A new report from ENISA, the European Union Agency for Cybersecurity, looking at cyberattacks targeting the European transport network over a period of almost two years, has identified that ransomware has become the prominent threat.
Read more in my article on the Tripwire State of Security blog.
Category: ransomware
A vulnerability in a popular data transfer tool has resulted in a mass ransomware attack:
TechCrunch has learned of dozens of organizations that used the affected GoAnywhere file transfer software at the time of the ransomware attack, suggesting more victims are likely to come forward.
However, while the number of victims of the mass-hack is widening, the known impact is murky at best.
Since the attack in late January or early February—the exact date is not known—Clop has disclosed less than half of the 130 organizations it claimed to have compromised via GoAnywhere, a system that can be hosted in the cloud or on an organization’s network that allows companies to securely transfer huge sets of data and other large files.
Ferrari, the luxury car maker has made an official announcement that some of its systems were operating under control of hackers, resulting in a data breach. The company immediately pulled down the compromised servers from the corporate computer network and began remediation efforts.
The Italian car maker has begun to send email notifications to its customers and mentioned in it that the hackers might have gained access to information such as names, addresses, email contacts and telephone numbers of customers.
However, the company did not find any evidence that the leaked info accessed, stolen or misused by the threat actors were being misused.
As the company doesn’t store sensitive details like payment info or bank account numbers of customers on its official servers, so the hackers did not access those details…. that’s great!
Ferrari S.p.A was contacted by a representative of the threat actor demanding ransom and the demanded sum will be disclosed after the preliminary investigations over the data theft get over.
In another similar incident, The National Basket Association (NBA) has issued a statement that some of its data stored on the servers of the 3rd party newsletter service were accessed and stolen by hackers belonging to a noted ransomware gang. The only good part of this cyber incident is that none of the fan credentials or their details were stolen by the hackers.
A third-party forensic service contacted by the sporting organization is urging all customers of NBA to be vigilant, as some of those affected might experience phishing attacks or cyber scams of such sort.
The post Details of ransomware attack on Ferrari and NBA appeared first on Cybersecurity Insiders.
After Rubrik, Hitachi Energy issued a public statement that some of its customer accounts might have been compromised, after a ransomware attack took place on a third-party software called Fortra GoAnywhere MFT.
Clop ransomware gang is the company that managed to infiltrate the servers and siphon data and a portion of employee data might have been compromised.
Hitachi says that it disconnected the server as soon as it learnt about the incident and deployed a team of cybersecurity experts to analyze and mitigate the risks associated with the malware attack.
Thus, Hitachi is the second company after Rubrik, that was hit by Clop ransomware.
Information is also out that the same gang was also behind the data breach of personal details of over 35,000 PayPal users. The financial services provider is facing a lawsuit from one of the victims, who was notified about the data breach in January this year. And according to him, the data steal took place in December 2023 and hackers accessed details such as names, addresses, phone numbers, email addresses, DOBs, social security numbers and bank account details, along with the residual balances in respective PayPal accounts.
However, an authenticity on this info is awaited and will only be known, as the case starts unfolding, in the court of law.
NOTE- Fortra GoAnywhere MFT is a file transfer solution that is used to exchange information. It assists companies in automating file transfers in a centralized form and keeps a tab on file transfers and user access. The vulnerability on the software was fixed by Fortra in the first week of February this year. However, it seems like some customers missed out on the update.
The post Hitachi becomes the next victim after a ransomware attack on GoAnywhere software appeared first on Cybersecurity Insiders.
Security researchers have released a new decryption tool which should come to the rescue of some victims of a modified version of the Conti ransomware, helping them to recover their encrypted data for free.
Read more in my article on the Tripwire State of Security blog.
A new global study has looked into how SOC’s go about protecting organisations from threats, where they focus the most attention and what is driving modernisation plans.
Cybereason’s latest report Ransomware and the Modern SOC: How Ransomware is Driving the Requirements for SOC Modernization, surveyed 1,203 security professionals from eight countries and a dozen industries, and found more than 58% said their SOC spends most of its time responding to ransomware and supply chain attacks that often lead to ransomware incidents.
As a result, their modernization plans are now focused across four specific areas:
- 38% — Plan to deploy new detection capabilities with better detection efficacy.
- 31% — Need better visibility into the full attack story.
- 31% — Are looking for ways to augment staffing and contract for managed services, and
- 29% — Said ransomware has increased their need for better automation and faster response.
