SecureList

JUNE 26, 2023

In this report, we have analyzed the key threats to small and medium-sized companies in 2022 and 2023, and provided advice on how to stay safe. Malware attacks Between January 1 and May 18, 2023, 2,392 SMB employees encountered malware or unwanted software disguised as business applications, with 2,478 unique files distributed this way.

Cybercrime 123

Cybercrime Phishing Banking Malware 123

Security Affairs

DECEMBER 17, 2024

In March 2023, Lumen Black Lotus Labs researchers uncovered a sophisticated campaign called HiatusRAT that infected over 100 edge networking devices globally. Starting in mid-June through August 2023, Black Lotus Labs observed multiple newly compiled versions of the HiatusRAT malware discovered in the wild.

Architecture 109

Architecture Internet Internet Malware 109

Security Affairs

MAY 24, 2025

“While SRG has historically victimized companies in many sectors, starting Spring 2023, the group has consistently targeted US-based law firms, likely due to the highly sensitive nature of legal industry data.” ” reads the alert issued by the FBI.

Social Engineering 114

Social Engineering Antivirus Phishing Engineering 114

SecureWorld News

NOVEMBER 14, 2024

Compared to 2023, healthcare providers are facing a higher frequency of ransomware incidents, impacting their ability to deliver essential services and protect sensitive patient data. As of the first three quarters of 2024, there were already 264 ransomware incidents affecting healthcare providers—nearly matching all of 2023's figures.

Healthcare 119

Healthcare Ransomware Identity Theft Data breaches 119

Malwarebytes

DECEMBER 2, 2024

In 2023, ThreatDown discovered that, unlike other ransomware gangs that demanded up to $1 million or more from each victim , Phobos operators demanded an average of $1,719 from victims, with a median demand of just $300. Create offsite, offline backups. Keep backups offsite and offline, beyond the reach of attackers.

Ransomware 126

Ransomware Backups Small Business Malware 126

Security Affairs

AUGUST 20, 2024

Toyota has confirmed a data breach after a threat actor leaked 240GB of data stolen from its infrastructure on a cybercrime forum. Toyota disclosed a data breach after a threat actor leaked an archive of 240GB of data stolen from its systems on a cybercrime forum, BleepingComputer reported.

Data breaches 120

Data breaches Cybercrime Financial Services Hacking 120

Krebs on Security

SEPTEMBER 30, 2023

According to a September 20, 2023 joint advisory from the FBI and the U.S. ” New York City-based cyber intelligence firm Flashpoint said the Snatch ransomware group was created in 2018, based on Truniger’s recruitment both on Russian language cybercrime forums and public Russian programming boards.

Ransomware 294

Ransomware Accountability Cybercrime Backups 294

Security Affairs

JUNE 16, 2023

An updated version of the Android remote access trojan GravityRAT can steal WhatsApp backup files and can delete files ESET researchers discovered an updated version of Android GravityRAT spyware that steals WhatsApp backup files and can delete files. The malware is distributed as the messaging apps BingeChat and Chatico.

Backups 98

Backups Spyware Malware Accountability 98

Malwarebytes

FEBRUARY 14, 2024

In 2023, the CL0P ransomware gang broke the scalability barrier and shook the security world with a series of short, automated campaigns, hitting hundreds of unsuspecting targets simultaneously with attacks based on zero-day exploits. There were about 4,500 known ransomware attacks in 2023, although the true figure is probably twice that.

Ransomware 97

Ransomware Cybercrime Backups Malware 97

Security Affairs

FEBRUARY 11, 2025

Source Nation Thailand The gang compromised at least 17 Swiss companies using the Phobos ransomware between April 2023 and October 2024. In November 2023, Cisco Talos researchers observed 8Base ransomware operators using a new variant of the Phobos ransomware. Disable system recovery, backup and shadow copies and the Windows firewall.

Ransomware 73

Ransomware Encryption Backups Malware 73

Security Affairs

JANUARY 13, 2024

The Finish National Cybersecurity Center (NCSC-FI) warns of increased Akira ransomware attacks targeting NAS and tape backup devices of organizations in the country. Threat actors are wiping NAS and backup devices. They also explained that organizations can protect against the destruction of backups taking offline backups.

Ransomware 137

Ransomware Backups VPN Authentication 137

Security Affairs

JANUARY 13, 2024

The Finish National Cybersecurity Center (NCSC-FI) warns of increased Akira ransomware attacks targeting NAS and tape backup devices of organizations in the country. Threat actors are wiping NAS and backup devices. They also explained that organizations can protect against the destruction of backups taking offline backups.

