Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label NCC Group. Show all posts
Supply Chain Attack
Cyber Security Hackers Healthcare Hack Multi-Factor Authentication (MFA) NCC Group Ransomware Attacks. Software Sophos Supply Chain Attack

Ransomware's Alarming Surge and Active Adversaries


Ransomware attacks have increased dramatically recently, worrying the cybersecurity community and heralding a new era of cyber threats. The convergence of sophisticated tactics used by hostile actors, as described in numerous reports, highlights the necessity of increased attention and proactive protection tactics.

According to reports, ransomware attacks have increased to previously unheard-of levels, and threat actors are continually modifying their strategies to find weak points. Targets increasingly include crucial infrastructure, the healthcare industry, and even political entities, going beyond traditional industries. Additionally, the demands of the attackers have grown exponentially, with multi-million dollar ransoms becoming distressingly regular.

The Sophos research on an active adversary targeting IT executives provides a window into the daring methods used by cybercriminals. The intricacy of contemporary cyber threats is being demonstrated by this adversary's capacity to influence supply chains and sneak inside businesses. These threats are now part of a larger, well-planned campaign rather than separate instances.

The cyber threat intelligence reports by NCC Group offer priceless insights into the changing strategies used by ransomware operators. These papers emphasize the evolving nature of cyber threats and the necessity for enterprises to stay on top of the situation. Organizations may efficiently enhance their defenses thanks to the comprehensive studies of threat vectors, malware families, and mitigation techniques.

The effects of a successful ransomware assault go beyond monetary losses because of how linked the digital world is becoming. The loss of vital services, the compromising of private information, and the deterioration of public confidence are just a few of the serious repercussions. Organizations need to take a multifaceted strategy for cybersecurity to combat this.

Organizations must first make significant investments in solid security measures, such as frequent software updates, vulnerability analyses, and personnel training. Systems for proactive monitoring and threat detection are essential given the constantly changing strategies used by hackers. Additionally, by keeping offline backups, you may prevent giving in to ransom demands and ensure that data recovery is still possible even during an attack.

Collaboration within the cybersecurity community is equally vital. Sharing threat intelligence and best practices helps fortify collective defenses and pre-empt emerging threats. Government bodies, private enterprises, and security researchers must collaborate to create a united front against cyber threats.
Read more »
Ransomware Gang
Clop Ransomware Clop Ransomware Gang Cyber Attacks MOVEit NCC Group Ransomware Gang

MOVEit Attacks Makes Clop the Most-active Ransomware Threat Actor This Summer


According to numerous threat intelligence reports, this July, Clop had been the reason for about one-third, executing financially-motivated, placing the financially driven threat actor to emerge as the most active ransomware threat actor this summer.

The ransomware gang’s mass exploit of a zero-day vulnerability in the MOVEit file transfer service has now made it to the top of the ransomware threat actor hierarchy.

Emsisoft and KonBriefing Research traceked Clop’s activities, noting that till now, the threat actor has compromised more than 730 organizations in the course of its campaign.

In July, Clop had been responsible for 171 out of the 502 ransomware attacks reported by NCC Group, the firm confirmed. NCC Group added, Clop's actions are most likely to blame for a 16% overall rise in ransomware assaults from the preceding month. NCC and Flashpoint further noted that clop was the threat actor behind for at least twice as many attacks as Lockbit, its next-closest rival, in illegal ransomware activity in July.

“Many organizations are still contending with the impact of Clop’s MOVEit attack, which goes to show just how far-reaching and long-lasting ransomware attacks can be — no organization or individual is safe[…]This campaign is particularly significant given that Clop has been able to extort hundreds of organizations by compromising one environment,” Hull said. “Not only do you need to be vigilant in protecting your own environment, but you must also pay close attention to the security protocols of the organizations you work with as part of your supply chain,” Matt Hull, global head of threat intelligence at NCC Group, said in a statement.

These instances eventually indicate that the impact of Clop's attacks against companies in highly sensitive and regulated industries is enormous, as is the possible exposure. It is still not clear as of how many victims are actually downstream. 

