Category: ransomware

Ransomware has evolved significantly since its inception in the 1970s, growing from simple, isolated incidents to a complex, global threat that costs billions of dollars annually. As cybercriminals have become more sophisticated and technology has advanced, ransomware attacks have become increasingly dangerous and hard to defend against. In this article, we’ll trace the evolution of ransomware through the decades, examining how this threat has transformed and what the future may hold.

The Birth of Ransomware: The 1980s

Ransomware as we know it today didn’t truly emerge until the 1980s, but it had its roots in earlier forms of computer viruses. One of the earliest instances of ransomware was in 1989, with a program called “PC Cyborg” (also known as the AIDS Trojan). This was a relatively simple attack, where victims received an infected floppy disk that, once run, would lock the user’s files and demand a ransom of $189 to regain access.

The AIDS Trojan was distributed through mail-order software, making it one of the first instances of social engineering—tricking users into running malicious software. This attack was rudimentary compared to today’s sophisticated ransomware, but it marked the beginning of a troubling trend of cybercriminals using encryption to extort money from victims.

The Rise of Ransomware and Encryption: The 1990s

As computers became more mainstream in the 1990s, the internet started to grow, and with it, the potential for cybercrime. During this time, ransomware became more prolific, aided by the increasing use of email and more advanced malware distribution techniques.

One of the most notable developments was the 1996 appearance of the Gpcode malware, which began using encryption to lock files.

Encryption became a hallmark of ransomware in the years to come, as it allowed cybercriminals to hold victims’ files hostage while making it harder for law enforcement and cybersecurity experts to recover them.

The 1990s also saw the emergence of more widespread malware-as-a-service (MaaS) models, where more novice cybercriminals could purchase ransomware kits to launch attacks. However, despite these advances, ransomware remained somewhat localized and primarily affected individuals rather than organizations.

The Turning Point: 2000s

By the early 2000s, ransomware had evolved from isolated attacks to a broader and more sophisticated criminal enterprise. This period saw the rise of more damaging attacks, including the Trojan horse-based attacks and the first significant ransomware families.

 • The first widespread ransomware attack: In 2005, Gpcode was updated to use RSA encryption, a much stronger method that made it significantly harder to break the encryption without the key. By this time, ransomware started to shift from being a nuisance to a more dangerous and financially motivated cybercrime.

• Cryptolocker (2013): This ransomware was one of the game-changers in the evolution of cyber extortion. Cryptolocker used strong encryption and leveraged command-and-control (C&C) servers to store encryption keys, making it difficult for law enforcement to stop attacks or decrypt data without paying the ransom. It was spread through malicious email attachments, such as PDFs or Word documents, and often demanded payment in Bitcoin, a relatively new cryptocurrency that offered anonymous transactions.

The Emergence of Ransomware-as-a-Service: 2010s

The 2010s marked the golden age of ransomware. What was once an attack used by a small group of cybercriminals had now evolved into an entire criminal ecosystem. In this decade, ransomware grew more organized, with criminals offering ransomware-as-a-service (RaaS), making it easier for even non-technical criminals to launch devastating attacks.

• WannaCry (2017): One of the most notorious ransomware attacks of this era was WannaCry, which exploited a vulnerability in Microsoft Windows. It was a worm that spread rapidly across the globe, affecting over 230,000 computers in 150 countries. It paralyzed businesses, healthcare systems, and government agencies, including the UK’s National Health Service (NHS). This attack demonstrated how ransomware could affect critical infrastructure and cause significant economic and operational damage. WannaCry was particularly notable for using the EternalBlue exploit, which had been stolen from the NSA.

• NotPetya (2017): Another major attack in 2017 was NotPetya, which initially appeared to be a ransomware attack but was later determined to be a wiper (designed to destroy data rather than hold it for ransom). It targeted primarily Ukrainian businesses but spread globally, causing billions in damage. This attack blurred the lines between traditional ransomware and cyber warfare, with some attributing it to state-sponsored actors, such as Russia.

