Tag Archive for: major

The number of ransomware victims is booming — despite major threats being shut down


Despite the police dismantling some of the biggest and most dangerous ransomware threats out there, ransomware as a criminal industry continues to flourish. 

A new report from cybersecurity researchers from Palo Alto Networks’ Unit 42, which found a 49% increase in victims reported on ransomware leak sites. 

Source…

Researchers Uncover Major Surge in Global Botnet Activity


Security researchers have discovered a significant increase in global botnet activity between December 2023 and the first week of January 2024, with spikes observed exceeding one million devices.

Writing in an advisory published on Friday, Netscout ASERT explained that, on a typical day, approximately 10,000 such devices engaged in malicious reconnaissance scanning last year, with a high watermark of 20,000 devices. 

However, on December 8 2023, this number surged to 35,144 devices, signaling a notable departure from the norm.

According to the technical write-up, the situation escalated on December 20, with another spike reaching 43,194 distinct devices. Subsequent spikes, occurring in shorter intervals, culminated in a record-breaking surge on December 29, involving a staggering 143,957 devices, nearly ten times the usual levels. 

Disturbingly, this heightened activity persisted, with high watermarks fluctuating between 50,000 and 100,000 devices.

As the new year unfolded, the scale of the threat became even more pronounced, with January 5 and 6 witnessing spikes exceeding one million distinct devices each day – 1,294,416 and 1,134,999, respectively. A subsequent spike of 192,916 on January 8 affirmed the sustained intensity of this cyber onslaught.

Read more on botnets: Zyxel Vulnerability Exploited by DDoS Botnets on Linux Systems

Further analysis revealed that this surge emanated from five key countries: the United States, China, Vietnam, Taiwan and Russia. 

“Analysis of the activity has uncovered a rise in the use of cheap or free cloud and hosting servers that attackers are using to create botnet launch pads,” Netscout wrote. “These servers are used via trials, free accounts or low-cost accounts, which provide anonymity and minimal overhead to maintain.”

Adversaries utilizing these new botnets focused on scanning global internet ports, particularly ports 80, 443, 3389, 5060, 6881, 8000, 8080, 8081, 808 and 8888. Additionally, signs of potential email server exploits surfaced through increased scanning of ports 636, 993 and 6002.

“These consistently elevated levels indicate a new weaponization of the cloud against the global internet,” reads the…

Source…

Ukrainian hacking group claims retaliatory cyber-strike on major Moscow ISP


Hackers from the Blackjack group, allegedly affiliated with Ukraine’s SBU security service, have hacked into Moscow’s M9com internet provider and demolished its servers, informed sources told NV on Jan. 9.

The attack concerns 20 terabytes of deleted data: the company’s official website, branch websites, mail server, cyber security services, etc.

Read also: Ukrainian hackers leak personal data of 38 million clients of Russia’s Alfa-Bank

“As a result, some Moscow residents were left without internet and TV,” the sources said.

“The hackers also downloaded more than 10 GB of data from the company’s mail server and client databases, which they made available for anyone to examine.”

Source…

Ukraine says Russian hackers penetrated major telecoms network for months – POLITICO


Russian hackers were inside Ukrainian telecoms giant Kyivstar’s system from at least May last year in a cyberattack which crippled its services in December, Ukraine’s top cyber spy said.

In an interview with Reuters published Thursday, Illia Vitiuk, head of the Security Service of Ukraine’s cybersecurity department, said: “This attack is a big message, a big warning, not only to Ukraine, but for the whole Western world to understand that no one is actually untouchable,” adding it wiped “almost everything,” including thousands of virtual servers and PCs.

The attack caused more than 24.3 million Kyivstar customers to lose phone reception, with banks reporting disruptions to their services and Ukrainians in the country’s eastern war zone being left without a connection. Vitiuk has attributed the attack to Sandworm, a Russian military intelligence cyberwarfare unit which has been linked to cyberattacks in Ukraine and elsewhere.

“For now, we can say securely, that they were in the system at least since May 2023,” Vitiuk said, adding, “I cannot say right now, since what time they had … full access: probably at least since November.”

In a video statement in December, Kyivstar CEO Oleksandr Komarov said: “Unfortunately, the war with Russia has several dimensions. One of them is in cyberspace.”

Source…