Some other instances of Clop’s threat activities include Colorado State University, which was hit six times, in six different ways. Also, the ransomware’s target include three of the big four accounting firms – Deloitte, Ernst & Young and PwC – consequently putting their sensitive customer data in high risk.  

Read more »
State Sponsored Hackers
Artifical Inteligence Conti Ransomware Cyber Security LockBit 2.0 ransomware NCC Group Ransomware Attacks. State Sponsored Hackers

Ransomware Threats in 2023: Increasing and Evolving

Cybersecurity threats are increasing every year, and 2023 is no exception. In February 2023, there was a surge in ransomware attacks, with NCC Group reporting a 67% increase in such attacks compared to January. The attacks targeted businesses of all sizes and industries, emphasizing the need for organizations to invest in robust cybersecurity measures.

The majority of these attacks were carried out by the Conti and LockBit 2.0 groups, with the emergence of new tactics such as social engineering and fileless malware to evade traditional security measures. This emphasizes the need for organizations to address persistent social engineering vulnerabilities through employee training and education.

A proactive approach to cybersecurity is vital for organizations, with the need for leaders to prioritize and invest in robust incident response plans. It's essential to have a culture of security where employees are trained to recognize and report suspicious activity.

According to a Security Intelligence article, the increasing frequency of global cyber attacks is due to several reasons, including the rise of state-sponsored attacks, the increasing use of AI and machine learning by hackers, and the growing threat of ransomware.

The threat of ransomware attacks is expected to continue in 2023, and companies need to have a strategy in place to mitigate the risk. It includes implementing robust security measures, training employees to identify and avoid social engineering tactics, and regularly backing up critical data. As cybersecurity expert Steve Durbin suggests, "Ransomware is not going away anytime soon, and companies need to have a strategy in place to mitigate the risk."

To safeguard themselves against the risk of ransomware attacks, organizations must be proactive. Companies need to focus and invest in strong incident response plans, employee education and training, and regular data backups in light of the rise in assaults. By adopting these actions, businesses can lessen the effects of ransomware attacks and safeguard their most important assets.


Read more »
RaaS
Bug Bounty Conti Crypto Currency LockBit 2.0 ransomware malware NCC Group RaaS

LockBit 3.0: Launch of Ransomware Bug Bounty Program

 

The "LockBit 3.0" ransomware update from the LockBit ransomware organization features the first spyware bug bounty program, new extortion methods, and Zcash cryptocurrency payment choices. After two months of beta testing, the notorious gang's ransomware-as-a-service (RaaS) operation, which has been operational since 2019, recently underwent an alteration. It appears that hackers have already employed LockBit 3.0.

Bug bounty plan for LockBit 3.0 

With the launch of LockBit 3.0, the organization launched the first bug bounty program provided by a ransomware gang, which asks security researchers to disclose bugs in exchange for incentives that can go as high as $1 million. In addition to providing bounties for vulnerabilities, LockBit also pays rewards for "great ideas" to enhance the ransomware activity and for doxing the operator of the affiliate program, identified as LockBitSupp, which had previously posted a bounty plan in April on the XSS hacking site.

"We open our bug bounty program to any security researchers, ethical and unethical hackers worldwide. The compensation ranges from $1,000 to $1,000,000," reads the page for the LockBit 3.0 bug reward. The notion of initiating the criminal operation would be against the law in many nations, however, makes this bug reward scheme a little different from those frequently utilized by respectable businesses.

LeMagIT claims that version 3.0 of LockBit includes several other improvements, such as new methods for data recovery and monetization, as well as the option for victims to choose to have their data destroyed, and the ability for victims to make payments using the Zcash cryptocurrency in addition to Bitcoin and Monero. 

LockBit is producing outcomes. In May, LockBit 2.0 succeeded Conti as the leading provider of ransomware as a service. The gang's previous ransomware, LockBit 2.0, was to be blamed for 40% of the attacks that NCC Group observed in the preceding month. Moreover, according to Matt Hull, worldwide lead for strategic threat intelligence at NCC, The most prolific threat actor of 2022 is Lockbit 2.0,  In times like these, it's imperative that businesses become familiar with their strategies, methods, and processes.

