Posts

Embargo ransomware escalates attacks to cloud environments

Image
  Microsoft warns that ransomware threat actor Storm-0501 has recently switched tactics and now targets hybrid cloud environments, expanding its strategy to compromise all victim assets. The threat actor first emerged in 2021 as a ransomware affiliate for the Sabbath ransomware operation. Later they started to deploy file-encrypting malware from Hive, BlackCat, LockBit, and Hunters International gangs. Recently, they have been observed to deploy the Embargo ransomware. Storm-0501's recent attacks targeted hospitals, government, manufacturing, and transportation organizations, and law enforcement agencies in the United States. Storm-0501 attack flow The attacker gains access to cloud environments by exploiting weak credentials and taking advantage of privileged accounts, with the goal of stealing data and executing a ransomware payload. Microsoft explains that the Storm-0501 obtains initial access to the network with stolen or purchased credentials, or by exploiting known vulnerabil

The best way to recover from a ransomware attack is to have a reliable and fast backup process. Here's how to do it.

Image
  According to a Sophos survey of 5,000 IT and cybersecurity leaders released in April, 59% of organizations have been hit by a ransomware attack in 2023, from which 56% paid a ransom to get their data back. And the amounts paid were not trivial. In 63% of cases the ransom demand was for $1 million or more — $4.3 million, on average. Of the 1,097 respondents who shared their payment details, the average payment was $4 million — up from $1.5 million in 2023. What is ransomware? Ransomware is a type of malware that encrypts a victim’s files. The attacker then demands a ransom from the victim to restore access to the encrypted data. Many organizations are paying ransom According to a report released in July by Semperis, based on a survey of 900 IT and security leaders, ransomware attacks disrupted business operations for 87% of companies. But paying ransomware is a losing game. Of those who were hit, 74% were hit multiple times, sometimes within the span of the same week. And of those who

Infosecurity Europe 2024: Ransomware and AI threats drive surge in cybersecurity investments

Image
Infosecurity Europe, the premier information security event, will take place at ExCeL London from 4-6 June 2024. The event has unveiled further insights from its 2024 Cybersecurity Trends, Obstacles and Opportunities report, emphasising the growing concern among cybersecurity leaders regarding ransomware and AI-generated attacks.   Nearly 40% of respondents indicated that these threats are driving increased investment in cyber defences. Rising threats prompt increased cybersecurity investment The latest findings highlight the urgency for organisations to stay ahead of evolving cyber threats. With attacks becoming more frequent, complex, and damaging, businesses are ramping up their resources to bolster defences and enhance resilience. This heightened investment underscores the critical role of cybersecurity in protecting sensitive data, preserving customer trust, and ensuring business continuity. Ransomware: A persistent threat Ransomware remains a significant concern, and this year’s

CISA ransomware warning program will launch this year

Image
The Cybersecurity and Infrastructure Security Agency, an arm of the Department of Homeland Security, is rolling out a program that warns organizations about potential ransomware attacks, CyberScoop reports. The program is currently running as a pilot and will be fully operational by the end of 2024. About 7,000 organizations have signed up for the pilot. So far, CISA has issued 2,049 warnings since the pilot was launched in January 2023. “The warning pilot is focused on reducing the prevalence of ransomware by using our vulnerability scanning tools to let businesses know if they have vulnerabilities that need to be patched,” CISA Director Jen Easterly told CyberScoop. To get alerts, organizations need to sign up for CISA’s cyber hygiene scanning tool. According to CISA’s FAQ page for the program, the tool “[e]valuates external network presence by executing continuous scans of public, static IPv4s for accessible services and vulnerabilities. This service provides weekly vulnerability r

Attackers Abuse Google Ad Feature to Target Slack, Notion Users

Image
  Attackers are once again abusing  Google Ads  to target people with info-stealing malware, this time using an ad-tracking feature to lure corporate users with fake ads for popular collaborative groupware such as Slack and Notion. Researchers from AhnLab Security Intelligence Center (ASEC) discovered  a malicious campaign  that uses a statistical feature to embed URLs that distribute malware, including the Rhadamanthys stealer, they revealed in a blog post published this week. The feature lets advertisers insert external analytic website addresses into ads to collect and use their visitors' access-related data to calculate ad traffic. However, instead of inserting a URL for an external statistics site, attackers are abusing the feature to enter sites for  distributing malicious code , the researchers found. Ads related to the campaign have already been deleted. But when they were still active, "clicking on the banner would take unsuspecting users to the address that would tri