SecureList

NOVEMBER 1, 2022

This is our latest installment, focusing on activities that we observed during Q3 2022. We can confirm a Maui ransomware incident in 2022, but we would expand their “first seen” date from the reported May 2021 to April 15, 2021, and the geolocation of the target to Japan and India. The most remarkable findings.

Malware 142

Malware Ransomware Spyware Encryption 142

Krebs on Security

FEBRUARY 14, 2022

In January, KrebsOnSecurity examined clues left behind by “ Wazawaka ,” the hacker handle chosen by a major ransomware criminal in the Russian-speaking cybercrime scene. 26, 2020, a new user named Biba99 registered on the English language cybercrime forum RaidForums. This post is an attempt to remedy that.

VPN 209

VPN Ransomware Cybercrime Accountability 209

Malwarebytes

OCTOBER 19, 2022

DeadBolt is a ransomware that specializes in encrypting online network attached storage (NAS) devices. In January 2022, news broke that a ransomware group was targeting QNAP Network Attached Storage (NAS) devices. It is important to file a complaint if you are a victim of a cybercrime. QNAP and DeadBolt have history.

Ransomware 96

Ransomware Firmware VPN Cybercrime 96

Security Affairs

MARCH 11, 2024

The group focuses on internet-facing services, in at least one instance the group exploited the vulnerability CVE-2024-21887 in Ivanti Connect Secure VPN. NerbianRAT for Windows was first spotted in 2022, however the Linux variant employed by Magnet Goblin has been in circulation since May 2022.

Malware 93

Malware VPN Encryption Hacking 93

Security Affairs

OCTOBER 22, 2022

US government agencies warned that the Daixin Team cybercrime group is actively targeting the U.S. CISA, the FBI, and the Department of Health and Human Services (HHS) warned that the Daixin Team cybercrime group is actively targeting U.S. The threat actors obtained the VPN credentials through phishing attacks. administrative?accounts,

Ransomware 65

Ransomware VPN Cybercrime Accountability 65

SecureList

NOVEMBER 23, 2021

The debate about which threats pose the most danger to industrial enterprises often revolves around comparisons between APTs and cybercrime. Similarly, APTs masquerading as cybercrime, and attacks by cybercriminals pretending to be an APT, have lost their wow factor. Update firewalls and SSL VPN gateways in good time.

Spyware 109

Spyware Phishing Cybercrime Energy and Utilities 109

Security Affairs

MAY 9, 2023

Researchers warn of a new ransomware family called CACTUS that exploits known vulnerabilities in VPN appliances to gain initial access to victims’ networks. The new ransomware strain outstands for the use of encryption to protect the ransomware binary. This technique allows the encryptor to avoid detection. We are in the final!

Ransomware 71

Ransomware VPN Antivirus Encryption 71

Krebs on Security

APRIL 22, 2022

KrebsOnSecurity recently reviewed a copy of the private chat messages between members of the LAPSUS$ cybercrime group in the week leading up to the arrest of its most active members last month. By February 2022, LAPSUS$ had pivoted to targeting high-tech firms based in the United States.

Mobile 357

Mobile Computers and Electronics VPN Marketing 357

Malwarebytes

APRIL 17, 2023

Swatting is a crime that has evolved from a dangerous type of prank to a cybercrime that can be ordered as a service. NPR reported that in October 2022, 182 schools in 28 states received fake threat calls with a familiar pattern behind this wave of false calls. Keep your online privacy by using Malwarebytes Privacy VPN.

Artificial Intelligence 95

Artificial Intelligence VPN Cryptocurrency Encryption 95

Security Affairs

DECEMBER 10, 2022

The human-operated Royal ransomware first appeared on the threat landscape in September 2022, it has demanded ransoms up to millions of dollars. “Royal is a human-operated ransomware that was first observed in 2022 and has increased in appearance. Starting from September 2022, the note was changed to Royal.

Healthcare 84

Healthcare Ransomware Encryption Malware 84

Security Affairs

AUGUST 29, 2023

Citrix reported that successful exploitation requires that the appliance is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server. The attackers obtained encrypted passwords from NetScaler ADC configuration files, and the decryption key was stored on the ADC appliance. php) on victim machines.

VPN 97

VPN Ransomware DNS Malware 97

Security Affairs

DECEMBER 3, 2022

Google fixed the ninth actively exploited Chrome zeroday this year A new Linux flaw can be chained with other two bugs to gain full root privileges Attack of drones: airborne cybersecurity nightmare Cuba Ransomware received over $60M in Ransom payments as of August 2022 Android Keyboard Apps with 2 Million downloads can remotely hack your device New (..)

Spyware 89

Spyware Data breaches VPN Hacking 89

CyberSecurity Insiders

APRIL 5, 2023

Cybercrime risk is rising, security vulnerabilities are increasing, and the cybersecurity industry is rapidly developing. After extensive research by IBM in the year 2022, it is evident that, on average, a total of 4.35 A VPN for PC could encrypt and reroute internet traffic but also block malicious websites.

Cybersecurity 134

Cybersecurity Data breaches Passwords Education 134

BH Consulting

DECEMBER 14, 2021

Digital takeup drives accelerated cybercrime activity: IOCTA. Growing use of digital technologies, accelerated by the Covid-19 pandemic, has led to a sharp increase in cybercrime. STOP PRESS: BH Consulting’s Valerie Lyons to present at RSA Conference 2022. The 2022 edition will be a combined in-person and virtual event.

