August 28, 2024 at 05:13AM The threat group Bling Libra, known for the Ticketmaster breach, has evolved its tactics from data theft to extortion-based attacks targeting cloud environments. Using stolen credentials, they infiltrate AWS, exfiltrate data, and demand ransom. Weak authentication practices leave organizations vulnerable, emphasizing the need for multifactor authentication and secure IAM solutions … Read more
August 2, 2024 at 04:01PM A Fortune 50 company paid a record-breaking $75 million ransom to the cybercriminal group Dark Angels, exceeding all previous confirmed ransom payments. Dark Angels targets high-value victims and exfiltrates large amounts of sensitive data, operating with subtlety and avoiding business disruption. However, Zscaler predicts that their tactics could inspire other … Read more
July 10, 2024 at 06:08AM Ransomware groups are evolving beyond encrypting and demanding payments to stealing sensitive information with custom malware. Cisco Talos revealed key tactics and identified 14 prominent ransomware groups, emphasizing their unique goals and activities. These groups employ double-extortion tactics and offer bespoke malware for data exfiltration. They utilize social engineering and … Read more
June 27, 2024 at 12:24AM Cyberespionage group ChamelGang uses CatB ransomware to target high-profile organizations globally, posing challenges for attribution. Their sophisticated attacks focus on government and critical infrastructure entities, employing ransom notes and bitcoin payments. Additionally, they leverage BestCrypt and BitLocker in separate activities, impacting organizations mainly in North America, South America, and Europe. … Read more
June 5, 2024 at 08:00AM Mandiant’s new threat research revealed a resurgence in criminal extortion in 2023, with more ransomware investigations and a 75% increase in data leak site postings. The use of data exfiltration and breach-shaming in ransomware attacks is growing, with criminals exploring payment in Monero cryptocurrency. The report highlights evolving ransomware techniques … Read more
May 23, 2024 at 01:39PM Ransomware attacks on VMware ESXi infrastructure show a consistent pattern, targeting virtualization platforms due to inherent misconfigurations and vulnerabilities. The attacks involve various steps, including initial access, privilege escalation, ransomware deployment, and data exfiltration. Organizations are advised to implement monitoring, robust backups, strong authentication, and network restrictions to mitigate these … Read more
May 12, 2024 at 04:11PM Last year saw a record high in ransomware attacks, affecting over 4,500 victims. Drew Schmitt, a professional negotiator for ransomware incidents, discussed evolving tactics of criminal gangs and the debate over banning ransom payments. Schmitt emphasized the complexity of the issue and the need for a multi-pronged approach to combating … Read more
February 16, 2024 at 11:12AM Alpha ransomware, emerging in 2023 with a low profile, has recently ramped up attacks and launched a data leak site. Symantec links it to the now-defunct Netwalker ransomware based on tools and tactics, indicating a strong link between the two. Alpha, an emerging threat, demands between 0.272 BTC and up … Read more
January 25, 2024 at 06:22AM The 2023/2024 Axur Threat Landscape Report analyzes cyber threats from the Surface, Deep, and Dark Web and the impact of geopolitical factors. It highlights a threefold increase in leaked card details, credential leaks, brand misuse, evolving fraud tactics, takedown success rates, Deep & Dark Web insights, and the use of … Read more
December 13, 2023 at 06:03AM Ransomware groups are shifting towards a more open and corporate approach, engaging with the media and using public pressure tactics. They communicate through channels like Telegram, and news coverage increases pressure on victims. Some groups engage with the media professionally, while others take a hostile stance. This strategy aims to … Read more