• Ryuk and REvil (2019–2021): The late 2010s and early 2020s saw the rise of highly professional ransomware operations like Ryuk and REvil. These groups not only encrypted files but also stole sensitive data and threatened to release it unless the ransom was paid. Ryuk, for example, was known for targeting large organizations, including hospitals, municipalities, and major corporations, often demanding ransoms of millions of dollars. REvil, meanwhile, was notorious for its use of the double-extortion technique, where cybercriminals would both encrypt the victim’s data and steal it to further increase the pressure to pay.

Ransomware in the Age of Double-Extortion and Data Theft: 2020s

In the 2020s, ransomware attacks became even more sophisticated and damaging, evolving into double-extortion schemes, where attackers not only encrypted data but also stole sensitive information and threatened to release it publicly unless the victim paid. This shift made paying the ransom even more appealing to organizations, as they sought to avoid the reputational and financial damage associated with a data leak.

The rise of cryptocurrency payments (especially Bitcoin and Monero) made it more difficult to track and disrupt ransomware payments. The anonymity offered by cryptocurrencies has made it easier for cybercriminals to collect ransoms without fear of identification or prosecution.

In 2021, the Colonial Pipeline attack in the United States brought ransomware to the forefront of national security discussions. The attack, attributed to the DarkSide ransomware group, caused fuel shortages across the eastern United States and triggered emergency government responses. This attack, along with other high-profile incidents such as the Kaseya supply chain attack, showed that ransomware had moved beyond the realm of financial extortion to become a significant geopolitical threat.

The rise of Ransomware-as-a-Service (RaaS) models has made these attacks more accessible to a wider range of cybercriminals. These RaaS platforms provide user-friendly interfaces for launching ransomware attacks, and affiliates can use the platform to target victims while the platform operator takes a cut of the ransom proceeds.

Future Trends: 2024 and Beyond

Looking forward, ransomware is expected to continue to evolve in several ways:

• Targeting critical infrastructure: With the success of attacks like WannaCry and Colonial Pipeline, ransomware groups will likely continue to target critical infrastructure sectors such as energy, healthcare, and transportation.

• Use of AI and machine learning: Ransomware attacks may increasingly use AI to automate and optimize attacks, making them more efficient and harder to detect.

• Increasingly sophisticated double-extortion tactics: As data theft becomes a primary component of ransomware attacks, victims may find it even harder to negotiate or recover their stolen information. More ransomware groups may adopt the double-extortion model.

• Collaboration between governments and private sectors: In response to the growing ransomware threat, governments will likely continue to increase their cybersecurity efforts, including promoting international cooperation to combat cybercrime and disrupt ransomware operations.

Conclusion

From its early days in the 1980s to the global menace it is today, ransomware has evolved in sophistication, scale, and impact. As technology and cybercriminals continue to advance, so too will the tactics and techniques used in ransomware attacks. The continued rise of double-extortion ransomware, the growing use of cryptocurrencies, and the increasing targeting of critical infrastructure make it clear that ransomware is no longer just a nuisance—it’s a major cybersecurity threat that requires constant vigilance, innovation, and global cooperation to combat.

The fight against ransomware is far from over, and it’s crucial that individuals, organizations, and governments remain proactive in defending against this ever-evolving threat.

The post The Evolution of Ransomware: From the 1970s to 2024 appeared first on Cybersecurity Insiders.

The infamous Clop Ransomware gang has once again made headlines by successfully breaching the servers of Cleo, a well-known provider of file transfer software. The cybercriminal group is now threatening to leak sensitive data from Cleo’s extensive client base unless a ransom demand is met within a 48-hour deadline. The ransomware group has already issued warnings to 66 companies, indicating that if they fail to negotiate or pay the required sum within the stipulated time frame, their confidential information will be sold on the dark web.

Initial Leak and Growing Threats

The Clop gang has already taken the first step in its extortion campaign by releasing partial names of the companies affected by the breach on their dark web portal. This public exposure is intended to pressure the victimized organizations into complying with their demands. The ransomware group has further warned that if no agreement is reached within the next two days, they will release the full names of these companies, potentially causing irreparable damage to their reputations and trust with customers.

