HackDig : Dig high-quality web security articles

Ransomware review: July 2022

Malwarebytes Threat Intelligence builds a monthly picture of ransomware activity by monitoring the information published by ransomware gangs on their Dark Web leak sites. This information represents victims who were successfully attacked but opted not to pay a ransom. In July, LockBit maintained the place it has occupied all year as the most active ransom
Publish At:2022-08-04 20:01 | Read:383 | Comments:0 | Tags:Threat Intelligence 0mega BianLian BlackBasta Cheers conti h

Ransomware rolled through business defenses in Q2 2022

Ransomware has given security professionals a headache for the better part of a decade. Fast forward to 2022, and the headache has become a migraine—not just for IT teams but business owners, employees, and customers as well. Over the last three months, ransomware gangs have increased the pressure by multiplying in number and unleashing targeted attacks on v
Publish At:2022-07-13 20:00 | Read:450 | Comments:0 | Tags:Business black basta conti government lockbit ransomware

Ransomware review: June 2022

Malwarebytes Threat Intelligence builds a monthly picture of ransomware activity by monitoring the information published by ransomware gangs on their Dark Web leak sites. This information represents victims who were successfully attacked but opted not to pay a ransom. In June, LockBit was the most active ransomware, just as it has been all year. The month
Publish At:2022-07-01 20:00 | Read:901 | Comments:0 | Tags:Threat Intelligence ALPHV conti Karakurt lockbit ransomware

LockBit ransomware attack impacted production in a Mexican Foxconn plant

LockBit ransomware gang claimed responsibility for an attack against the electronics manufacturing giant Foxconn that impacted production in Mexico The electronics manufacturing giant Foxconn confirmed that its production plant in Tijuana (Mexico) has been impacted by a ransomware attack in late May. The LockBit ransomware gang claimed responsibility for
Publish At:2022-06-02 15:05 | Read:531 | Comments:0 | Tags:Breaking News Cyber Crime Data Breach Malware Cybercrime dat

FBI warns food and agriculture to brace for seasonal ransomware attacks

The Federal Bureau of Investigation (FBI) recently released a Private Industry Notification warning agriculture cooperatives (also known as “farmers’ co-ops”) of the looming danger of well-timed ransomware attacks. The agency warns that during the critical planting and harvesting seasons, attacks could result in the theft of proprietary inf
Publish At:2022-04-28 16:44 | Read:1882 | Comments:0 | Tags:Ransomware Vital infrastructure blackbyte BlackMatter conti

Ransomware gangs are recruiting breached individuals to persuade companies to pay up

You’ve heard about ransomware, where attackers lock up your files and demand a payment for the decryption key. You may also have heard about ransomware attackers not only locking up your files, but also threatening to release the stolen data in an attempt to get you to pay up. What you may not have heard about is a relatively new tactic that ransomw
Publish At:2022-01-27 08:50 | Read:2521 | Comments:0 | Tags:Ransomware cisa Dark Web exfiltrated data identity protectio

Who is the Network Access Broker ‘Wazawaka?’

In a great many ransomware attacks, the criminals who pillage the victim’s network are not the same crooks who gained the initial access to the victim organization. More commonly, the infected PC or stolen VPN credentials the gang used to break in were purchased from a cybercriminal middleman known as an initial access broker. This post examines some o
Publish At:2022-01-12 03:00 | Read:1857 | Comments:0 | Tags:Breadcrumbs Ne'er-Do-Well News Ransomware 902228 Abakan Abaz

Who Is the Network Access Broker ‘Babam’?

Rarely do cybercriminal gangs that deploy ransomware gain the initial access to the target themselves. More commonly, that access is purchased from a cybercriminal broker who specializes in acquiring remote access credentials — such as usernames and passwords needed to remotely connect to the target’s network. In this post we’ll look at the
Publish At:2021-12-03 18:21 | Read:4441 | Comments:0 | Tags:Breadcrumbs Ne'er-Do-Well News Ransomware Babam bo3dom bo3do

LockBit 2.0: Ransomware Attacks Surge After Successful Affiliate Recruitment

After a brief slowdown in activity from the LockBit ransomware gang following increased attention from law enforcement, LockBit is back with a new affiliate program, improved payloads and a change in infrastructure. According to IBM X-Force, a major spike in data leak activity on the gang’s new website indicates that their recruitment attempts have be
Publish At:2021-09-09 12:36 | Read:3814 | Comments:0 | Tags:Malware Security Services Threat Hunting Threat Intelligence

Patch now! Microsoft Exchange attacks target ProxyShell vulnerabilities

Last Saturday the Cybersecurity and Infrastructure Security Agency issued an urgent warning that threat actors are actively exploiting three Microsoft Exchange vulnerabilities—CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207. These vulnerabilities can be chained together to remotely execute arbitrary code on a vulnerable machine. This set of Exchange vu
Publish At:2021-08-23 11:12 | Read:4400 | Comments:0 | Tags:Exploits and vulnerabilities cisa cve-2021-31207 cve-2021-34

BlackMatter, a new ransomware group, claims link to DarkSide, REvil

There’s a new ransomware gang in town—and, frankly, we’re not at all surprised. After DarkSide disappeared—coincidentally, immediately after Colonial Pipeline gave in to the group’s ransom demand of roughly $5M USD worth in Bitcoin—a new ransomware group who calls themselves BlackMatter surfaced on the dark web, kicking off their operati
Publish At:2021-07-28 19:03 | Read:1248 | Comments:0 | Tags:Ransomware avaddon BlackMatter BlackMatter ransomware darksi

How ransomware gangs are connected, sharing resources and tactics

Many of us who read the news daily encounter a regular drum beat of ransomware stories that are both worrying and heartbreaking. And what many of us don’t realize is that they are often interconnected. Some of the gangs behind the ransomware campaigns that we read about have established a relationship among each other that can be described as “being in leagu
Publish At:2021-04-12 09:19 | Read:1734 | Comments:0 | Tags:Ransomware Analysis of the World's First Ransomware Car

A week in security (August 3 – 9)

Last week on Malwarebytes Labs, on our Lock and Code podcast, we talked about identity and access management technology. We also wrote about business email compromises to score big, discussed how the Data Accountability and Transparency Act of 2020 looks beyond consent, and we analyzed how the Inter skimming kit is used in homoglyph attacks. Other cyberse
Publish At:2020-08-10 15:06 | Read:2503 | Comments:0 | Tags:A week in security australian signals directorate bec chrome

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud