Category: ransomware

This week the podcast is more lavatorial than usual, as we explore how privacy may have gone to sh*t on Google Maps, our guest drives hands-free on Britain's motorways (and is defamed by AI), and ransomware attacks an airplane-leasing firm. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by BBC Technology Editor Zoe Kleinman.

The UK’s GCHQ cyber arm, the National Cyber Security Centre (NCSC), is warning of an imminent surge in AI-based ransomware threats over the next two years. The intelligence and security agency of the United Kingdom emphasizes the critical need for businesses to adopt proactive security measures to safeguard their future.

A notable projection from the agency suggests that cybercriminals with low-level competency will increasingly leverage Artificial Intelligence to enhance their endeavors in spreading file-encrypting malware, leading to a threefold increase in financial gains. The advancing technology is anticipated to elevate the success rate of targeting victims, providing criminals with enhanced capabilities to identify and exploit vulnerable devices more effectively, showcasing innovation and sophistication in malware propagation.

NCSC CEO Lindy Cameron assures that the British government is committed to fortifying cybersecurity efforts by investing 2.6 billion pounds. This investment, supported by contributions from private entities engaged in AI development, aims to enhance national cybersecurity resilience through improved detection mechanisms and robust framework design.

Geopolitical tensions, such as the strained relations with Russia due to its support for Ukraine, have intensified the cybersecurity threat landscape. Russia, in its efforts to destabilize the UK, is likely to employ platforms like GenAI to bolster its position in the realm of cybercrime.

To mitigate risks, businesses are strongly advised to adhere to cybersecurity best practices, implementing thorough hygiene measures. Additionally, having a robust data backup system in place is emphasized to ensure efficient data recovery in the event of a cyber incident.

The post AI Ransomware Threat to increase in two years says UK GCHQ appeared first on Cybersecurity Insiders.

In recent times, the landscape of cyber threats has taken a disconcerting turn, deviating from the conventional approach of hackers encrypting computers for ransom. The latest trend involves cyber attackers directly reaching out to impact patients, demanding a ransom ranging from a mere $50 to $200.

Specifically targeting individuals who have undergone healthcare services, these cyber criminals are employing a chilling tactic by threatening to expose intimate photos captured during critical medical procedures such as life-saving cancer examinations, plastic surgeries, and gynecology.

The compromised images vary in origin, with some appearing to be snapshots taken by medical equipment during cancer screenings, while others seem to have emanated from covertly connected surveillance cameras, often without the knowledge of the affected individuals.

Remarkably, the perpetrators are reaching out directly to the patients, presenting them with extortion demands that fluctuate between $50 and $1500. The amount demanded is contingent upon the perceived sensitivity of the victim’s information and the nature of the undisclosed details uncovered during medical examinations.

Faced with limited options, victims are resorting to seeking legal recourse to address their predicament before it escalates further. Notable cases, such as those involving Hankins & Sohn Plastic Surgery Associates and patients affiliated with the hospital chain Integris Health Inc, have garnered attention, with lawsuits being filed to bring the issue to public awareness.

The outcome of these legal actions remains uncertain, as both defendants and victims presenting their cases possess distinct narratives that appear justified from their respective standpoints.

From the perspective of cybersecurity professionals, the onus is on healthcare service providers to implement robust measures to safeguard customer data in compliance with prevailing data protection laws. The issue, however, presents a dual responsibility where both the service provider and the customer play pivotal roles in fortifying defenses against the incursion of hackers. This underscores the critical importance of a collaborative effort to ensure the security of sensitive medical information.

The post Hackers spreading ransomware demand a ransom of $50 from patients appeared first on Cybersecurity Insiders.

Microsoft revealed on Friday that its corporate email servers were breached by the hacking group Midnight Blizzard, which is believed to be funded by the Russian-sponsored online crime group Nobelium. The cyberattack, which occurred on January 12th, targeted customer data and information belonging to Seattle-based staff. Evidence suggests that the data theft was likely planned in November 2023 when Microsoft was subjected to a password spray attack. The attackers seemingly leveraged credentials obtained in last year’s breach to access and steal email content.

In a separate incident, Tietoevry Cloud Hosting, based in Sweden, fell victim to a ransomware attack by the AKIRA malware group. This led to significant disruptions in data center operations, affecting companies such as Moelven, Rusta, Grangnarden, Primula, and Filmstaden. Several municipalities and universities also confirmed disruptions in their services due to the attack.

The third incident involves TeamViewer, a widely used remote access service, targeted by the LockBit Ransomware group 3.0. While the initial attempts did not disrupt services, one attempt allowed criminals to gain access to a network from an endpoint device. Cybersecurity firm Huntress detected and flagged this ongoing campaign related to the spread of crypto-mining software.