Ransomware 124

Ransomware Backups VPN Authentication 124

Krebs on Security

JANUARY 8, 2024

In 2020, the United States brought charges against four men accused of building a bulletproof hosting empire that once dominated the Russian cybercrime industry and supported multiple organized cybercrime groups. From January 2005 to April 2013, there were two primary administrators of the cybercrime forum Spamdot (a.k.a

Cybercrime 283

Cybercrime Banking Computers and Electronics DDOS 283

Thales Cloud Protection & Licensing

OCTOBER 11, 2023

Protect Your Organization from Cybercrime-as-a-Service Attacks madhav Thu, 10/12/2023 - 04:53 In years gone by, only large enterprises needed to be concerned with cybercrime. However, Cybercrime-as-a-Service (CaaS) offerings have essentially democratized cybercrime. What is Cybercrime-as-a-Service?

Cybercrime 77

Cybercrime Encryption DDOS Backups 77

Javvad Malik

JULY 5, 2024

Oliver’s story brings into sharp focus the real-world consequences of cybercrime – the stress, the uncertainty, and the potential health complications that can arise from delayed medical procedures. IBM’s 2023 Cost of a Data Breach Report showed the global average cost of a data breach reached $4.45

Healthcare 208

Healthcare Data breaches Cybercrime Cybersecurity 208

Security Affairs

NOVEMBER 8, 2023

As of July 2023, the FBI observed ransomware operators exploiting vulnerabilities in vendor-controlled remote access to casino servers, and companies that were compromised through legitimate system management tools to elevate network permissions. . ” reported the PIN.

Ransomware 139

Ransomware Backups Encryption Phishing 139

Malwarebytes

SEPTEMBER 19, 2023

In March of 2023, we reported how the German Regional Police and the Ukrainian National Police, with support from Europol, the Dutch Police, and the United States Federal Bureau of Investigations (FBI), apprehended two suspects and seized computer equipment. Create offsite, offline backups. Don’t get attacked twice.

Ransomware 139

Ransomware Backups Cryptocurrency Cybercrime 139

Security Affairs

MAY 12, 2024

In December 2023, Elliptic and Corvus Insurance published a joint research that revealed the group accumulated at least $107 million in Bitcoin ransom payments since early 2022. It has been used to attack more than 329 organizations globally and has grown to become the fourth-most active strain of ransomware by number of victims in 2022-2023.”

Ransomware 143

Ransomware Hacking Healthcare Cybercrime 143

Malwarebytes

MAY 1, 2025

In 2023, famous YouTube tech personality Linus Sebastian suffered a hack of three different YouTube channels associated with his company, Linus Media Group. Create offsite, offline backups. Keep backups offsite and offline, beyond the reach of attackers. How to protect your business: Block common forms of entry.

Small Business 90

Small Business Cybersecurity Scams Passwords 90

Krebs on Security

DECEMBER 29, 2022

I will also continue to post on LinkedIn about new stories in 2023. Here’s a look at some of the more notable cybercrime stories from the past year, as covered by KrebsOnSecurity and elsewhere. 24, Russia invades Ukraine, and fault lines quickly begin to appear in the cybercrime underground.

Cryptocurrency 309

Cryptocurrency Cybercrime Computers and Electronics Scams 309

Security Affairs

FEBRUARY 15, 2025

CISA adds Microsoft Windows, Zyxel device flaws to its Known Exploited Vulnerabilities catalog Microsoft Patch Tuesday security updates for February 2025 ficed 2 actively exploited bugs Hacking Attackers exploit a new zero-day to hijack Fortinet firewalls Security OpenSSL patched high-severity flaw CVE-2024-12797 Progress Software fixed multiple high-severity (..)

Spyware 71

Spyware Firewall Artificial Intelligence Malware 71

SecureWorld News

JANUARY 19, 2023

The exclusive webcast covers: • What's happening in the ransomware realm right now • Three tips from the cybercriminals themselves • Conti cybercrime group insights Register to view the webcast on-demand at your convenience and earn 1 CPE credit in the process. It will be available for viewing through August 2023.

Hacking 109

Hacking Backups Ransomware Retail 109

Security Affairs

SEPTEMBER 1, 2023

The Key Group ransomware gang has been active since at least January 2023. EclecticIQ researchers reported that since June 29, 2023, the ransomware group is likely using the NjRAT RAT to remotely access victim devices. EclecticIQ researchers believe that the financially-motivated gang is primarily Russian speaking.

Ransomware 131

Ransomware Encryption Backups Malware 131

Webroot

JUNE 17, 2025

Research shows that the travel and tourism sector ranked third in cyberattacks, with nearly 31% of hospitality organizations experiencing a data breach and a record 340 million people affected by cybercrimes. Fraud rates in sectors associated with the early stages of trip planning increased more than 12% between 2023 and 2024.

