Category: ransomware

Volvo, the Swedish carmaker, has hit the Google headlines for an alleged data leak caused by a ransomware incident. The luxury car maker is yet to disclose whether the hack is true and if the leaked information genuinely belongs to the company.

Cybersecurity Insiders learnt that the attack took place on December 31st last year and was accessed by the threat actors via a 3rd party servers and as Volvo’s staff failed or denied to pay a ransom, the stolen data was made public on a hacking forum.

Endurance Ransomware Group, first identified in November 2022, has claimed to have hacked US Government agencies from August-October 2022,

Now, the same malware distributing group is reported to be behind the Volvo cars hack.

For those uninitiated, in Dec’2021 a similar hack was reported by the company and R&D related data was put for sale on the web that includes future vehicle model details, car parts schematics, development projects details and employee data. A threat actors group dubbed ‘Snatch’ was suspected to be behind the incident.

So, the data now could be the same information either scrapped from the web or bought from the previous hack by those dealing with Endurance.

Currently, the Volvo data is being offered for $2,500 to be paid in Monero crypto-currency.

NOTE- If a victimized company doesn’t respond to the demands of the ransomware group, the threat actors sell that stolen data to interested parties for monetary benefits. Sometimes, even if the hacked victim pays the threat actors, the chances are high that they can be targeted twice or thrice in a year or till the vulnerability exploited previously is fixed.

 

The post Volvo car data on sale after ransomware attack appeared first on Cybersecurity Insiders.

Wabtec, a locomotive company offering transportation solutions to improve the world, has disclosed that its servers were hit by a malware last year, leaking sensitive details of its employees to hackers.

The company that employs around 25,000 people and has a business presence in over 50 countries has concluded that critical details related to employees such as Full Names, DOBs, Non-US National ID Number, Passport Number, IP address, Non-US Social Insurance Numbers, EINs, USCIS, NHS details, Medical and health insurance data, Photographs, Financial info, salaries, social security numbers belonging to US employees, Payment card data, biometrics, criminal history details, religious beliefs, political stands and such.

Cybersecurity Insiders learnt from its sources that the attack took place last year, when hackers induced a file encrypting malware into the company’s network in March 2022. Then, on June 26th, 2022, the IT staff detected unusual network access and started an investigation.

A week later, forensic experts hired from a 3rd party firm confirmed the incident as a ransomware attack and started an inquiry.

In August 2022, Lockbit Ransomware gang claimed to have stolen the info and published sample data on the dark web to prove their claims.

Wabtec contacted the hackers and apparently negotiated the stolen data for a ransom. However, it is still unclear whether they paid a ransom to decrypt their database.

From December 30th 2022, the company started sending emails blasts to all the affected individuals and urged them to stay vigilant with their bank transactions and check for incidents such as identity thefts and any sort of cyber frauds in credit or financial reports.

 

The post Ransomware attack on Wabtec leads to a data breach appeared first on Cybersecurity Insiders.

Intel, the world-renowned silicon chipmaker, has extended its partnership with Check Point Software technologies to boost its chipsets defense line against ransomware attacks. So, as a part of this collaboration the Harmony Endpoint solution from Check Point will be integrated into Intel vPro’s AI and ML driven threat detection tech allowing CPUs manufactured by the silicon wafer making giant analyze pre-detect data encryption commands in the digital attack flow.

In the year 2021, security analysts tagged Ransomware at the trending malware topping the list in the Crypto-virology chart. And the sole purpose of such malicious software was concluded to be easy financial gain.

The highlight of this malware filled cyber attack is that criminals are becoming innovative with time and are launching attacks with more sophistication. And such developments are throwing more intense challenges to the cybersecurity experts.

Intel wants to contain such threats at the core and so developed tech that blocks the threat at the processor level or we can say at the early stage of relaying of commands.

Check Point Harmony tech assists in the telemetry analysis at the chip level and raises a barrier against the encryption commands, thus blocking the threats from perpetuating to the information storage flow.

We can also conclude such an operation as a prevention technique, where the identity and remediation in the attack chain take place in an automated way at the hardware level.

NOTE- Ransomware spreading gangs have stooped to the next level as they are creating fake websites mimicking the original website of the victim and then posting the siphoned data to gain maximum imprints from the website traffic by ranking second in the search engine.

 

The post Intel and Check Point Software extend partnership for ransomware protection appeared first on Cybersecurity Insiders.

The ransomware attack that took place on British Daily Newspaper ‘The Guardian’ seems to have intensified deeply as the staff of the media group has been advised to work from home and have been handed over separate email ids for official communication.

Guardian’s servers were hacked and a file encrypting malware was introduced into the daily computer network in the first week of December 2022. And the incident was discovered by the IT staff on the 20th of the same month.

Since then, the administration staff have been advised to render their services via a WFH culture.

Formalizing it, an official email was being circulated to all staff members by Anna Bateson, the CEO of Guardian Media Group, urging them to continue working remotely for the next 3 weeks.

Christmas 2022 proved unfortunate to the IT staff of the daily newspaper, as they had to work 24/7 to bring back the network to normal operations.

