Search This Blog

Showing posts with label data threat. Show all posts

A Silicon Valley Venture Capital Firm Attacked by A Ransomware; Asked for Ransom

A Silicon Valley advanced technology venture capital organization was hit hard by a ransomware attack in July 2021. The firm with more than $1.8 billion possessions is going through a search operation and fixing its systems. 

According to the data, malicious actors got access into the system and stole important data including the personal information of the company’s private investors, and limited partners. 

After the findings, a letter was written to the Maine attorney general’s office, in which ATV expressed that the firm only got to know about the attack on July 09th when its servers storing financial information had been encrypted by ransomware. Along with this, on July 26th, the firm found that the data had been stolen from the servers before the files were encrypted. 

ATV mentioned that a common “double extortion” tactic was used by the group, and also, the ransomware group menaced to upload the data online if the ransom is not being paid. ATV believes that the group targets the personal data of individual investors including the names, email addresses, social security numbers, and phone numbers in the attack. 

According to a listing on the Maine attorney general’s data breach notification portal around 300 individuals were affected by the attack, including one from Maine. While ATV already informed the FBI about the attack, no further technical details have been reported. 

The venture capital organization founded in 1979, is based in Menlo Park, California with offices in Boston. The firm extensively invests in technology, software and services, communications, and healthcare technology. Venture capital is known for its secret investors. The firm does not publically disclose its investors. However, in certain circumstances, the firm discloses names of investors such as those who invest millions into a business venture. The firm always gives different reasons for this, but analysts say it is because of market competition.

Ransomware Attempt Volume Touching Over 300 Million, Sets Record

A new investigation report has been published by SonicWall network security organization in which it stated that ransomware attacks have been increased rampantly in the first half of 2021, with 304.7 million attempted attacks observed by the organization. 

SonicWall researchers' team has discovered several attempted ransomware attacks in both April and May, however, the record of these two months was knockdown by June, which recorded 78.4 million attempted ransomware attacks. 

According to the study, the total figure of ransomware attacks that has been observed by SonicWall in the first half of 2021 has broken the record of 2020's total attempts. 

"Even if we don't record a single ransomware attempt in the entire second half (which is irrationally optimistic), 2021 will already go down as the worst year for ransomware SonicWall has ever recorded," the report read.

According to the 2021 SonicWall Cyber Threat Report, some world's developed counties including the US, the UK, Germany, South Africa, and Brazil topped the list of countries most hard hit by ransomware in the first half of 2021. 

This report has also mentioned the names of some of the US districts that have been impacted more was Florida, which saw 111.1 million ransomware attempts, New York had 26.4 million, Idaho saw 20.5 million, and Rhode Island, as well as Louisiana, has to face nearly 9 million ransomware attacks attempts. 

Furthermore, the report touched upon what these ransomware attacks are doing with organizations' systems. The network collects malware and IP-sensitive credentials from tens of thousands of firewalls and email security devices from all over the world. 

As per the report, in 2021, the most common targets are important governmental organizations such as financial institutions, defense, and information broadcasting institutions; Governments face more attacks than any other industry each month. By the month of June, government customers saw 10 times as many ransomware attempts and an overall spike of 917%. 

Customers in the education field have been found to be largely targeted by ransomware attempts, with an increase of 615%. SonicWall Capture Labs threat researchers have found an increased risk of ransomware attacks across healthcare (594%), as well as retail (264%) organizations.

According to data from SonicWall's Capture Labs, the three ransomware groups including Ryuk, Cerber, and SamSam are alone responsible for 64% of all attempted ransomware attacks. Ryuk attempted 93.9 million attacks, however, a new hype has been seen in 2020, tripling Ryuk attempts. 

On the other hand, Cerber attempted 52.5 million ransomware attacks in 2021 while SamSam group has increased its attempts by 49.7 in 2021, from last year's 15.7 million attempts. 

Fake Oximeter Apps For Smart Devices, Here’s How To Check If It’s Safe Or Not


In recent days the demand for oximeters has gone up owing to the deadly second wave of Covid-19 in India. Earlier today, cybersecurity intelligence has reported that many fake oximeter apps are available on the Play Store. 

The researchers’ group from Quick Heal Security Labs has discovered that the threat actors were exploiting the official apps with a trojan to get access to users’ banking credentials.

“Threat actors use reliable tools to deploy payload and third-party app stores for distribution of these fake apps,” the researchers said in a statement. 

These days Oximeter device has become very crucial to fight the Coronavirus as this device helps in monitoring blood oxygen levels in the human body. Meanwhile, various Oximeter apps are available on Android mobile devices that can help you in measuring your blood oxygen levels without any charge. 

However, these fake apps can cost you more than you can expect. According to the Quick Heal report, fake oximeter apps can exploit your online financial data for PhonePe, Google Pay, Paytm, etc. The Indian government has also warned against these apps. 

According to the findings, threat actors target those app stores where they can find both free and paid apps. They use several different tools such as GitHub or firebase to employ fake apps and various types of app markets like QooApp, Huawei, etc. 

How you can protect your financial data from fake oximeter apps? 

Here are some things to remember before downloading an oximeter app on your device: 

•  Don’t open links shared through messages or on social media platforms. 

• Check for grammar errors in the app descriptions as attackers usually use the wrong English.

•  Reviews and ratings can also be fake, focus more on reviews with low ratings. 

"Avoid approaching to third-party app stores for downloading apps or through links shared via SMSs, emails, and WhatsApp. These avenues don`t invest in security and hence make space for any type of app, including the infected ones,” researchers further added. 

What is Email Spoofing? How Hackers Impersonate Legitimate Senders


Email spoofing is easily the most commonly employed way by threat actors for initiating phishing and spam attacks. Normally, hackers use this technique to trick users by making them believe that the email that is being sent to them is either coming from someone they know or a trustworthy source  

In Email spoofing attacks, the hacker creates an email header so that victims’ software unveils the illegal sender address. Unless they examine the header firmly, users see the fraud sender in the message. If the user acknowledges the given name, he will be more likely to trust it and click on malicious links or file attachments to send personal credentials and even financial information. 

Email spoofing attacks are achievable because the Simple Mail Transfer Protocol (SMTP) or the core email protocols do not facilitate any authentication mechanism for checking on such spam or phishing attacks that allow hackers to mislead or even prank the recipient about the origin of the message. 

However, email address authentication protocols and mechanisms have been developed to combat such spam attacks; adoption of those mechanisms has been slow. 

Besides the common  purposes behind ‘phishing or spam attacks, there are several others as mentioned below:

  • Hiding the sender’s true identity
  • Pretending to be someone 
  • Avoiding spam blocklists
  • Pretending to be from a business 
  • Sending messages in someone’s name 
  • Tarnishing the image of the assumed sender
Since the email protocol SMTP (Simple Mail Transfer Protocol) does not provide a strong authentication mechanism that made things easy for malicious actors, several frameworks have been developed to allow authentication of incoming messages including SPF (Sender Policy Framework), DKIM (Domain Key Identified Mail), and DMARC (Domain-Based Message Authentication, Reporting, and Conformance). 

To avoid becoming a victim of email spoofing attacks, it is imperative to have an updated anti-malware software. Additionally, when you feel unsure about the email, contact the sender directly