Tag Archive for: Cybercriminals

How AI is powering the next-generation of cybercriminals

/in


The pace of artificial intelligence (AI) adoption by businesses is increasing. However, the technology is also being rapidly embraced by cybercriminals.

Keen to improve the effectiveness of their malicious attacks, cybercriminals are using AI tools in a range of innovative ways to make attacks both more effective and less obvious to detect.

Creating malware and phishing messages

It’s clear that cybercriminals are already making use of generative AI tools to improve the success rates of their attacks. Some are creating new types of malware without the need for sophisticated coding skills.

In some cases, ChatGPT is being used to mutate malware code, allowing it to evade endpoint detection and response (EDR) systems. As a result, major AI service providers have now put in place filters that prevent users from directing them to write malware and assist with other malicious activity.

However, generative AI services such as ChatGPT can still be tricked into writing attack tools. If someone asks ChatGPT to write a script to test their company’s servers for a specific vulnerability, it may comply. Attackers could use a similar tactic to generate code.

Aside from the well-known generative AI tools, cybercriminals also have access to several other AI applications available on the dark web – for a price. One example is WormGPT, which has been described as being like ChatGPT but with no ethical boundaries. These types of tools have no guardrails in place to prevent cybercriminals from using them to write effective malware code and other hostile tools. 

There is also evidence that attackers are using generative AI to automate the task of writing phishing emails and smishing texts. Previously, these have tended to be relatively easy to spot as they often contain poor grammar and misspellings. Now, with AI, attackers can generate highly personalised phishing emails and fraudulent SMS messages using text that seems to be more genuine. As a result, the number of messages that are opened by recipients is likely to increase.

Thankfully, as with the creation of malware, commonly used AI tools such as ChatGPT and Google Bard will decline to write phishing emails. However, attackers…

Source…

Ransomware cybercriminals continue to target manufacturers

/in


If your manufacturing clients are seeing cyber premiums increase, more ransomware incidents could be why.

Although many manufacturing businesses like this perfume factory were quick to digitalize, many also failed to invest in IoT security at the same time they were building out their technological capacity. (Credit: Lena Wurm/Adobe Stock)

According to a new report by industrial cybersecurity firm Dragos, out of 905 ransomware incidents Dragos tracked, 638, or 70%, affected the manufacturing sector.

Dragos noted about a 50% increase in ransomware attacks against industrial organizations between 2022 and 2023.

But what could be of more value than the knowledge of increased premium expectations is the reason why this sector is seeing so many ransomware attacks. If manufacturers are not willing to plug the holes in the dike, then they should prepare themselves for attack, as attackers will always pursue the most vulnerable risks.

Exploiting vulnerabilities

Lax defenses and the significant costs incurred by any impact to operations of industrial risks make them vulnerable to digital extortion. In looking at the manufacturing sector, the industry was quick to move into digital transformation and internet connectivity but did not invest in IoT security at the same time. Ransomware attacks not only impact operational efficiency but also lead to financial and reputational costs, and further still have trickle-down effects on downstream businesses and outputs.

As with many sectors, the manufacturing sector still struggles with segmenting networks like those that deal with human resources from operational technology networks that control operations. This gives a hacker broad access to the organization. Water and wastewater utilities moving into digitization are also vulnerable, with a need to secure entry to access points as they…

Source…

Delinea Research Reveals that Ransomware Is Back on the Rise As Cybercriminals’ Motivation Shifts to Data Exfiltration

/in


PRESS RELEASE

SAN FRANCISCO, Jan. 30, 2024 /PRNewswire/ — Delinea, a leading provider of solutions that seamlessly extend Privileged Access Management (PAM), today published its annual “State of Ransomware” report which shows that ransomware attacks are increasing again and reveals a change in strategy among cybercriminals. The familiar tactics of crippling a company and holding it hostage have been replaced by new strategies that use stealth to exfiltrate private and sensitive data. Cybercriminals then frequently threaten to sell it to the highest bidder on the darknet or leverage it to reap a handsome cyber insurance payment.

Titled, “State of Ransomware 2024: Anticipating the Battle and Strengthening Your Defenses,” the report analyzed data from a Censuswide survey of over 300 US IT and Security decision-makers to identify significant changes compared to data from the previous year’s report and uncover new possible trends. First and foremost, ransomware is back on the rise. Although not back at the levels of 2021, the number of organizations claiming to have been a victim of ransomware in the past 12 months more than doubled since last year, from 25% to 53%. Mid-sized companies appeared to be in cybercriminals’ crosshairs the most, with 65% stating they’ve been a ransomware victim over the past 12 months. Organizations are also paying ransoms more frequently, up to 76% from 68% the prior year.

More striking, however, are the emerging trends in motivations, strategies, and tactics that the survey revealed. Data exfiltration registered a surge of 39% (reported by 64% of respondents, up from 46%) and became a preferred goal for the attackers, who are now gaining control of a company’s network to download sensitive data to sell on the darknet. This trend is also evidenced by the significant downturn of traditional money grabs as the main motivation (34%, down from 69% the year before).

“Ransomware certainly appears to have reached a critical sea change – it’s no longer just about the quick and easy payout,” said Rick Hanson, President at Delinea. “Even as organizations are investing more in safety nets like cyber insurance which often have ransomware payouts included in…

Source…

2023 cybercriminals added variety & speed to attack vectors

/in


2023 has been the cybercriminal’s year. Connected devices in sectors like manufacturing and education, the financial industry, the gaming and gambling industry, and the cryptocurrency space were hit by DDoS, malware attacks, kyberoasting, Access Broker advertisements, and DNS attacks. On top of this variety, cybercriminals got faster.

In August 2023, Bloomberg reported a cyberattack on Norway’s government, which exploited a vulnerability linked to a mobile device, lasted at least four months.

Read more: Experts predict India in for cybersecurity woes in 2024

Adam Meyers, head of Counter Adversary Operations at CrowdStrike, says, “In our tracking of over 215 adversaries in the past year, we have seen a threat landscape that has grown in complexity and depth as threat actors pivot to new tactics and platforms, such as abusing valid credentials to target vulnerabilities in the cloud and in software.”

When we talk about stopping breaches, we cannot ignore the undeniable fact that adversaries are getting faster, and they are employing tactics intentionally designed to evade traditional detection methods. Security leaders need to ask their teams if they have the solutions required to stop lateral movement from an adversary in just seven minutes

Adam Meyers, head of Counter Adversary Operations at CrowdStrike

“When we talk about stopping breaches, we cannot ignore the undeniable fact that adversaries are getting faster, and they are employing tactics intentionally designed to evade traditional detection methods. Security leaders need to ask their teams if they have the solutions required to stop lateral movement from an adversary in just seven minutes.”

IoT

According to the ZscalerTM ThreatLabz 2023 Enterprise IoT and OT Threat Report, a 400% increase occurred in IoT and OT malware attacks Year-over-Year, underscoring the need for better Zero Trust security to protect critical infrastructures. The manufacturing industry, which relies heavily on both IoT and OT, was the top targeted sector, bearing the brunt of blocked IoT malware attacks, accounting for 54.5% of all attacks and averaging 6,000 weekly attacks across all monitored devices.

Also, the education sector…

Source…