India’s CERT team issued a red alert against potential cyber attacks on government websites, orchestrated by cybercriminals funded by a neighboring nation. The attacks were planned as a diversion during the celebration of Lord Ram’s consecration in Ayodhya. The Information and Technology Ministry of India, however, assures proactive measures to counter these attacks.

The Veeam Data Protection Trends report predicts a 24% surge in cybersecurity spending in 2024. The increase is attributed to the widespread rise in ransomware attacks, which pose a severe threat to businesses.

According to research by Checkpoint Software, cyber attacks on the American populace and companies have reached an all-time high in the past two years. The education and research sectors have been particularly affected due to the sensitive information they hold. Additionally, geopolitical events like the Israeli war with Hamas and Russia’s conflict with Ukraine have spurred the emergence of criminal groups seeking monetary gains in the cybercrime domain.

The post Ransomware and Cyber Attack related news headlines trending on Google appeared first on Cybersecurity Insiders.

Unusual but True! According to a recent survey conducted by the Royal United Services Institute (RUSI), ransomware attacks have been found to induce suicidal tendencies in some cybersecurity professionals. The intense psychological and physical stress experienced during the recovery and aftermath of a cyber attack appears to be taking a toll.

The released report underscores the importance of ensuring that security professionals are adequately prepared before any unforeseen incident occurs, aiming to alleviate stress and physical strain on information security experts.

Referencing an incident in the Financial Industry in October 2023, the report highlights how the attack triggered panic among professionals, resulting in one individual experiencing a heart attack that required an angiogram and subsequent angioplasty. Another professional, overwhelmed during the recovery process, suffered dehydration due to excessive consumption of caffeinated drinks.

Individuals with pre-existing sensitive medical conditions are advised to monitor their health during or after the course of a ransomware attack recovery, as it can lead to temporary illnesses or even critical conditions such as paralysis or epilepsy.

RUSI has compiled a list of health-related consequences caused by ransomware attacks on organizations and their staff. The stress and strain on those dealing with IT-related events are exacerbated by the lack of the required level of talent and in-house availability due to budget constraints.

Additionally, the pressure intensifies as cyber laws mandate reporting an attack to the public within a 48 to 72-hour timeframe, and subsequent prosecution practices by data watchdogs create challenges for CEOs, CIOs, and CTOs.

To mitigate these challenges, RUSI suggests preparing well for such events with proactive security measures. Creating stress-free environments by distributing IT duties among team members might prove instrumental in alleviating fears, stress, and other issues associated with cyber attacks to a significant extent.

The post Ransomware attacks pushing suicidal tendencies among Cybersecurity professionals appeared first on Cybersecurity Insiders.

The conclusion of the year 2023 witnessed an alarming 55% surge in ransomware attacks, as reported by Cyberint, a company specializing in threat intelligence services. In comparison to the preceding year’s 2034 victims, ransomware gangs targeted approximately 4356 victims in 2023.

Prominent among these cyber threats were LockBit 3.0, ALPHV (BlackCat), and CLOP, claiming an estimated 1047, 440, and 360 victims, respectively. The Play, Akira, and BianLian gangs also contributed to the escalating numbers.

Cyberint’s security researchers highlighted the impactful MoveIT cyber attack campaign by CLOP, which affected over 700 victims, with 34 organizations anticipated to pay a staggering sum of $400 million.

Examining global trends, the United States emerged as the most targeted country, experiencing over 2275 attacks. This vulnerability is attributed to the widespread use of the U.S. dollar in significant international transactions.

Delving into new ransomware variants, 3AM, Rhysida, and Akira stood out for their obscurity, simplicity, and sophisticated propagation techniques.

Anticipating the challenges in 2024, law enforcement faces the daunting task of combating both traditional and emerging ransomware threats. The newcomers, equipped with advanced capabilities like data wiping within a week of infection, pose a significant challenge.

Addressing this menace presents a complex scenario. Imposing a ban on cryptocurrencies, a potential enabler for ransom payments, is challenging due to the inherent difficulty in tracing virtual currency transactions. Furthermore, apprehending cybercriminals from nations like Russia, China, Iran, North Korea, and others, especially when backed by state-funded intelligence, proves nearly impossible.

Nevertheless, proactive measures such as deploying threat monitoring solutions, regular data backups, and raising awareness among employees about the evolving threat landscape can significantly mitigate the impact of ransomware attacks.

The post Ransomware attacks witnessed 55% surge in 2023 appeared first on Cybersecurity Insiders.