This tactic is part of a larger strategy of “double extortion”, which has become increasingly common among sophisticated ransomware gangs. In double extortion attacks, cybercriminals not only encrypt the victim’s data, making it inaccessible, but they also threaten to release the stolen information unless the ransom is paid. What sets this attack apart is that Clop has now escalated its threats to include customer and client data stolen from the breached systems of Cleo’s clients. This adds an additional layer of urgency, as businesses face the risk of compromising sensitive information related to their customers, suppliers, and employees.

Exploitation of Vulnerabilities in Cleo’s Software

Reports from Cybersecurity Insiders reveal that Clop gained access to Cleo’s systems by exploiting critical zero-day vulnerabilities in several of Cleo’s products, including Lexicom, VLTransfer, and Harmony. These software products are widely used for secure file transfer and data exchange, making them attractive targets for cybercriminals. By exploiting these vulnerabilities, Clop was able to infiltrate the company’s servers and access the sensitive data of all its clients.

The use of zero-day exploits, which are previously unknown security flaws, makes this attack particularly dangerous. Once the vulnerabilities were discovered and exploited by Clop, Cleo was left with little recourse to prevent the breach or stop the attackers from exfiltrating large volumes of data. The company, which provides secure data transfer solutions to a broad range of businesses, has yet to comment on the full scope of the breach or its efforts to mitigate the damage.

The Double Extortion Playbook: A Growing Trend in Cybercrime

While the idea of ransomware attacks is not new, the strategy of double extortion—which involves both the encryption of files and the public leak of sensitive data—is a more recent and disturbing trend. The tactic is becoming increasingly common among highly organized cybercriminal gangs like Clop, who are motivated not only by financial gain but also by the desire to damage their victims’ reputations.

In previous high-profile incidents, the Clop gang used similar tactics, including in the MoveIT file transfer attack that compromised the data of several prominent organizations. In that case, Clop not only demanded ransom payments from the affected companies but also threatened to expose client data if the ransom was not paid. The same pattern of behavior is expected to unfold in the current attack on Cleo and its clients, with the gang likely to use the stolen information to extract as much profit as possible.

The victims in these kinds of attacks often face tough choices. On one hand, paying the ransom might allow them to regain access to their encrypted data. On the other, businesses that choose to comply with the demands run the risk of encouraging further attacks on themselves and others, as ransomware gangs are incentivized by the money they generate from such crimes.

The Broader Impact: A Call for Stronger Cybersecurity

The Cleo attack highlights an ongoing global cybersecurity crisis where businesses, regardless of their size or industry, are vulnerable to sophisticated attacks from ransomware gangs. For organizations that rely on third-party services for data transfer and file management, this breach underscores the importance of securing software and systems against zero-day vulnerabilities.

The attack also raises critical questions about the responsibility of software providers like Cleo in safeguarding their clients’ data. As companies continue to migrate their operations to cloud-based and third-party solutions, they must be vigilant in ensuring that the software they use is regularly updated and protected from the latest cyber threats.

For businesses that find themselves at the center of a ransomware attack, the incident serves as a stark reminder of the importance of having a robust incident response plan in place. This plan should include measures for both preventing attacks and responding effectively when a breach occurs—ranging from deploying strong encryption practices to ensuring employees are trained in identifying phishing attempts and other common attack vectors.

Conclusion: A Growing Threat Landscape

As the threat landscape continues to evolve, it is likely that ransomware attacks will become more sophisticated and impactful. The rise of groups like Clop, who specialize in double extortion tactics, is a warning for businesses around the world to take cybersecurity seriously. The Cleo breach is just one of many examples of how cybercriminals are adapting to a changing digital landscape, and it underscores the need for organizations to stay ahead of emerging threats through proactive defense strategies, regular vulnerability assessments, and quick response plans to mitigate damage in the event of an attack.

As Clop’s deadline approaches, Cleo and its clients are under intense pressure to protect their sensitive data, preserve their business reputations, and avoid becoming the next headline in the growing list of ransomware-related breaches.

The post Clop Ransomware Gang Targets Cleo File Transfer Service and threatens to expose Sensitive Data appeared first on Cybersecurity Insiders.

