Tag Archive for: evolve

Post-LockBit, How Will the Ransomware Ecosystem Evolve?

/in


Fraud Management & Cybercrime
,
Ransomware

With Over $1 Billion in Annual Proceeds, Don’t Expect Attackers to Give Up the Life

Mathew J. Schwartz
(euroinfosec)


February 23, 2024    

Post-LockBit, How Will the Ransomware Ecosystem Evolve?
All hail the disruption of LockBit – but the ransomware scene will continue to evolve. (Image: Shutterstock)

Once the dust settles on the LockBit disruption, what will be the state of ransomware?

See Also: User Entity & Behavior Analytics 101: Strategies to Detect Unusual Security Behaviors


Expect attackers to continue refining their tactics for maximizing profits via a grab bag of the same strategies, including forcibly encrypting systems and charging for a decryptor, stealing data and threatening to dump it, creating scary public personae, or a combination of the above.


LockBit, which was disrupted this week by law enforcement, is one of the most successful ransomware groups in history. Canadian intelligence tied it to 44% of all ransomware attacks globally in 2022. Blockchain analytics firm Chainalysis said that since the start of 2023, LockBit has received the second-highest amount of traceable ransom payments of any ransomware group.


All that appears to have ended, at least for now. “We have hacked the hackers,” National Crime Agency Director General Graeme Biggar said this week of the joint operation, which featured 10 countries’ law enforcement agencies. It disrupted the group’s infrastructure, arrested suspects in Poland and Ukraine, sanctioned multiple Russians and more (see: Breach Roundup: More Fallout From the LockBit Takedown).


“It…

Source…

Health hackers evolve, AI cyberattacks, NK spooks drills

/in


Cyber Security Headlines: Week in Review (August 21 - 25, 2023) with guest Gerald Auger Ph.D., chief content creator, Simply Cyber

This week’s Cyber Security Headlines – Week in Review, is hosted by Rich Stroffolino with guest Gerald Auger Ph.D., Chief Content Creator, Simply Cyber

Here are the stories we plan to cover TODAY, time permitting. Please join us live at 12:30pm PT/3:30pm ET by registering for the open discussion on YouTube Live.

Cyber Health Report: Hacker entry point shifts from email to network

We have been covering a growing number of stories on breaches and attacks on hospitals and healthcare systems on Cyber Security Headlines, and yesterday, Critical Insight released its H1 2023 Healthcare Data Cyber Breach Report. Chief among its findings is that “the first six months of the year saw an encouraging decrease in the overall number of data breaches impacting healthcare organizations, it was overshadowed by large-scale breaches resulting in a significant increase in the number of individuals affected, which reached record levels.” The report predicts that 2023 is “on pace to break the record for individuals affected by breaches.” Hacking/IT incidents were the primary cause of breaches, with network server breaches accounting for 97% of records affected, with only 2% due to email breaches. The full report is available at Critical Insight, and a link is available in the show notes to this episode.

(Critical Insight)

Deep Instinct study finds significant increase in Generative AI fueled cyber attacks

Cybersecurity company Deep Instinct today releases its fourth edition of its Voice of SecOps Report, based on research conducted by Sapio Research which surveyed over 650 senior security operations professionals in the US, including CISOs and CIOs. Chief among its findings: “70% of security professionals say generative AI is positively impacting employee productivity and collaboration, with 63% stating the technology has also improved employee morale. However, 75% of security professionals witnessed an increase in attacks over the past 12 months, with 85% attributing this rise to bad actors using generative AI. Nearly half (46%) agree that ransomware is the greatest threat to their organization’s data security and 62% admit that ransomware…

Source…

Cyber defense policies evolve in three of the Five Eyes.

/in


At a glance.

  • Australian critical infrastructure protection policy evolves.
  • US Commerce Department restricts cyber exports.
  • Software Supply Chain Risk Management Act passes the US House.
  • UK established information assurance unit in the MoD.
  • Qualifications for the Cyber Safety Review Board.

Australia allows government intervention for cyberattacks on critical services.

The Guardian reports that Australia has approved new legislation requiring operators of critical services to report cyberattacks and, in extreme cases, allowing the government to take over their operations. As the ruling explains, its purpose is to permit the government to “provide assistance immediately prior, during or after a significant incident.’ It also broadens the term “critical infrastructure” to include providers of food, energy, communications, financial services, higher education and research, and space technology, which comprised a quarter of all cyberattacks reported to the Australian Cyber Security Centre in the past year. Innovation Aus points out that last week the Australian Information Industry Association backed by an international group of tech associations penned a letter warning the law could set a “troubling global precedent,” as it could force businesses to give the government access to internal systems and grant excessive control over how these businesses operate. Home Affairs Minister Karen Andrews disagreed, stating, “If we don’t act now, we risk our cybersecurity falling further behind.”

Josh Brewton, vCISO at Cyvatar, finds it significant that the government will intervene when the operators’ responses are inadequate:

“It’s interesting that the Government are willing to step in when the response is deemed not adequate. Where is the line drawn? How will they define their triggers? How or who will be paying for the response if the ASD take control. Given the frequency of Cyber Attacks today I wonder how the cost of such a response would be dealt with. It could push smaller businesses over the edge. With a healthy bill from the government and the added financial, operational and reputational impacts from the attack itself.”

Saryu Nayyar, CEO of Gurucul, approves of the…

Source…

Ransomware still a primary threat as cybercriminals evolve tactics

/in


Trend Micro announced that it blocked 40.9 billion email threats, malicious files, and malicious URLs for customers in the first half of 2021, a 47% year-on-year increase.

ransomware primary threat

Ransomware remains primary threat in the first half of the year as cybercriminals continued to target big-name victims. Working with third parties to gain access to targeted networks, they used Advanced Persistent Threat tools and techniques to steal and encrypt victims’ data.

The banking industry was disproportionately affected, experiencing a 1,318% year-on-year increase in ransomware attacks in the first half of 2021.

Ransomware remained primary threat in H1 2021, but not the only one

Ransomware was a major threat to global organizations in the first half of 2021, but it was not the only one. The report also reveals:

  • Business email compromise (BEC) attacks increased by 4%, potentially as a result of new COVID-19 opportunities for threat actors.
  • Cryptocurrency miners became the most detected malware, having surged ahead of WannaCry and web shells in recent months.
  • The Zero Day Initiative detected 770 vulnerabilities, a slight (2%) drop from 1H 2020.
  • A total of 164 malicious apps related to COVID-19 scams were detected, 54% of which impersonated TikTok.

“The first step towards effectively mitigating cyber risk is understanding the scale, complexity, and specific characteristics of the threat landscape,” said Jon Clay, VP of threat intelligence for Trend Micro.

Source…