breached Sony Network


A Ransomware group called ‘RansomedVC’ claims to have successfully breached the networks of conglomerate and entertainment giant Sony Group Corporation. It is threatening to sell the supposedly stolen data on the dark web.

According to a report by Cyber Security Connect, the ransomware group has compromised Sony’s systems and says that since the company was not willing to fulfil its ransom demands, the stolen data has already been sold. 

RansomedVC, in their dark web portal, states that "We have successfully compromised [sic] all of Sony systems. We wont ransom them! we will sell the data. due to Sony not wanting to pay. DATA IS FOR SALE[…]"WE ARE SELLING IT". 

However, since Sony has not yet confirmed the claims, it is possible that they are false, or at least overstated. 

It appears that Sony is not overly concerned over the issue, given that the ransomware group has not shared any interesting information, despite the fact that it has provided some proof-of-hack data. Reportedly, there are images of a testbench information-filled PowerPoint presentation from Sony's Quality Assurance Division, a screenshot of an internal login page, and several Java files.

Also, RansomedVC has shared a file tree of the data breach. It contains not more than 6,000 files, a small number indeed when compared with the sizable conglomerate data. The stolen data includes “build log files,” a wide range of Java resources, and HTML files, and files displaying Japanese characters. 

While the issue does not appear to be serious at the moment, it must be taken into account that RansomedVC was in fact behind some of the most infamous attacks, such as the assault on the Hawaiian government-owned website. 

Previous Attacks on Sony

Private data from about 77 million accounts was compromised in 2011 as a result of an external breach into Sony's PlayStation Network and Qriocity services. Additionally, it made it impossible for PlayStation 3 and PlayStation Portable users to access the service. The blackout lasted for 23 days.

In 2014, Sony Pictures was hacked by a threat group called ‘Guardians of Peace.’ The organization asked that Sony delete the then-upcoming film The Interview, a comedy portraying a plan to assassinate North Korean leader Kim Jong-un. Officials came to the conclusion that the attack was supported by the North Korean government.    

RasomedVC: Ransomware Group Claims to Have Breached Sony’s Computer Systems


A newly discovered ransomware group, RansomedVC confirmed to have exploited the computer systems of entertainment giant Sony. Apparently, the announcement was made in a dark web portal.

The announcement states that Sony’s data is for sale: “Sony Group Corporation, formerly Tokyo Telecommunications Engineering Corporation, and Sony Corporation, is a Japanese multinational conglomerate corporation headquartered in Minato, Tokyo, Japan.

"We have successfully compromised [sic] all of Sony systems. We won't ransom them! we will sell the data. due to Sony not wanting to pay. DATA IS FOR SALE.”

Since Sony has not yet commented on the claim, they may still be false or perhaps more likely, exaggerated. 

However, if RansomedVC's claims are true, Sony seems to have not yet caved to their demands.

Sony will join a rather long list of game and entertainment companies that have had data stolen or ransomed if it confirms the breach. Due to the high value and high visibility of their intellectual property, gaming companies are frequent targets for theft and extortion.

Capcom and Ubisoft were notable victims in 2020, and CD PROJEKT RED, the company behind Cyberpunk 2077 and Witcher 3, was a victim in 2021— the same year that Electronic Arts had its source code for FIFA 21 stolen. In 2022, Rockstar Games experienced a significant breach by the short-lived Lapsus$ gang, while Bandai Namco came under a ransomware attack.

In case the claims are true, Sony’s customers must take measures in order to safeguard their data. While the information on the matter is still vague, here we are mentioning specific measures in case a customer is suffering a data breach or potential ransomware attack:

  • Block potential forms of entries: Establish a strategy for swiftly correcting internet-facing system vulnerabilities; stop or harden VPNs and RDP remote access; and utilize endpoint security software to identify malware and exploits that spread ransomware. 
  • Detect intrusions: By segmenting networks and carefully allocating access privileges, you can make it more difficult for intruders to function inside your company. To spot anomalous activity before an assault happens, use MDR or EDR.
  • Install endpoint detection and response software: Malwarebytes EDR, for example, can detect ransomware using a variety of detection methods and perform ransomware rollbacks to restore corrupted system data. 
  • Create offsite and offline backups.

About RanomedVC 

RansomedVC initially came to light by Malwarebytes researchers in August 2023. Apparently, the ransomware group had mentioned the details of nine of its victims on its dark website. The threat to report victims for General Data Protection Regulation (GDPR) violations is the only deviation it makes from the typical cut-and-paste criminality of ransomware gangs. While it obviously is not what it claims to be—a "digital tax for peace"—it does call itself that. This has been said multiple times before, and each time it is merely a money grab.