Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label KnownBe4. Show all posts
KnownBe4
AI Ransomware AI Threat Cyber Attacks Cyber Vulnerabilities CyberCrime Cybersecurity CyberThreat KnownBe4

Cybercrime Syndicate Escalates Global Threat Levels

 


During a time when global cybersecurity is experiencing rapid evolution, malicious actors are also employing new methods to accomplish their goals. As part of International Anti-Ransomware Day, leading cybersecurity company KnowBe4 is announcing a critical warning about a looming threat that could change the face of cyberattacks - agentic AI-powered ransomware. 

It has been predicted by KnowBe4, known for its comprehensive approach to human risk management, that a new wave of cyber threats dominated by autonomous artificial intelligence agents is just around the corner. This type of AI-enabled ransomware, referred to as the "agent AI ransomware," is designed to carry out every phase of the ransomware attack independently, with an increased degree of speed, precision, and adaptability. 

The agentic AI ransomware platform deploys intelligent bots capable of automating all aspects of an attack lifecycle, as opposed to traditional ransomware attacks, which typically follow a linear and often manual process. In addition to gaining access to systems, these bots have the capability of performing sophisticated environmental analyses, detecting vulnerabilities and then executing a series of escalating attacks, all in the hope that cybercriminals can maximise the financial gains they can make. 

Increasingly sophisticated and automated cyber attacks are not only allowing criminals to expand their reach and scale but are also shrinking the response window at the preemptive level for defenders to respond. This warning comes at a time when the demand for and payouts of ransomware have surged dramatically in recent years. 

A report released by the International Anti-Ransomware Day in 2024 highlights the alarming increase in ransom payments resulting from such attacks worldwide, which are increasingly affecting organisations around the world. During this year's International Anti-Ransomware Day, which is marked annually to raise awareness about the devastating effects of ransomware and promote cyber hygiene practices, enterprises as well as individuals are reminded to strengthen their cyber defences to prevent the spread of such infections. 

There is no denying that artificial intelligence remains a double-edged sword in cybersecurity, and it is imperative to take proactive measures, train employees, and use adaptive technologies to combat this danger. Recently, several of the country's most iconic retailers have been the victim of sophisticated ransomware campaigns carried out by a cybercriminal group known as DragonForce, which has been troubling in this respect. Several high-profile companies were reported to have been compromised, including Co-Op, Harrods, and Marks & Spencer — all of which had suffered serious data breaches involving the theft and encryption of sensitive customer data. 

Although the ransom demands haven't been disclosed yet, there are urgent concerns regarding the identity of this emerging threat actor and how they are executing these attacks. As a result of recent law enforcement operations that led to the arrests of five suspected members of the notorious cybercrime group known as Scattered Spider, researchers believe DragonForce is connected with Scattered Spider, which has been under increased scrutiny.

According to experts at Check Point Research, DragonForce is a ransomware cartel that began operating in late 2023 and is now referred to as a “ransomware cartel.” There has been speculation that the group's origins go back to Malaysian hacktivist collectives, but since then, the group has grown into an extremely organised cybercriminal organisation. As part of DragonForce's ransomware-as-a-service (Raas) business model, the company provides malicious tools to affiliates in exchange for a share of the ransom, usually around 20% of the ransom. 

By utilising this model, cybercriminals of all levels can create customised ransomware attacks, regardless of their technical skill level. Moreover, this group also facilitates the creation of data leak websites, which are used when attackers want to publicly disclose stolen information when victims don't want to pay their ransoms. As a result of offering an anonymised approach, operational flexibility, and a promise of a high level of financial return, DragonForce has evolved into one of the most effective ways to perpetrate digital extortion on a global scale. 

There is still a lot going on after the DragonForce ransomware attacks, with Co-op confirming that cybercriminals were able to access a considerable number of its members' personal data. While the company has previously maintained that the incident would only have a relatively minor effect on all aspects of its operations and that proactive cybersecurity measures are in place to guard against such threats, the scale and nature of the breach appear to be greater than initially expected. 

It is important to note that despite reassurances from Co-op that no customer data has been compromised, concerns remain elevated amid the attackers' claims that they have been able to obtain the personal information of up to 20 million people linked with its membership scheme, a figure that has been rejected by the company as inaccurate. There have been several claims by the threat actors behind this attack, operating under the alias DragonForce, for an ongoing attack on Marks & Spencer as well as an attempted intrusion into Harrods' systems. 

