Scottish Environment Protection Agency (SEPA) said its digital systems have been severely affected by a ransomware attack since Christmas Eve. Threat actors have locked agency's emails and contact centers and are demanding a ransom to unlock them.
Scottish Environment Protection Agency (SEPA) said its digital systems have been severely affected by a ransomware attack since Christmas Eve. Threat actors have locked agency's emails and contact centers and are demanding a ransom to unlock them.
One of the biggest computing giants of the world – Intel has utilized the power of technology and has launched four new series of processors in the Consumer Electronics Show 2021. They affirmed the users that these processors would offer a “Premium PC experience” that would also provide some additional and distinct features.
During the Covid-19 pandemic, educational institutions, health agencies, and other significant organizations have suffered the most from cyberattacks. As if this was not enough, a massive wave of cyberattacks have risen against these institutions, a new hacking group has emerged which uses modern techniques to attack its targets. The troublesome part is that these hackers are using an operational structure that is not very uncommon in the hacking underworld. Known as "Egregor," the hacking group has attacked more than 130 targets in recent months.
GenRx Pharmacy, which is settled in Scottsdale, AZ, is telling people of a data breach incident. The occurrence might affect the security of certain individuals. While the drug store doesn't know about any real damage done to people because of the circumstance, it is furnishing conceivably affected people with data by means of First Class mail with respect to steps taken, and what should be done to further fortify against likely defacement.
It seems like now the city of Cornelia has gotten quite used to the horrors of ransomware attacks as on Saturday, they witnessed their 4th ransomware attack within the last 2 years, the City Manager Donald Anderson on Tuesday. A day after Christmas eve, on the pleasant morning of the 26th of December 2020 the city of Cornelia got their Christmas gift as a malware attack. Experts say that this may not be the last incident but it is a part of the aggravated trend that the city may witness in the near future.
19 tech companies, cybersecurity firms, and non-profits have collaborated with the Institute for Security and Technology (IST) to form a new group called "The Ransomware Task Force" (RTF) to tackle the increasingly destructive and prevalent threat of ransomware. The joint venture includes big names such as Microsoft, McAfee, Rapid7, Cybereason along with other cyber advocacy groups, threat intelligence, think tanks, and research groups – The Global Cyber Alliance, The Cyber Threat Alliance, and The CyberPeace Institution, to name a few.
There is no denying the fact that
cybercriminals have been exploiting the trust of people in media agencies. However,
the ongoing situations have seen an incredible surge in cybercriminals needing
to utilize each possible way to target media agencies.
Aside from direct attacks, they
have even misused brand names to create counterfeit identities, which are then
used to target 'potential victims'.
A couple of incidents throw light
upon how and why these threat actors have set their sights on the media industry.
Some of them have been directly
targeted generally through ransomware attacks.
Ritzau, the biggest independent
news agency in Denmark, was targeted by a ransomware attack, prompting the
compromise and encryption of more than one-fourth of its 100 network servers.
The computer servers at the Press
Trust of India were also attacked by LockBit ransomware, which kept the agency
from delivering news to its subscribers.
A few attackers very cleverly
utilize the 'pretense' of media agencies to plan out their attacks.
Some time back, TA416 Able was
found carrying out spear-phishing attacks by imitating journalists from the
Union of Catholic Asia News, endeavoring to target the scope of victims,
including diplomats for Africa and people in the Vatican.
Another incident happened when
the U.S. seized 27 domain names that were utilized by Iran's Islamic
Revolutionary Guard Corps (IRGC) for carrying out secretive influence
campaigns, in which a few domains were suspected to be veritable media outlets.
OceanLotus had set up and
operated a few websites, professing to be news, activist, or anti-corruption
sites consistently. Furthermore, they traded off a few Vietnamese-language news
websites and utilized them to load an OceanLotus web profiling framework.
Subsequently keeping these events
in mind, experts recommend having sufficient safety measures, like frequent
data backups, anti-malware solutions, and implementing Domain-based Message
Authentication, Reporting & Conformance (DMARC).
Furthermore, recommendations were made on carrying
out tests to distinguish and eliminate the risks of domain spoofing.
We recently looked into ways phishing mails are evolving, attackers getting creative by the day. But a new trend has taken up the dark web, and soon phishing campaigns for ransomware and malware will be a thing of the past. With the sources equable of a small government, malware gangs have started collaborating within themselves and have come up with "initial access brokers," what these groups do is provide ransomware and other groups with already infected systems. Compromised systems through RDP endpoints, backdoored networking devices, and malware-infected computers install ransomware into the network, this makes the ransomware attacker work as swiftly as cutting into the cake.
In the third quarter, the industry was attacked by various hacker groups - including RTM and TinyScouts, as well as ransomware operators. For example, according to Positive Technologies, the operators of the Maze ransomware program conducted a successful attack on Hoa Sen Group, the largest manufacturer of steel sheets in Vietnam. During the attack, personal data of employees, internal correspondence and other confidential information were stolen.
"This year, the vast majority of criminal groups switched to working with encryption programs since attackers realized that they can earn no less than in the case of a successful attack on a Bank, and technical execution is much easier," explained Anastasiya Tikhonova, head of APT Research at Group-IB.
According to her, more groups and partner programs have joined the "big game hunt”.
"The size of the ransom has also increased significantly: cryptolocker operators often ask for several million dollars, and sometimes even several tens of millions. For example, the OldGremlin group, consisting of Russian-speaking hackers, actively attacks exclusively Russian companies: banks, industrial enterprises, medical organizations and software developers," explained Tikhonova.
The expert believes that one of the weakest links in the information security chain is still a person. "There are examples when an operator of a large industrial enterprise got bored, wanted to listen to music, and plugged a 3G modem directly into the USB port of the SCADA control and monitoring system.. And how many "trusted laptops” were there that employees brought from a business trip", concluded Tikhonova.
The expert believes that the danger of using Internet of things devices (IoT) is that it is problematic for advanced engineers to determine the fact of compromise. Target systems are assembled from a fairly large number of devices, and it is almost impossible to monitor and respond to possible security events and threats without additional solutions and human resources.
The Australian Cyber Security Center has issued a security alert for the health sector to check their barriers and defenses against potential ransomware attacks especially the Clop Ransomware that uses SDBBot Remote Access Tool (RAT). The ACSC (Australian Cyber Security Center) wrote that they, "observed increased targeting activity against the Australian Health sector by actors using the SDBBot Remote Access Tool (RAT)."
Energy Company Enel Group has yet again been hit by malware, making it a second this year. The energy group has been demanded a ransom of 14 million dollars for the decryption key and to not reveal the stolen data by Netwalker ransomware. Enel Group is an Italian multinational Power company, operating in 30 countries working in electricity generation and distribution, as well as in the distribution of natural gas. With a revenue of $90 billion, it ranks 87th in Fortune Global 500.
Cybersecurity experts discovered clues connecting cybersecurity attacks to Thanos ransomware, which is used by Iranian state-sponsored hackers. Researchers from ClearSky and Profero investigated significant Israel organizations and found cyberattacks linked to an Iranian state-sponsored hacking group named "Muddywater." Experts noticed repetitive patterns with two tactics in these attacks. Firstly, it uses infected PDF and Excel files to attach malware from the hackers' servers if they download and install them. Secondly, Muddywater mines the internet in search of unpatched MS Exchange email servers.
Ryuk ransomware has gained immense popularity in the notorious sphere of cybercrime by 2019. It has been on a rise both in terms of its reach and complexity as it goes about demanding ransoms worth multi-million-dollars from large organizations, local governments, and healthcare institutions.