Ransomware impersonation is a type of cyberattack where hackers disguise themselves as legitimate organizations or individuals to manipulate victims into paying a ransom. This attack involves using tactics such as phishing emails, fraudulent phone calls, or social engineering to trick targets into thinking they are interacting with trusted entities. Once the victim is deceived, malicious software (ransomware) is installed on their system, locking data or threatening to release sensitive information unless a ransom is paid. Like in the recent case of Microsoft Teams, where hackers were posing as customer care executives of MS Teams and foxed the victim to drop a payload. However, a blunder was averted later though.

How Ransomware Impersonation Works

1. Deceptive Communications: The attacker impersonates a credible organization, like a government agency, well-known tech company, or a legitimate service provider. They might send emails, fake invoices, or even phone calls that appear official.

2. Malware Delivery: Once the victim engages with the fraudulent communication—such as clicking a malicious link or downloading an infected attachment—the ransomware is delivered to their device.

3. Locking Data or Exfiltration: After infecting the network, the ransomware locks crucial data or encrypts files, making them inaccessible. In some cases, the attackers might even steal sensitive data and threaten to release it publicly unless the ransom is paid.

4. Payment Demand: The attackers then demand a ransom, typically in cryptocurrency, for the decryption key or to prevent the leak of sensitive data.

Impact on Data Networks

1. Data Loss and Encryption: Ransomware impersonation leads to the loss or unavailability of critical data. Companies can face operational paralysis as they cannot access their files, often leading to significant financial losses.

2. Reputation Damage: When customers or partners find out that a business has fallen victim to a ransomware attack, especially one involving impersonation of a trusted entity, it severely damages the organization’s reputation. Customers may lose trust in the company’s ability to protect sensitive information.

3. Extended Downtime: Recovering from ransomware attacks takes time, particularly if backups are compromised or unavailable. Prolonged downtime can lead to loss of revenue, customer dissatisfaction, and missed business opportunities.

4. Legal and Compliance Consequences: Businesses that handle sensitive data are legally obligated to protect it. A ransomware attack can lead to violations of data protection laws (such as GDPR or HIPAA), resulting in costly legal battles, fines, and additional compliance requirements.

5. Financial Impact: The immediate financial consequences can be severe. Companies may face the direct cost of paying the ransom (which does not guarantee data recovery) as well as the indirect costs related to recovery, public relations, legal fees, and potential regulatory fines.

6. Network Vulnerability Exploitation: Once inside the network, ransomware can spread laterally, compromising connected devices, servers, and critical infrastructure. Attackers may also use the opportunity to plant additional malware or backdoors for future attacks.

Conclusion

Ransomware impersonation poses a serious threat to data networks, affecting not just data security but also organizational reputation, financial stability, and legal compliance. As these attacks become more sophisticated, businesses must invest in robust cybersecurity defenses, employee training, and comprehensive data backup solutions to prevent and mitigate the effects of ransomware attacks. Vigilance, timely patching, and the use of multi-layered security strategies are key to safeguarding networks from these devastating threats.

 

The post What is Ransomware Impersonation and Its Impact on Data Networks? appeared first on Cybersecurity Insiders.

The question of whether victims of ransomware attacks can recover the money they’ve paid to cybercriminals is a complex and challenging issue. Cybersecurity professionals remain hopeful, believing that, with the right tools and efforts, some form of recovery may be possible. However, the reality is far more nuanced, and the road to recovering ransom payments is fraught with obstacles.

The Arrest of Rostislav Panev and the LockBit Ransomware Case

One of the latest developments in the fight against cybercrime involves the arrest of Rostislav Panev, a 51-year-old dual-nationality individual, apprehended in Israel by Interpol authorities. Panev is believed to have played a key role in the LockBit ransomware-as-a-service operation, a notorious cybercriminal group responsible for encrypting data and extorting victims worldwide. According to the U.S. Department of Justice, Panev is accused of earning approximately $230,000 in ransom payments between June 2022 and February 2024, the majority of which were paid by victims of the LockBit ransomware.