However, as most of the key systems failed to rejuvenate, the staff in the UK, USA and Australia has been asked to work remotely until January 23rd this year. And as a precautionary measure, all the systems on the office network were made offline to contain the spread of the malware.

NOTE 1- There were reports that the incident was caused by a MS Exchange Server vulnerability that was exploited by hackers to induce malware into the network.

NOTE 2- Guardian is yet to reveal the incident cause on an official note and has assured to disclose the details of the malware spreading gang in coming weeks.

NOTE 3- Coincidentally, the cyber-attack occurred when Volodymyr Zelenskyy was visiting the United States of America after the start of the ongoing war between Kyiv and Moscow.

 

The post The Guardian Ransomware Attack 2022 intensifies deeply appeared first on Cybersecurity Insiders.

By Brad Liggett, Technical Director, Americas for Cybersixgill

Technology’s rapid and relentless progress promises to continue apace in 2023, to everyone’s benefit – including cybercriminals’. The year promises a “Spy vs. Spy”-type cyberspace race as both criminals and defenders vie to gain the upper hand using new and emerging technologies.

Every technology that enables our cyber teams to pinpoint and resolve threats and prevent attacks more quickly and accurately also benefits cybercriminals. In those same technologies they find new breach pathways and targets, and more sophisticated intrusion techniques.

The result can be a cat-and-mouse game in which we run in circles without either actually getting ahead.

For cyber professionals, awareness is the first and perhaps most important step toward breaking out of this cycle. While predictions are always risky – perhaps even more so in the unpredictable digital realm – we can gird ourselves against the coming year by looking at what’s happening now, knowing our adversaries will be sure to step up their game.

We see these three cyber trends looming in 2023:

  1. Advanced Persistent Threat (APT) software will level the playing field between less-experienced, profit-driven cybercriminals and more politically motivated state-backed groups. As a result, these disparate perpetrators will work together, irrespective of where they’re located, as supporting governments look the other way.Even as nation-state-supported groups launch APT attacks on their governments’ behalf – such as the China-baked APT5’s recently discovered exploit of a Citrix application – we’re seeing software for sale on the dark web that gives lone wolf and profit-driven groups similar capabilities. We call these threat actors “Quasi-APTs.”

How to prepare: CISOs must be more vigilant than ever before, and make sure their organizations can track, monitor, and remediate threats from multiple points, around the clock. These threats aren’t coming only from state-sponsored APT groups anymore, but also from your garden-variety dark web actor or Anonymous chapter.

Automated threat intelligence and robust vulnerability management programs are now more critical than ever for enterprises. As your technologies proliferate so, too, do your endpoints, each a potential avenue for breach – and they may number in the thousands. Without automation, continuously protecting them all will be impossible.

  1. Artificial Intelligence (AI) will play an increasingly important role on both sides, as threat actors use malicious AI and enterprises employ the technology to proactively find and preemptively eliminate threats.

Everyone’s talking about ChatGPT, the OpenAI chatbot that can “speak” with users intelligently – answering questions, admitting mistakes and correcting itself, rejecting inappropriate requests, and more. It’s an exciting advance for enterprises wanting to use AI to better serve customers – and it’s most likely exciting for cybercriminals, as well.

Already some have used the OpenAI platform to have ChatGPT write phishing emails and insert malicious links. The emails don’t have the usual spelling, grammar, and syntax errors that today’s phishing messages composed by non-native-English speakers tend to contain – errors that serve as a tip-off to recipients.

Likewise, this technology could make misinformation and disinformation that much more credible, writing articles and posts using persuasive techniques pretty much reserved for humans now.

How to prepare: Governments and enterprise organizations will need to use natural language processing and AI to shift to a more proactive approach to cybersecurity. Automation using AI will play an essential role. By listening in on chatter among threat actors, AI can determine which threats are most likely to materialize, and send defense and response resources to where they’re needed, before they’re needed.

  1. The use of “wiper” malware will proliferate, erasing data from government and critical infrastructure systems as well as mobile phones.

Originally intended to help companies erase data from company devices – a security technology – wiper software has morphed into wiper malware.

We’re seeing an increase in dark-web chatter about planting malware in Android marketplaces, including the use of “wiper” malware that erases data.

Many federal agencies already use Android phones, and will need to up their vigilance against this devastating tool.

The “NotPetya” attack of 2017 – the most financially damaging cyberattack in history – and the 2018 “Olympic Destroyer” attack, which took down the entire technology system of the Winter Olympics in Seoul, South Korea, used wiper malware.

These attacks, both attributed to cybercriminals in Russia, almost certainly weren’t motivated by money, since the attackers didn’t deploy ransomware or demand pay. This emerging tactic warrants the attention of not only governments but critical infrastructure providers, as well, and possibly even individuals as criminals move to wiping clean mobile phones.

The good, the bad, and the ugly

As the new year progresses, it’s important to remember that pretty much everything has a good side and a bad side. Technology offers many upsides, including helping us to work and live more efficiently and securely. But cybercriminals pay attention to technological trends perhaps even more closely than most. When one catches on, they’ll be there, hoping to cash in.

