IT Security Newsletter - 8/2/2024
$75 Million Record-Breaking Ransom Paid To Cybercriminals, Say Researchers
The staggering sum of US $75 million has reportedly been paid to a ransomware gang in what is believed to be the largest known ransom payment made by a cyber attack victim since records began. Researchers at Zscaler claim in a new report that the record-breaking figure was paid by an undisclosed Fortune 50 company to the Dark Angels ransomware group. The reported payment almost doubles the previous record - $40 million paid by insurance giant CNA Financial in 2021. READ MORE...
Who are the two major hackers Russia just received in a prisoner swap?
As part of today's blockbuster prisoner swap between the US and Russia, which freed the journalist Evan Gershkovich and several Russian opposition figures, Russia received in return a motley collection of serious criminals, including an assassin who had executed an enemy of the Russian state in the middle of Berlin. But the Russians also got two hackers, Vladislav Klyushin and Roman Seleznev, each of whom had been convicted of major financial crimes in the US. READ MORE...
Hackers abuse free TryCloudflare to deliver remote access malware
Researchers are warning of threat actors increasingly abusing the Cloudflare Tunnel service in malware campaigns that usually deliver remote access trojans (RATs). This cybercriminal activity was frst detected in February and it is leveraging the TryCloudflare free service to distribute multiple RATs, including AsyncRAT, GuLoader, VenomRAT, Remcos RAT, and Xworm. The Cloudflare Tunnel service allows proxying traffic through an encrypted tunnel to access local services and servers. READ MORE...
More Legal Records Stolen in 2023 Than Previous 5 Years Combined
2023 was the worst year on record for cybersecurity in the legal industry by some distance. Just one point of evidence: Since 2018, 2.9 million records have been stolen in association with publicly reported breaches of law firms. Some 1.56 million records were stolen last year alone, an increase of 615% as compared with the down year of 2022 (218,473 records). A new blog post from Comparitech paints a picture of an industry struggling to grapple with the ransomware problem. READ MORE...
New BlankBot Android Trojan Can Steal User Data
A new Android trojan provides attackers with a broad range of malicious capabilities, including command execution, Intel 471 reports. Dubbed BlankBot, the trojan was initially observed on July 24, but Intel 471 has identified samples dated at the end of June, almost all of which remain undetected by most antivirus software. The threat is posing as utility applications and appears to be targeting Turkish Android users now, but could soon be used in attacks against users in more countries. READ MORE...
Black Basta Develops Custom Malware in Wake of Qakbot Takedown
The enormously successful Black Basta ransomware group has pivoted to using new custom tools and initial access techniques as part of a shift in strategy in the wake of last year's takedown of the Qakbot botnet. The evolution of the group, which has compromised more than 500 victims and counting, demonstrates the resilience of threat groups who have had to shift tactics on the fly due to law enforcement and other disruptions, yet still somehow continue to flourish in their cybercriminal operations. READ MORE...
Security Bypass Vulnerability Found in Rockwell Automation Logix Controllers
Organizations using certain Logix programmable logic controllers (PLCs) made by Rockwell Automation have been informed about a high-severity security bypass vulnerability discovered by researchers at industrial cybersecurity firm Claroty. On August 1, Claroty published a blog post describing its findings, and Rockwell and the cybersecurity agency CISA published advisories for the flaw, which is tracked as CVE-2024-6242. READ MORE...
Sitting Ducks DNS attacks let hackers hijack over 35,000 domains
Threat actors have hijacked more than 35,000 registered domains in so-called Sitting Ducks attacks that allow claiming a domain without having access to the owner's account at the DNS provider or registrar. In a Sitting Ducks attack, cybercriminals exploit configuration shortcomings at the registrar level and insufficient ownership verification at DNS providers. Researchers discovered that there are more than a million domains that can be hijacked every day via the Sitting Ducks attacks. READ MORE...
- ...in 1776, the Declaration of Independence is signed by every member of the Continental Congress.
- ...in 1932, physicist Carl Anderson discovers the positron (the antimatter counterpart to the electron) while studying particles in cosmic rays.
- ...in 1939, physicists Albert Einstein and Leo Szilard send a historic letter to President Franklin D. Roosevelt, urging the U.S. to build an atomic weapon.
- ...in 2018, Apple Inc. becomes the first company to be valued at over $1 trillion USD.