At the time of his arrest in August 2024, Panev was allegedly developing new digital weapons for further criminal activity. Investigators believe he was a significant player in the distribution of LockBit malware, which has caused billions of dollars in damages to over 2,500 organizations globally. Despite the group’s dissolution in March 2024 as part of an international law enforcement crackdown called Operation Cronos, the damage inflicted by LockBit continues to linger.

Panev, a Russian national, is scheduled for extradition to the United States by February 2025, where he will face charges related to his role in this massive cybercrime operation. He is expected to join Dmitri Yuryevich Khoroshev, another key LockBit figure, in U.S. custody early next year.

The Challenge of Recovering Ransom Payments

While law enforcement agencies are making significant strides in dismantling cybercriminal groups like LockBit, the issue of recovering ransom payments remains a complicated one. Many organizations that fall victim to ransomware attacks are left wondering: can they ever get their money back?

In theory, the U.S. government and other law enforcement agencies can try to pressure cybercriminals into returning ransom payments through legal and financial means. For instance, criminal proceeds—including the ransom money—could potentially be seized as part of the criminal’s assets. However, this process is not straightforward.

One major challenge is the anonymity inherent in cryptocurrencies, which are commonly used in ransomware attacks. Cryptocurrencies like Bitcoin are decentralized, with no central authority to track or oversee transactions. This makes it incredibly difficult for authorities to trace or seize the ransom payments, especially when the funds are moved through complex networks of digital wallets or exchanged for fiat currencies.

Furthermore, even when authorities manage to track down criminals or seize assets, there’s no guarantee that the victims will ever see any of their ransom money returned. Since many ransomware payments are made in cryptocurrency, which is inherently difficult to trace, and since the funds are often rapidly laundered through multiple channels, the recovery of such funds is rarely successful.

What Does This Mean for Ransomware Victims?

Given the complexity and uncertainty surrounding ransom recovery, it’s important for organizations to adjust their expectations. Victims of ransomware attacks should not rely on the possibility of recovering the ransom payments from criminals or law enforcement. The likelihood of getting that money back is low, and the process can be time-consuming and resource-intensive.

Instead, businesses should focus on preventative measures to safeguard their digital infrastructure. This includes investing in robust cybersecurity practices, such as strong encryption, network monitoring, and employee training to prevent phishing attacks. More importantly, organizations should implement data backup plans to ensure that they can recover their critical information in the event of an attack—without needing to pay the ransom.

Additionally, companies should regularly test their backup systems to ensure that they can restore their data efficiently. Having an effective and well-practiced disaster recovery plan can make a significant difference in maintaining business continuity after a ransomware attack.

Conclusion

While the legal and technical efforts to combat cybercrime are making progress, recovering ransom payments remains an unlikely outcome for most victims. The combination of cryptocurrency anonymity, the global nature of cybercrime, and the complex legal processes involved makes it difficult to reclaim extorted funds. As such, businesses must prioritize prevention over recovery, focusing on robust cybersecurity measures and comprehensive data backup strategies to mitigate the damage caused by ransomware attacks.

The post Can Ransom Payments Be Recovered or reimbursed? A Closer Look at Cybercrime and Law Enforcement Efforts appeared first on Cybersecurity Insiders.

This week, we delve into the dark world of fake CAPTCHAs designed to hijack your computer. Plus, the AI safety clock is ticking down – is doomsday closer than we think? And to top it off, we uncover the sticky situation of Krispy Kreme facing a ransomware attack. All this and more is discussed in the latest jam-packed edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Mark Stockley of "The AI Fix" podcast.

Interlock Ransomware Targets Texas Tech University Health Sciences Center

A relatively unknown ransomware group, Interlock, has reportedly targeted the Texas Tech University Health Sciences Center, posing a significant threat to the personal data of over 1.46 million patients. The gang claims to have infiltrated the institution’s network in September 2024, exfiltrating more than 2.1 million files, amounting to a staggering 2.6 terabytes of sensitive data. Among the stolen information are full names, dates of birth, physical addresses, social security numbers, driver’s licenses, financial details, as well as health records and billing information.

