August 23, 2024 at 06:36AM Summary: A recent Qilin ransomware attack involved stealing credentials from Google Chrome browsers, using compromised VPN portal credentials, then editing the default domain policy to harvest credentials and erase evidence after exfiltrating them. Ransomware groups continue to evolve tactics, with Russian-speaking groups earning over $500 million from ransomware proceeds and … Read more
August 22, 2024 at 08:34AM Ransomware attacks on critical industrial organizations rose in July, with 34% of 395 attacks targeting this sector. Experts note increased confidence among perpetrators due to limited law enforcement intervention. Additionally, increasing connectivity between operational technology and IT has expanded the attack surface. Meanwhile, the use of infostealer malware continues to … Read more
August 19, 2024 at 04:20PM In the first half of 2024, ransomware victims paid $459.8 million, setting the stage for a new record if payments continue. This is 2% higher than 2023, despite law enforcement operations disrupting ransomware-as-a-service. Large organizations are targeted for larger payments and data theft. Ransomware payment inflows have increased, but total … Read more
August 15, 2024 at 11:10AM Industrial cybersecurity firm Dragos reported a significant increase in ransomware attacks on industrial organizations in Q2 2024 compared to Q1, with 29 of 86 ransomware groups active. The US and Europe were most targeted, and the manufacturing sector was a primary focus. Resurgence of certain groups and evolving tactics indicate … Read more
August 13, 2024 at 11:36AM A Belarussian and Ukrainian dual-national, Maksim Silnikau, was extradited from Poland to the US where he faces charges for distributing malware, scams, and ransomware. His indictments include involvement in malvertising schemes distributing the Angler exploit kit and creating the Ransom Cartel ransomware, with potential penalties of up to 20 years … Read more
August 6, 2024 at 09:42AM Ransomware attacks have evolved from indiscriminate victims to targeted, multi-staged attacks. Attackers infiltrate organizations, eavesdrop on emails, and exfiltrate critical data before encrypting computers and demanding a ransom. This modern method renders traditional recovery systems useless. Ransomware has become organized, with syndicates offering ransomware-as-a-service and state-sponsored attackers joining in. Organizations … Read more
August 2, 2024 at 08:11AM An unnamed Fortune 50 corporation paid a record $75 million to the ransomware gang Dark Angels to prevent terabytes of data from being leaked online. The gang targets one major victim at a time, files of businesses likely to pay up. Zscaler confirms the gang’s stealthy operations and suggests a … Read more
August 1, 2024 at 09:18AM Around 20,000 unpatched VMware ESXi servers, vulnerable to CVE-2024-37085 (CVSS 6.8), are accessible on the internet. It allows threat actors full access, with ransomware groups like Storm-0506 and Octo Tempest exploiting it. The flaw enables administrative control over hypervisors, risking file encryption, VM access, and lateral movement within networks. Urgent … Read more
July 31, 2024 at 01:09PM The latest IBM Cost of Data Breach Report reveals the increasing cost of data breaches, emphasizing the growing importance of understanding security threats and implementing effective defense strategies. The report discusses the impact of AI, the challenges in staffing security teams, and the rise of ransomware attacks, providing valuable insights … Read more
July 30, 2024 at 03:57PM CISA orders U.S. FCEB agencies to secure servers against VMware ESXi vulnerability exploited in ransomware attacks. VMware fixed flaw CVE-2024-37085, allowing attackers to gain admin privileges. Ransomware gangs exploit this to steal data, move laterally, and encrypt ESXi. Agencies have 3 weeks to secure systems under directive BOD 22-01. CISA … Read more