Cybercrime 59

Cybercrime Mobile DDOS CISO 59

Security Affairs

OCTOBER 25, 2022

The gang claims to have breached the corporate network on October 3rd, 2022. The group used a variety of attack methods, including malspam campaigns, vulnerable RDP servers, and compromised VPN credentials. The most important change in the latest Hive variant is the encryption mechanism it adopts. key files.

Ransomware 83

Ransomware Data breaches Cyber Attacks Engineering 83

Malwarebytes

JUNE 14, 2022

Like RansomHouse , Karakurt doesn’t bother encrypting data. Mitigate your risk: [link] pic.twitter.com/0ft8mPediO — Jen Easterly (@CISAJen) June 1, 2022. The NCC Group’s Cyber Incident Response Team (CIRT) spotlighted Karakurt activities in February 2022. Instead, it just steals the data and demands a ransom.

Ransomware 74

Ransomware VPN Accountability Cybercrime 74

Security Affairs

SEPTEMBER 6, 2022

today detected the security threat DEADBOLT leveraging exploitation of Photo Station vulnerability to encrypt QNAP NAS that are directly connected to the Internet. We recommend users to make use of the myQNAPcloud Link feature provided by QNAP, or enable the VPN service. Once encrypted the content of the device, the ransomware appends.

Ransomware 80

Ransomware Internet Internet Encryption 80

SecureWorld News

AUGUST 11, 2022

Cisco became aware of the incident on May 24, 2022, and immediately activated the Cisco Security Incident Response Team (CSIRT) and Cisco Talos to investigate the situation. Cisco explains: "Initial access to the Cisco VPN was achieved via the successful compromise of a Cisco employee's personal Google account.

Ransomware 69

Ransomware Accountability Cybercrime Encryption 69

Security Affairs

MARCH 2, 2022

“Access to NVIDIA employee VPN requires the PC to be enrolled in MDM (Mobile Device Management). Yes they successfully encrypted the data,” the group claimed in a subsequent message.” pic.twitter.com/F8ocpB6Qev — Brett Callow (@BrettCallow) February 26, 2022. ” reads the statement.

Data breaches 81

Data breaches Ransomware Hacking VPN 81

Security Boulevard

JANUARY 2, 2024

Ransomware gangs also got stealthier in 2023, with ThreatLabz observing an increase in encryption-less extortion attacks. The absence of encryption allows attackers to eliminate development cycles and decryption support and quietly exfiltrate data before making ransom demands.

CISO 104

CISO Social Engineering Architecture Ransomware 104

Malwarebytes

JANUARY 15, 2023

The real world impact of cybercrime rears its head once more, with word that 14 schools in the UK have been caught out by ransomware. One of the primary schools highlighted, Pates Grammar School, was affected on or around the September 28, 2022. Backups are the last line of defence against an attack that encrypts your data.

Ransomware 77

Ransomware Backups Education VPN 77

Security Affairs

MARCH 27, 2023

The threat actor abused Bitly shortener and an ad hoc BlogSpot account to protect the malicious code, lastly stored in an encrypted zip archive hosted on Mega.nz. The final download link is presented on BlogSpot This particular modus operandi matches a particular threat Kaspersky researchers spotted in September 2022 ( link ): NullMixer.

Malware 78

Malware Social Engineering Encryption Marketing 78

SecureList

OCTOBER 17, 2023

The most remarkable findings In early 2023, we discovered an ongoing attack targeting government entities in the APAC region by compromising a specific type of a secure USB drive, which provides hardware encryption. These variants go beyond Ligolo’s standard functionality and attempt to emulate VPN solutions from Cisco and Palo Alto.

Government 109

Government Malware VPN Manufacturing 109

Krebs on Security

MARCH 4, 2022

.” Conti managers were hyper aware that their employees handled incredibly sensitive and invaluable data stolen from companies, information that would sell like hotcakes on the underground cybercrime forums. “Hello [victim company redacted],” the gang wrote in January 2022. “We are Conti Group.

Ransomware 212

Ransomware Insurance Cyber Insurance Accountability 212

SecureWorld News

OCTOBER 30, 2023

Only some deeper scrutiny can reveal that an encryption protocol is the missing piece of the puzzle, which means that the connection is insecure and the attacker can tamper with all communications. If that's a no-go for whatever reason, a Wi-Fi VPN can do the heavy lifting in terms of traffic encryption.

Phishing 97

Phishing Scams Passwords Wireless 97

SecureList

DECEMBER 7, 2021

With double extortion, not only do the attackers encrypt data, but they also steal highly sensitive information (personal data of clients and employees, internal documents, intellectual property, etc.) This allows them to maximize the attack surface by encrypting virtual machines hosted on ESXi servers. Financial blackmail. Conclusion.

Ransomware 126

Ransomware B2B B2C Government 126

ForAllSecure

JULY 6, 2022

Mikko Hypponen joins The Hacker Mind to discuss cybercrime unicorns, the fog of cyber war that surrounds the Ukrainian war with its much larger neighbor, and of course Mikko’s new book, If it’s Smart, it’s Vulnerable. It’s about challenging our expectations about the people who hack for a living.

Cybercrime 40

Cybercrime Government Ransomware Hacking 40