The attack was first publicly acknowledged by Texas Tech in an official statement issued in October 2024. By November, the threat actors claimed to have sold a portion of this stolen data on the dark web, making it available for purchase by malicious actors.

In response to the breach, Texas Tech has begun notifying the 1.4 million impacted patients, urging them to remain vigilant about the potential risks of identity theft, phishing, and other social engineering attacks. The university is also advising patients to monitor their credit scores closely, as well as any health insurance billing statements, as the stolen data could be used to manipulate these systems in the future.

This breach serves as another stark reminder of the growing cybersecurity threat faced by healthcare institutions, and the significant impact such breaches can have on patient privacy and security.

Telecom Namibia Falls Victim to Hunters International Ransomware Gang

Ransomware attacks continue to escalate globally, and the festive season of 2024 has proven no exception. In a recent incident, Telecom Namibia, a government-funded telecommunications network in Namibia, became the latest victim of a cyberattack by the notorious Hunters International Ransomware Gang( Formerly Known as Hive Ransomware). This breach appears to have been particularly damaging, with the hackers gaining access to sensitive personal information related to key government officials, including elected members of parliament.

When Telecom Namibia refused to meet the attackers’ ransom demands, the hackers escalated their efforts by leaking a portion of the stolen data on the dark web last Friday. This move is typical of ransomware gangs, who often release small samples of stolen information to apply pressure on the victim and demonstrate the seriousness of their threat. The leaked data includes personally identifiable information (PII), home addresses, and financial details of several high-ranking officials, amplifying the severity of the breach.

In addition to releasing this information on the dark web, the hackers have also utilized encrypted messaging platforms like Telegram to further distribute the sensitive data. The goal is clear: to maximize the pressure on Telecom Namibia while profiting from the sale of the stolen data to interested parties.

This attack highlights the vulnerability of government-affiliated entities to cybercrime, as well as the increasingly aggressive tactics employed by ransomware groups. It also underscores the importance of robust cybersecurity measures for organizations in sensitive sectors, particularly those holding vast amounts of personal and governmental data. As the situation develops, both Telecom Namibia and the Namibian government will likely face significant challenges in mitigating the fallout from this breach.

The post Ransomware attacks on Texas University and Namibia Telecom appeared first on Cybersecurity Insiders.

Clop Ransomware gang, which is suspected to have connections with Russian intelligence, has successfully exploited a vulnerability in Cleo File Transfer software, bypassing the company’s servers through a security update release. This breach has exposed critical risks to numerous businesses that rely on Cleo’s products for secure data transfers.

According to a statement from Cleo, three of its key products—Harmony, VLTrader, and LexiCom—were compromised through a remote code execution (RCE) attack, which enabled the cybercriminals to steal sensitive intellectual property from the company. This attack highlights the severity of the breach, as Cleo is a major provider of IT supply chain software to many organizations. As such, this hack could potentially have far-reaching consequences for their clients, similar to the catastrophic MoveIT cyber-attack earlier this year.

Initial investigations suggest that Cleo has patched the zero-day vulnerability that allowed the ransomware gang to infiltrate its servers. However, many of its clients remain unaware of the situation, leaving them vulnerable to further attacks or network exploits. The risk of these clients falling victim to the same exploit is high if immediate action is not taken to secure their systems.

Earlier this year, the U.S. Department of Justice had offered a $10 million reward for information leading to the capture of the members of the Clop ransomware group. To qualify for the reward, the information must be credible and lead to the successful arrest of the criminals responsible for these attacks.

Interestingly, despite the attack being launched in October 2024, the Clop gang initially chose to stay silent. However, when some media outlets mistakenly attributed the breach to the “Termite” ransomware group, Clop revealed their identity. In an unexpected move, they claimed that they would delete all the stolen data that had been put up for sale on the dark web. This act raises questions about the gang’s motives—whether it is an attempt to create psychological pressure on the victims or if they were simply trying to cover their tracks after making a significant profit from the stolen information.