If these predictions – based on information gleaned from our observations in the areas of the internet most can’t see – tell us anything, it’s this: in 2023, businesses will need to work harder to stay ahead of cybercrime. Old, reactive paradigms won’t do, not anymore, and we all know what happens when you run in circles: you go nowhere.

 

The post Three cybercrime technology trends to watch in 2023 appeared first on Cybersecurity Insiders.

We all know that cyber-criminal gangs spreading file encrypting malware are nowadays first stealing data and then encrypting it until a ransom is paid. And if a victim denies paying a ransom or doesn’t entertain their demands, they simply sell that stolen data on the dark web to make money. And if the victim pays them a ransom in cryptocurrency, they send fake screenshots that their data is being or was deleted from their database. But in reality, they still posses a copy of that siphoned information and will store it safe to use it in near future.

Nowadays, ransomware spreading gangs have indulged in a new business of preying on victims who have or willing to pay for their data deletion. This threat is growing with the time, as criminals involved in the business are urging victims to pay to gain a decryption key. And pay more to get the data removed from the leak site. And finally, pay even more to get the leaked data deleted from their servers cleaned up from their servers, forever.

It’s a kind of extortion that seems to go as a never-ending saga, eventually leading to a salvage of a business reputation for sure.

Thus, the only way to deal with this situation is to keep your database proactively protected with such troubles. And if in case the data gets leaked, better to recover it from a backup plan, instead of paying the criminals a ransom and then repenting there afterwards.

In the year 2019, the FBI released an official statement discouraging ransomware victims from paying anything to the hackers. Because, first, the pay doesn’t guarantee a decryption key and second thing is that it acts as an entry point for criminals to demand more and repeat their malware attacks on the infrastructure 2-3 times or till the victim secures the database from all future related attacks.

What’s your say?

 

The post Ransomware criminals prey on victims paying for data deletion appeared first on Cybersecurity Insiders.

A mining firm shut down its operations in Southern British Columbia in order to contain the repercussions developed from a ransomware attack. The Canadian Copper Mountain Mining Corporation is the firm that had to shut down its offices in Vancouver during the weekend as most part of its corporate computer network was held hostage by a file encrypting malware demanding millions to offer a decryption key.

The copper and precious metals mining company says that it is suspecting Lockbit ransomware group behind the incident. But chose to reveal confirmed details after thorough investigation.

In other news that is related to ransomware, but shows us the humanity side of the criminals is related to a Hospital for Sick Children. If we go into the details, as soon as the LockBit Ransomware gang learnt it encrypted the network of SickKids, they immediately apologized for the incident and handed over a free decryption key, showing us their kind heartedness.…. unbelievable… isn’t it?

Cybersecurity Insiders learnt that the attack took place on December 18th of last year, causing delays to diagnosis and treatment of patients. However, the criminals gang realized their mistake and returned the decryption key, thus helping the staff to restore their systems on priority.

Third is the news related to BlackCat Ransomware, also known as ALPHV. The ransomware gang has not only introduced an innovation into their threatening tactics but also implemented it in the new year.

As per the details available, Alphv hacked into the network of a financial company and stole their data. And as the victim failed to pay attention to their demands, they released the stolen details for sale on the dark web.

Not stopping by this deed, BlackCat also created a replication of the victim’s company website and published all the stolen data into the website, to surprise and gather logins from the web portal users.

Port of Lisbon, the busiest seaport in Europe, stated that it has reportedly become a victim of a cyber attack of ransomware genre. Portuguese News resource Publico made this news official and confirmed that the incident took place on the Christmas day, a week ago.

LockBit malicious software spreading gang is suspected behind the Christmas season attack and the ransom they are demanding is $1.5 million and that too they want the payment by January 18th of this year.

 

The post Ransomware news trending on Google appeared first on Cybersecurity Insiders.

In one of the strange decisions taken by Ohio Supreme Court over a previous judgement pronounced earlier by Ohio Second District Court, the law stated that there must be a direct physical loss or damage to a company in the event of a file encrypting malware disaster. Otherwise, the insurance provider can quash of the policy coverage as the malware infected only the software.

Going deep into the case, a medical billing software provider EMOI made an appeal when its cyber insurance coverage provider of Lansing, Owner’s Insurance Company, denied paying a loss coverage as there was no direct physical loss or damage to the media.

Though strange, the court gave a rational decision that a computer might be made with several components were tangible, but data stored on the PC had no physical presence. Thus, a ransomware attack on the software doesn’t qualify to be covered under the policy.

However, when cybersecurity insiders dug deep into the case and inquired about some sources, the court was not at fault in real.

Owners Insurance was claiming a loss coverage via a property insurance policy. And unless damage is done to the physical assets, the policy doesn’t cover the losses incurred with the disruption of the software on computing media.

Therefore, the Supreme Court overruled the decision pronounced by the district court earlier and directed the software developing company EMOI to not claim losses incurred by ransomware through a liability insurance policy and see for other alternatives to cover up losses.

 

The post Ohio Court rules out Ransomware Attack loss on Software appeared first on Cybersecurity Insiders.