VPN 82

VPN Scams Computers and Electronics Phishing 82

Security Affairs

NOVEMBER 13, 2023

The gang claims to have stolen a huge amount of sensitive data from the company and threatens to publish it if Boeing does not contact them within the initial deadline (02 Nov, 2023 13:25:39 UTC, later postponed to 10 Nov, 2023). The attack targeted elements of the parts and distribution business run by its global services division.

Ransomware 138

Ransomware Authentication Backups Manufacturing 138

Security Affairs

JUNE 17, 2023

Margaret’s Health is the first hospital to cite a cyberattack as a reason for its closure A database containing data of +8.9 Margaret’s Health is the first hospital to cite a cyberattack as a reason for its closure A database containing data of +8.9

Data breaches 98

Data breaches DDOS Backups Firewall 98

SecureWorld News

FEBRUARY 28, 2024

By co-opting the ransomware group's own communication channels, police aimed to sow doubts in the cybercrime community reliant on LockBit's tools and services. However, it claimed critical systems like ransom payment tracking remained unaffected due to backups. Nonetheless.

Cybercrime 109

Cybercrime Ransomware Backups Encryption 109

Security Affairs

NOVEMBER 19, 2023

The experts observed a massive spike in activity associated with this threat actor between May and June 2023. Security experts attributed 67 attacks to the group in May 2023, most of the victims are in the U.S. Disable system recovery, backup and shadow copies and the Windows firewall. and Brazil.

Ransomware 142

Ransomware Encryption Backups Manufacturing 142

Security Affairs

MAY 9, 2024

Researchers from Juniper Threat Labs reported that threat actors are exploiting recently disclosed Ivanti Connect Secure (ICS) vulnerabilities CVE-2023-46805 and CVE-2024-21887 to drop the payload of the Mirai botnet. The flaw CVE-2023-46805 (CVSS score 8.2) x and Ivanti Policy Secure. “If reads the advisory published by Ivanti.

Authentication 136

Authentication Backups Cyber threats Malware 136

Security Affairs

MARCH 12, 2023

This week a threat actor, who goes online with the moniker “kernelware”, claimed the theft of data from technology firm Acronis and started leaking it on the cybercrime forum Breached Forums. The CISO of Acronis downplayed a recent intrusion, revealing that only one customer was impacted. Updates to follow as needed.

Accountability 98

Accountability Backups Cybercrime CISO 98

SecureList

MAY 8, 2024

Ransomware landscape: rise in targeted groups and attacks Kaspersky collected data on targeted ransomware groups and their attacks from multiple relevant public sources, for the years 2022 and 2023, filtered and validated it. In the graph below, you can see the ransomware families that were most active in 2023.

Ransomware 129

Ransomware Encryption Small Business Cybersecurity 129

Security Affairs

MARCH 26, 2023

If you want to also receive for free the newsletter with the international press subscribe here.

Data breaches 98

Data breaches DDOS Backups Ransomware 98

Security Affairs

MARCH 13, 2025

Notably, they target CVE-2024-1709 (ScreenConnect authentication bypass) and CVE-2023-48788 (Fortinet EMS SQL injection) to infiltrate systems. Encryption is executed using gaze.exe , which disables security tools, deletes backups, and encrypts files with AES-256 before dropping a ransom note.

Ransomware 71

Ransomware Encryption Cryptocurrency Insurance 71

Thales Cloud Protection & Licensing

NOVEMBER 13, 2023

Defending Financial Services Against Fraud in a Shifting Cyber Landscape sparsh Tue, 11/14/2023 - 05:05 As we approach International Fraud Awareness Week during 12-18 November 2023, taking stock of the evolving threat landscape and the vulnerabilities that financial services organizations face is crucial. billion annually.

Financial Services 104

Financial Services Encryption Cybercrime Threat Reports 104

Webroot

OCTOBER 4, 2024

So how do we protect ourselves from this type of cybercrime? Backup your devices regularly using solutions like Carbonite. Last year, there were a record number of ransomware attacks impacting consumer data at high-profile organizations such as Bank of America , Rite Aid , and MGM Resorts. Use multi-factor authentication.

Malware 115

Malware Backups Adware Ransomware 115

Security Affairs

JANUARY 24, 2024

Threat actors are wiping NAS and backup devices. Akira ransomware infections were first reported in Finland in June 2023, however, in December the number of attacks increased. The ransomware attack reported in late 2023, targeted organizations’ networks using poorly secured VPN gateway on Cisco ASA or FTD devices.

Ransomware 139

Ransomware VPN Government Retail 139

Malwarebytes

MARCH 3, 2023

The attack began on February 14, 2023, and required Pierce Transit to implement temporary workarounds, to maintain the service of the transit system which transports around 18,000 people every day. Ransomware-as-a-service is the most lucrative and dangerous form of cybercrime. Create offsite, offline backups.

Ransomware 96

Ransomware Backups Cybercrime Malware 96