This situation also suggests an intriguing dynamic: when a ransomware group hides behind another criminal gang’s name, speculating or falsely attributing the attack to another group might provoke the actual attackers into revealing themselves. This tactic could serve as a potential strategy to unmask or disrupt ransomware gangs, forcing them to take actions that might otherwise have remained hidden.

The evolving nature of cyber-attacks, the shifting tactics of ransomware gangs, and the vulnerability of critical supply chain software underscore the growing need for vigilance in cybersecurity practices. For businesses using Cleo or similar services, the potential for a repeat attack is real, and immediate steps must be taken to safeguard against further exploitation.

The post Clop Ransomware circumvents Cleo file transfer software for data steal appeared first on Cybersecurity Insiders.

Surge in Passkey Security Adoption in 2024

Tech giants such as Google, Amazon, Microsoft, and Facebook are leading the charge in moving away from traditional passwords, embracing passkey security technology. As of 2024, passkey adoption has seen a significant increase. According to a recent survey by the FIDO Alliance, more than 15 billion online accounts now utilize passkey technology to secure user data against sophisticated cyberattacks. Google alone has seen its passkey adoption reach 800 mil-lion users this year, resulting in over 2.5 billion sign-ins in the past two years. Consumer awareness has been a major driver of this shift, with companies like Google and Apple actively promoting passkey solutions over the past eight months. Industry experts predict that this trend will accelerate further in 2025, potentially doubling adoption rates in the coming year.

Long-Lived Credentials Pose a Growing Risk to Cloud Companies

Long-lived credentials—those created by system administrators and left unchanged for extend-ed periods—are emerging as a serious security threat for cloud service providers. According to Datadog’s State of Cloud Security 2024 report, these credentials, if compromised, could lead to significant breaches in major cloud platforms like AWS, Microsoft Azure, and Google Cloud. Experts are urging CIOs and CTOs to implement policies for the regular rotation and management of such credentials to prevent misuse. The failure to address this vulnerability could result in major security incidents affecting cloud-based services.

Mastercard Introduces Biometric Payment Passkey Service in Latin America

Mastercard has unveiled its new biometric Payment Passkey Service in Latin America, allowing users to authenticate online transactions using biometric data, such as fingerprints or facial recognition (ERIS). In partnership with Sympla and Yuno, Mastercard aims to streamline the payment process, eliminating the need for traditional passwords. This launch is part of the company’s broader goal to phase out password requirements entirely by 2030, providing a more secure and user-friendly alternative for digital payments.

Iran-Linked IOCONTROL Malware Targets US and Israeli Critical Infrastructure

A new cyber threat is emerging in the form of a custom malware known as IOCONTROL, allegedly developed by Iranian cyber operatives. According to research by Claroty’s Team82, the malware has been implanted into the operational technology (OT) of critical infrastructure in North America and Israel. The targets so far include water utilities and power plants, where the malware provides hackers with the ability to conduct surveillance and potentially disrupt operations. The cyberattack is attributed to an Iranian hacking group named CyberAv3ngers, which is reportedly expanding its efforts to infiltrate gas stations in the affected regions.

Massive Data Breach at California Hospital Network

PIH Health, a major healthcare provider in California, confirmed that hackers gained access to sensitive patient data after a ransomware attack on December 1st, 2024 and since then its webside is still disrupted. The breach affected over 17 million patient records across three hospitals—Downey Hospital, Good Samaritan Hospital, and Whittier Hospital. The attack caused significant disruption, including the postponement of surgeries and rerouting of ambulances to other hospitals. While PIH Health has not yet verified the full extent of the stolen data, sources on Telegram suggest that a portion of the information is already being sold on the dark web.

MCX Engages EY to Investigate Ransomware Attack

MCX, a U.S.-based foreign exchange brokerage firm, has enlisted the services of EY (Ernst & Young) to investigate a ransomware attack that compromised its systems on December 9th, 2024. The attack, attributed to a hacking group specializing in ransomware, caused significant disruption to MCX’s operations. The company has confirmed that specialists from EY are conducting a thorough investigation to mitigate any potential risks and secure its infrastructure moving forward.

The post Cybersecurity News Headlines Trending on Google appeared first on Cybersecurity Insiders.