Tag Archive for: costing

Inside the Cyberthreat That’s Costing Millions

/in


lockbit-ransomware

U.S. government agencies have released a joint cybersecurity advisory detailing the indicators of compromise (IoCs) and tactics, techniques, and procedures (TTPs) associated with the notorious LockBit 3.0 ransomware.

“The LockBit 3.0 ransomware operations function as a Ransomware-as-a-Service (RaaS) model and is a continuation of previous versions of the ransomware, LockBit 2.0, and LockBit,” the authorities said.

The alert comes courtesy of the U.S. Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing & Analysis Center (MS-ISAC).

Since emerging in late 2019, the LockBit actors have invested significant technical efforts to develop and fine-tune its malware, issuing two major updates — LockBit 2.0, released in mid-2021, and LockBit 3.0, released in June 2022. The two versions are also known as LockBit Red and LockBit Black, respectively.

“LockBit 3.0 accepts additional arguments for specific operations in lateral movement and rebooting into Safe Mode,” according to the alert. “If a LockBit affiliate does not have access to passwordless LockBit 3.0 ransomware, then a password argument is mandatory during the execution of the ransomware.”

The ransomware is also designed to infect only those machines whose language settings do not overlap with those specified in an exclusion list, which includes Romanian (Moldova), Arabic (Syria), and Tatar (Russia).

Initial access to victim networks is obtained via remote desktop protocol (RDP) exploitation, drive-by compromise, phishing campaigns, abuse of valid accounts, and weaponization of public-facing applications.

Upon finding a successful ingress point, the malware takes steps to establish persistence, escalate privileges, carry out lateral movement, and purge log files, files in the Windows Recycle Bin folder, and shadow copies, before initiating the encryption routine.

“LockBit affiliates have been observed using various freeware and open source tools during their intrusions,” the agencies said. “These tools are used for a range of activities such as network reconnaissance, remote access and tunneling, credential dumping, and file exfiltration.”

One…

Source…

T-Mobile Sued for Security Lapses Over Cryptocurrency Costing Customer $750k

/in


tmobile crypto

T-Mobile caused one of its customers to lose 3/4 of a million bucks, and the guy who’s out the money is now suing the phone company, claiming its security sucked so bad, someone just up and stole his money.

Calvin Cheng claims T-Mobile violated Federal laws that impose security regulations to ensure against hacking and outright stealing.

Cheng claims he’s a customer of a company called Iterative … a hybrid investment fund focused on crypto trading. He says in 2018 T-Mobile was the victim of a SIM-swap — where a criminal third party convinces a wireless carrier to transfer access from one of its legitimate customers to a SIM-card controlled by the criminal.

Cheng alleges in 2020 … T-Mobile allowed one of these criminal third parties access to Iterative’s founder. The criminal third party, posing as the Iterative founder, convinced Cheng to send 15 Bitcoins to a digital wallet … which he believed was controlled by Iterative. He was expected to cash it in for U.S. dollars but never received them.

He seems to be pegging the price of Bitcoin at the time of the fraud at $50,000 a pop — hence the $750k in damages — although now its value has plummeted to just under $30,000 a coin.

Cheng says T-Mobile’s security lapses were a direct cause of his loss.

In addition to the $750,000, Cheng wants punitive damages and other costs.

We reached out to T-Mobile … so far, no word back.

Source…

Ransomware costing financial firms $3.61m per breach

/in


Ransomware costing financial firms $3.61m per breach

Mid-size financial services businesses in Asia–Pacific and Japan spent an average of over US$2.62 million ($3.61 million) recovering from a ransomware attack, new research suggests.

Sophos’ State of Ransomware in Financial Services 2021 report found that 35% of financial services organisations in the region were hit by ransomware during 2020.

Of the impacted organisations, 69% reported that the attackers succeeded in encrypting their data and holding it hostage.

Recovery costs from a successful attack include regulatory fines, rebuilding IT systems and stabilising brand reputation, the report found.

Meanwhile 54% of the financial services organisations that believe they’ll be hit by ransomware in the future said that ransomware attacks have become more sophisticated and harder to stop.

More than a third (35%) feel they will become a target because other organisations in their industry have already been targeted with ransomware, and 51% believe that it’s inevitable they will be impacted because ransomware is now so prevalent.

Sophos senior security adviser John Shier said the worrying findings show that it is essential for financial services organisations to act to reduce their threat surface.

“Strict guidelines in the financial services sector encourage strong defences. Unfortunately, they also mean that a direct hit with ransomware is likely to be very costly for targeted organisations,” he said.

“The financial sector has too much at stake to not set up an in-depth defensive plan to protect, detect and block cyberattackers. While they should continue to invest in backups and their disaster recovery efforts to minimise the impact of an attack, they should also look to extend their anti-ransomware defences by combining technology with human-led threat hunting to neutralise today’s advanced human-led cyberattacks.”

Image credit: ©stock.adobe.com/au/zephyr_p

Source…

Cyber attackers are targeting your child’s school and it’s costing us millions

/in


ST. LOUIS COUNTY, Mo. – If you have a website, you are at risk. You don’t have to click on a malicious link to let the criminal inside. Just like your home, cybercriminals are looking for unlocked windows, a weak door, or that key you’ve hidden under a rock.

“It is what keeps people in my position up at night,” Jason Rooks said. He’s Parkway School District’s Chief Information Officer.

“It’s not if you get attacked – it’s when you get attacked,” he said.

Rooks says school districts are now one of the biggest targets.

“In the past month, two school districts in the state of Missouri have had to close multiple days due to ransomware attacks,” he said.

The Affton School District was recently hit with ransomware. Cybercriminals said they had personal information and demanded money for its return. Affton said it didn’t pay, but Maryville University Associate Professor of Cybersecurity Brian Gant says some districts do.

“One in four school districts is experiencing ransomware currently. Right now, K-12, we’re talking about millions and millions of dollars being lost,” he said.

Gant teaches student how to defend our computer systems. A video wall in their cyber fusion center shows active attacks being stopped—live—in real time. Gant says we don’t have enough experts to stop the attacks.

“The gap that we’ve been experiencing is vast,” he said. “In 2023, they’re expecting it to be a million-job gap between those with the skills necessary to fill it, and higher education is one of those vehicles in which we can get people into the pipeline to fill those gaps.”

Student Hunter Myles already has a job lined up where he will fight to defend our virtual borders.

“Nothing is secure. No company is safe,” he said. “Major national government agencies were attacked. National corporations with billions of dollars in security funding were attacked. It always takes one open door for these attackers to get in.”

In class, he’s working with school districts like Parkway to tighten their security.

“And the great thing is they don’t charge school districts for these services,” Rooks said….

Source…