Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label company data theft. Show all posts
trending news
company data theft corporate cyber attacks cyberattacks trending news malware News trending news

BianLian Ransomware Gang Shifts Tactics: A New Era of Cyber Threats

 

A recent advisory from the FBI, CISA, and Australia’s Cyber Security Centre reveals a tactical shift by the ransomware group BianLian, marking a significant evolution in cyber extortion. The update, issued on November 20, 2024, highlights how the group has abandoned traditional encryption-based attacks in favor of exfiltration-only extortion, a trend gaining momentum across the cybercrime landscape. Previously known for their double-extortion model—encrypting victims' data while threatening to release stolen files—BianLian has moved exclusively to encryption-less attacks since early 2023. 

Instead of locking victims out of their systems, the group focuses solely on stealing sensitive data and leveraging it to demand ransoms. This new approach leaves the victims’ systems intact, but their sensitive information becomes the ultimate bargaining chip. “This method allows criminals to exploit multiple avenues for extortion,” the advisory states. “Even when victims pay, stolen data is rarely deleted and often surfaces on the Dark Web.” 

The shift reflects both a response to improved corporate defenses and a focus on operational efficiency. Muhammad Yahya Patel, lead security engineer at Check Point Software, noted that exfiltration-only attacks require fewer resources, making them harder to detect. “This tactic reduces the need for encryption malware, minimizing operational complexity and allowing attackers to stay under the radar,” Patel explained. 

Organizations with robust backup systems can recover from encryption-based attacks, diminishing their effectiveness. Pedro Umbelino, principal research scientist at Bitsight, observed, “Encryption rarely leads to data loss now, but companies still fear the public release of stolen data. Ransomware operators are prioritizing simpler methods to maximize profit.” The trend extends beyond BianLian. Darren Williams, CEO of BlackFog, revealed that 94% of ransomware attacks in 2024 now center on data theft rather than encryption. 

“The value of intellectual property, customer, and personal data has made exfiltration the preferred method for cybercriminals,” Williams noted. 

For organizations, this shift underscores the urgency of adapting cybersecurity defenses. Unlike encryption attacks, data exfiltration is harder to detect and often unnoticed until it’s too late. Investing in advanced monitoring tools, enhancing incident response plans, and fostering a culture of cybersecurity awareness are critical steps in mitigating this emerging threat. The rise of exfiltration-only ransomware is a stark reminder of cybercriminals’ adaptability. Businesses must evolve their defenses to match the growing sophistication of their adversaries.
Read more »
Russian cybercrime forum
Abnormal Security report company data theft Cyber Fraud cybercriminal blackmail DocuSign phishing scams fake DocuSign templates phishing email increase Russian cybercrime forum

Scammers Use Phony DocuSign Templates to Blackmail and Defraud Companies

 

Phishing emails impersonating DocuSign are on the rise, driven by a thriving underground market for fake templates and login credentials.

In the past month, researchers from Abnormal Security have observed a significant increase in phishing attacks designed to mimic legitimate DocuSign requests. Their investigation led them to a Russian cybercrime forum where sellers offered a variety of templates resembling authentic emails and documents.

DocuSign, a leading document-signing software, has long been a prime target for phishers due to its popularity and the sensitive nature of the documents it handles. DocuSign emails are generally generic, making them easy to forge with a large, conspicuous yellow button that tempts users to click. Mike Britton, CISO of Abnormal Security, explains, "People are conditioned to recognize and trust the typical appearance of DocuSign emails. In my weekly routine, I encounter multiple DocuSign requests and often click on them without a second thought."

To create convincing DocuSign phishing emails, attackers can painstakingly design authentic-looking templates from scratch or, more efficiently, purchase pre-made malicious templates from online marketplaces. According to Britton, these templates, which can mimic DocuSign, Amazon, PayPal, and other platforms, can be bought for as little as $10.

With these inexpensive resources, attackers craft phishing emails to deceive employees into revealing personal information or redirecting them to fake login pages to steal their DocuSign credentials. The stolen data is then used by the attackers or sold to other cybercriminals.

Cheap login credentials allow hackers to access employees' DocuSign histories, revealing sensitive documents from recent months. Information from employer contracts, vendor agreements, and payment details can be used for blackmail or sold to other attackers. Hackers can also identify new targets and impersonate specific individuals within a company.

For instance, an attacker might time a fraudulent payment request to coincide with a company's regular vendor payment schedule. By using information from a compromised employee's DocuSign history, they can convincingly impersonate a superior or a vendor's finance department contact, attaching real documents for reference.

To mitigate these risks, Abnormal Security advises employees to be vigilant about suspicious email sender addresses, impersonal greetings, and unusually short DocuSign security codes. Employees should open documents directly from the company's website rather than via email and avoid opening unexpected documents.

"Everyone is busy," Britton notes. "Whether in the office or working in a hybrid environment, the safest approach is to verify emails by calling the sender directly to confirm their legitimacy."
Read more »
Subscribe to: Posts (Atom)