One of the striking revelations the hackers made was when they shared screenshots with the media outlet. This screenshot shows them contacting the COOP's head of cybersecurity via an internal communication platform on April 25, suggesting an alarming level of access and coordination that hasn't been reported before. It has been widely reported that senior government officials have urged businesses to make cybersecurity a top priority in response to the wave of attacks on major retailers. 

A major emphasis of Minister Pat McFadden's speech was that digital resilience was of paramount importance, stating that the complexity and frequency of such threats require constant vigilance across both the public and private sectors to protect against them. According to cybersecurity experts, organisations should strengthen their digital defences in light of recent attacks attributed to DragonForce and its suspected affiliate Scattered Spider.

In a recent announcement, Google's Mandiant cyber intelligence division has issued a series of strategic recommendations aimed at helping companies that are at risk of intrusions to mitigate those risks. As part of the recommendations, Mandiant highlights enhanced training for helpdesk personnel, often exploited through social engineering tactics as entry points for threat actors. 

Mandiant emphasizes also the necessity of implementing strong, multi-factor authentication protocols and maintaining comprehensive visibility across all IT environments, and underscores the importance of implementing strong, multi-factor authentication protocols. It notes that these measures are essential for identifying and neutralising threats before they grow into a full-scale ransomware attack, as the firm notes.

As cybercriminals are becoming increasingly sophisticated and persistent in exploiting human and technological vulnerabilities to breach even the most secure organisations, this guidance reflects growing concerns about cybercrime. Several facts have emerged regarding the Co-op data breach, and as these facts become more and more apparent, the severity of the cyberattack orchestrated by DragonForce has become increasingly evident as time goes by. 

Several members of Co-op’s executive committee are alleged to have been contacted by the hackers to escalate their extortion efforts. According to the hackers, they obtained sensitive information from internal systems of the Co-op. Several materials were reportedly accessed by the company, including internal communications, employee login credentials, and a sample database containing personal information such as names, address information, e-mail addresses, telephone numbers, and membership card numbers of 10,000 customers. 

It has since been confirmed that member information had been compromised by the company, but the company made it clear that passwords, financial information, and transaction details had not been compromised. In response to this, Co-op has taken more serious security measures. To prevent further unauthorised access, the organisation has instructed staff to keep cameras on during virtual meetings, to restrict recording and transcription, and to verify participants' identities. 

It seems that these protocols are a direct response to the attackers taking advantage of the internal collaboration tools of the company. It has several supermarkets is over 2,500, it has 800 funeral homes, an insurance company, as well as approximately 70,000 employees nationwide, so it is under tremendous pressure to rebuild trust and strengthen its digital defences. A well-known ransomware group operating under a ransomware-as-a-service (Raas) model, DragonForce, is still unable to share information on the plans it has for the stolen data if its is are not met with its demands. 

There is no clear indication of their affiliations, but their tactics closely match those of a loosely coordinated hacker group known as Scattered Spider or Octo Tempest. This group has young members, English-speaking actors who communicate through platforms such as Telegram and Discord. As an unusual twist in this attack, the individuals behind it have adopted aliases reminiscent of the characters from the American crime series Blacklist, stating ominously that they will be placing UK retailers on the Blacklist. 

It is important to note that even though the group declined to comment on the impact of their actions or how they were attacking other retailers such as Marks & Spencer and Harrods, their silence only furthers the uncertainty surrounding their motives. According to a statement issued by Co-op, the company will now be collaborating with the National Cyber Security Centre (NCSC) and the National Crime Agency (NCA) to resolve the situation. 

In light of the continuing increase in the threat of ransomware, this incident serves as a stark reminder that all organisations, especially those dealing with sensitive consumer data, must prioritise cybersecurity as part of their operational strategy. In the aftermath of the DragonForce cyberattack, organisations need to consider cybersecurity as a core business priority rather than a technical afterthought, as it underscores the importance of doing so. 

The threat of ransomware has become more advanced and accessible, which calls for companies to adopt a proactive approach - integrating cybersecurity into strategic plans, training employees, and implementing adaptive, layered defence techniques. For data protection standards to be strengthened and breach reporting to be more transparent, regulatory bodies must also be pushed by lawmakers to strengthen data protection standards. 

A world where data is increasingly digitised makes securing and maintaining trust even more imperative; it is a prerequisite for operating continuity and long-term credibility in an increasingly digital environment.
Read more »
Subscribe to: Posts (Atom)