August 20, 2024 at 08:24AM Chainalysis reported an increase in ransomware payments and stolen cryptocurrency in the first half of 2024. While illegal on-chain activity decreased by 20%, ransomware payments rose by 2% to $459.8 million. The median ransom payment increased from $200,000 to $1.5 million. Stolen cryptocurrency losses reached $1.58 billion by July 2024, … Read more
August 19, 2024 at 04:20PM In the first half of 2024, ransomware victims paid $459.8 million, setting the stage for a new record if payments continue. This is 2% higher than 2023, despite law enforcement operations disrupting ransomware-as-a-service. Large organizations are targeted for larger payments and data theft. Ransomware payment inflows have increased, but total … Read more
July 22, 2024 at 12:42PM A recent Europol report highlights the fragmentation of the ransomware threat landscape following the disruption of RaaS groups. This has led to challenges in attribution and increased independence among cybercriminals. Affiliates are now developing their own payloads, while the focus has shifted to targeting small and medium-sized businesses. The report … Read more
April 19, 2024 at 07:48AM The Akira ransomware group has extorted $42 million from over 250 victims by targeting businesses and critical infrastructure worldwide. They initially focused on Windows systems before deploying a Linux variant. The group exploits known vulnerabilities in Cisco appliances and uses various methods to establish persistence and evade detection. Akira is … Read more
April 9, 2024 at 12:02AM A new cybercrime group, CoralRaider, linked to Vietnam, targets individuals and organizations in Asia to steal social media account information and user data. The group relies on social engineering and legitimate services for data exfiltration but has made mistakes. CoralRaider prioritizes financial gain and does not appear to be working … Read more
March 15, 2024 at 09:55AM A new variant of StopCrypt ransomware spotted utilizing multi-stage execution and evading security tools. STOP Djvu, a widely distributed ransomware, targets consumers for small ransom payments. Distributed via malvertising and adware bundles, it infects users with various malware. The new variant employs intricate execution mechanisms, posing a significant threat despite … Read more
February 14, 2024 at 07:15AM Infamous malware loader Bumblebee resurfaces in a new phishing campaign targeting organizations in the U.S. Proofpoint warned about voicemail-themed lures leading to Word files with VBA macros launching PowerShell commands to execute Bumblebee. The attack chain relies on macro-enabled documents, coinciding with reappearance of new variants of QakBot, ZLoader, and … Read more
February 7, 2024 at 04:18PM Flare, a leading CTEM provider, has released a report analyzing the threat landscape and risks to NATO countries posed by initial access brokers (IABs) on Russian hacking forums. The report identified recent IAB activity in 21 out of 31 NATO countries, focusing on targeting critical infrastructure sectors and the US … Read more
February 5, 2024 at 11:42AM Teens engaging in serious cybercrimes, such as swattings, sextortion, and cryptocurrency scams, are a troubling trend. Factors like curiosity, financial pressure, and lack of consequences drive them into cybercrime. Normalization of online mischief and lack of deterrents add to the problem. Solutions call for holding vendors accountable, providing guidance, and … Read more
January 25, 2024 at 11:48AM In 2023, $1.7 billion in cryptocurrency was stolen, down from $3.7 billion in 2022. Decentralized financial systems (DeFi) were targeted, with $1.1 billion stolen, a 64% decrease. North Korean hackers stole slightly over $1 billion, with the number of attacks increasing. Cybersecurity measures are improving, with better collaboration between crypto … Read more