In an act of exquisite trolling, the UK's National Crime Agency (NCA) has announced further details about its disruption of the LockBit ransomware group by using the group's own dark web website. Since the demise of Conti in 2022, LockBit has been unchallenged as the most prolific ransomware group in the world. In the last 12 months it has racked up more than two and half times as many known attacks as its closest rival. READ MORE...
A Ukrainian national was extradited to the United States from the Netherlands after being indicted for crimes related to fraud, money laundering, and aggravated identity theft. According to court documents, Mark Sokolovsky conspired to operate the Raccoon Infostealer as a malware-as-a-service or "MaaS." Individuals who deployed Raccoon Infostealer to steal data from victims leased access to the malware for approximately $200 per month, paid for by cryptocurrency. READ MORE...
Redis servers are being targeted with new malware that deploys a user mode rootkit and cryptocurrency miners, cloud forensics and incident response firm Cado reports. As part of the observed attacks, threat actors execute a series of commands on the victim Redis servers to disable configuration options and weaken the target before deploying the malicious payload. The primary payload in these attacks is a piece of malware dubbed 'Migo', which is written in the Golang programming language. READ MORE...
When it comes to ransomware attacks, median initial ransom demands for 2023 spiked 20% year-over-year to reach $600,000, with some sectors hit much worse than that: The legal, government, retail, and energy industries are now routinely seeing median demands of $1 million or more. That's according to Arctic Wolf, whose annual cybercrime report out this week shows that manufacturing-vertical victims showed up in 708 posts on various leak sites, making it the most represented industry. READ MORE...
The alleged source code for the third iteration of the Knight ransomware is being offered for sale to a single buyer on a hacker forum by a representative of the operation. Knight ransomware launched at the end of July 2023 as a re-brand of the Cyclops operation, targeting Windows, macOS, and Linux/ESXi systems. It gained some traction because it provided info-stealers and a 'lite' version of its encryptor for lower-tier affiliates that attacked smaller organizations. READ MORE...
In an age where digital warfare and cyber espionage have become commonplace, institutions such as libraries and museums are locked in an asymmetrical battle against well-resourced adversaries. The massive ransomware attack on the British Library last October should be ringing alarm bells for knowledge repositories around the world. The Rhysida ransomware group is believed to be behind the attack, where attackers stole user data and employee information. READ MORE...
Nearly every organization has core systems services tied to Active Directory that will go down during an outage, according to Cayosoft. The impact of just one system being down can devastate business operations and cause significant financial and operational losses, from preventing customer purchases and supplier communications to disrupting core functions, such as email access and device logins. READ MORE...
The White House announced on Wednesday that the Biden-Harris administration is issuing an executive order to boost the cybersecurity of US ports, highlighting the risks posed by the use of cranes made by China. Ports, vessels, shipping companies, and other entities in the maritime sector are regularly impacted by cyber incidents, as shown by the maritime cyberattack database launched last year by a Dutch University. READ MORE...
VMware urged admins today to remove a discontinued authentication plugin exposed to authentication relay and session hijack attacks in Windows domain environments via two security vulnerabilities left unpatched. The vulnerable VMware Enhanced Authentication Plug-in (EAP) enables seamless login to vSphere's management interfaces via integrated Windows Authentication and Windows-based smart card functionality on Windows client systems. READ MORE...
The Monetary Authority of Singapore (MAS) advised on Monday that financial institutions need to stay agile enough to adopt post-quantum cryptography (PQC) and quantum key distribution (QKD) technology, without significantly impacting systems as part of cyber security measures. "Leading experts forecast that cyber security risks associated with quantum will materialize in the coming decade," reasoned [PDF] the MAS. READ MORE...