“In a post COVID world, the modern SOC needs to be a decentralized, capabilities-based organization that leverages industry-leading detection, prevention, visibility, and automation technologies, all of which are often augmented by managed services,” said Israel Barak CISO, Cybereason.
Travel and Transportation Industries Struggling
The study also revealed that almost a third (31%) stated the ransomware threat has exposed their need for better insight and visibility into the full attack story against their organisation. On average, 35 percent of respondents in the United States need better insight and visibility. In Italy, that number jumps to 46 percent. In the travel and transportation industry, more than 57 percent of respondents lack the proper level of threat attack visibility, followed by 39 percent of respondents in the retail, catering and leisure industries.
The post Rise of Ransomware Attacks Main Focus for SOCs, research finds appeared first on IT Security Guru.
In its latest Patch Tuesday bundle of security fixes, Microsoft has patched a security flaw that was being used by the Magniber cybercrime gang to help them infect computers with ransomware.
Read more in my article on the Hot for Security blog.
Cyber Criminals are smartly exploiting SmartScreen bugs in the Microsoft software to deliver Magniber Ransomware. And so far, the infection spread to thousands of devices, as the Windows operating giant in advance issued no red flag alerts.
Google’s Threat Analysis Group (TAG) was the first to issue a warning on the issue and immediately notified the Redmond giant about the vulnerability. The tech giant immediately analyzed the bug and issued a patch to the MS Office vulnerability titled CVE-2023-24880.
Another bug of a similar sort, dubbed CVE-2023-44698, was discovered in December and although the software company issued a patch, it seems like it hasn’t covered all the required systems.
Both these flaws were tracked to be caused by an existing susceptibility in the Mark-Of-The-Web feature. Supposed to issue red flags on detecting malicious downloads via the web, USB devices, and other distrustful sources. Thus, leading the victims towards the Microsoft Software Installer (MSI) files packed with the said file-encrypting malware and having an unshapely signature.
TAG concluded that most of the 100,000 downloads of the malicious MSI files were from Europe, which is contrary to the usual activity of Magniber of targeting systems from Taiwan and South Korea.
Coming to other news, silicon valley based Rubrik, into the business of data security, has reportedly become a victim of a ransomware attack, yet to be confirmed. First, a source from the company reported that the attack was caused by exploiting a vulnerability in Microsoft software.
However, upon inquiry, it was discovered that the hackers exploited a vulnerability in Fortra GoAnwhere file sharing software by tinkering its zero-day flaw.
The post Microsoft SmartScreen vulnerability delivers Magniber Ransomware appeared first on Cybersecurity Insiders.
The latest annual FBI report on the state of cybercrime has shown a massive increase in the amount of money stolen through investment scams.
Read more in my article on the Hot for Security blog.
This is unimaginable, but is taking place in practical, seriously! Russian ransomware gang BlackCat Ransomware group has targeted a hospital operating in Pennsylvania this time and are threatening to leak intimate photos of the patient, say their private parts, taken during a radiology or some kind of scan tests.
Lehigh Valley Health Network (LVHN), Lackawanna County, is the healthcare organization that has been attacked and cyber crooks stole patient information related to her radiation oncology treatment.
BlackCat aka ALPHV is threatening to leak the data related to the single patient and will follow a similar process in the near future if their demands are not met on time.
Based on the condition of anonymity, a source reveals that the criminal gang also had access to some sensitive data of some female patients and are threatening to leak the information, if the organization doesn’t play heed to their demands.
This reveals us the desperation and willingness of the criminals to do anything and everything to mint money from the targets who refuse to pay.
A few days ago, Medusa Ransomware gang was also trending on the Google news headlines for stealing some sensitive details of school pupil related to Minneapolis Public Schools. They demanded $1 million ransomware and, as the victims failed to pay the crypto currency on time; they leaked some screenshots related to the scanned copies of some handwritten notes related to two male and female students facing allegations of Se$u@l Assault.
NOTE- So, if the law enforcement doesn’t take serious action against these gangs, they can turn heinous and take this crime to the next level, where victims can suffer a lot than what they are suffering, currently. From the Biden government’s POV, they are already taking steps to curb such incidents on national infrastructure and have also implemented strict laws such as slapping sanctions against criminals and keeping a track of the digital currency payments taking place in the crypto world. On the victims’ part, first they should start proactively securing their infrastructure and try to keep such criminals at bay from their network. And if the unfortunate happens, then consider recovery measures and stop paying the criminals. As such prompt payments not only increase crime but also don’t guarantee a decryption key for sure.
The post Ransomware hackers turn nasty by sharing intimate patient photos appeared first on Cybersecurity Insiders.