It is unclear how this new extortion technique will operate or even whether it is activated because the LockBit 3.0 data leak site currently does not have any victims. With its public-facing manager actively interacting with other malicious actors and the cybersecurity community, LockBit is one of the most prolific ransomware campaigns.
Read more »
NCC Group
airline industry Chimera Cyber Attacks Fox-IT NCC Group

Chinese Threat Group Chimera Attacks Airline Industry

 

For the last few years, a Chinese threat group under the name Chimera has been targeting the airline industry with the intention of amassing passenger data, and later to monitor their movement and track the persons, selectively. However, the operations of Chimera have been under the radar of the cybersecurity organizations for a while and experts suspect the threat actors behind Chimera to be working in alignment with the interests of the Chinese state. The Cyber Security Organization CyCraft first described the actions of the group in a paper written and presented at the Black Hat Conference in 2020. Chimera has also been suspected to coordinate attacks against the Taiwanese superconductor industry as mentioned in the paper written report. 

In a recent study released last week by the NCC Group and its affiliate Fox-IT, the two companies said that the intrusions of the group were larger than what was originally believed- even targeting the airline sector besides the superconductor industry. This spanning was not limited to Asia but was done for assorted geographical areas as well. They also cited that in several cases, actors had been cloaking within networks for more than three years before they were identified. 

The attack on the superconductor industry of Taiwan was targeted at stealing intellectual property, although the target was different in the case of the airline industry. The companies further alleged that the actors wanted to gather Passenger Name Record (PNR) for which they were targeting the victims. With further investigation, the companies observed that the assorted custom DLL files were continuously used to extract PNR information from the memory structures where the main data is generally stored. 

"NCC Group and Fox-IT observed this threat actor during various incident response engagements performed between October 2019 until April 2020," added the two companies. 

The report provided by NCC and its affiliate Fox-IT states the modus operandi of the actors whose first step is to collect data like the user login credentials which would be leaked in the public domain or the dark web after the data breach has occurred at other companies. This collected data is later used by the actors for ‘credential stuffing’ and ‘password spraying’ attacks against the target’s personnel accounts, as the email account.
Read more »
NCC Group
chimer Cyber Attacks Fox-IT Google Microsoft NCC Group

Technology and Software Giants, Microsoft and Google face Threat by Chimer Gang Attack

 


The world's biggest technology and software giants, namely Microsoft, and Google are being threatened by a new group of cybercriminals who are targeting their cloud services. Working in coordination with their Chinese interests, the threat actors are attacking a wide range of organizations with the intent of exfiltrating data. 

The security researcher, NCC Group and Fox-IT, taking account of this incident said that these attackers have a “wide set of interest” and their target data ranges from the intellectual property belonging to the victims in the semiconductor Industry to the commuter data from the airways industry. 

The actors that are targeting these giants are referred to as Chimer by CyCraft. This group named Chimera is not new for the cyber industry, instead, they have been engaged in such incidents from the year 2019 till the year 2020. However, on every such occasion, they have managed to escape the situation without garnering much attention. “Our threat intelligence analysts noticed a clear overlap between the various cases in infrastructure and capabilities, and as a result we assess with moderate confidence that one group was carrying out the intrusions across multiple victims operating in Chinese interests”, added the team of researchers.

The team of researchers briefly explained the scheme of attackers while targeting such organizations. These actors commence their threat process by accessing the username and passwords from the victim’s previous data breaches. They then use the credentials of the victims in credential stuffing or password spray attacks against assorted remote services. Moving ahead, as they obtain the valid accounts of the victims, they use it to access the victim’s VPN, Citrix, or any other remote service with this network access. After entering their network, the actors try to accept all the permissions and get the list of other accounts with the admin privileges. Now they target other accounts from the list and then try their password spraying attack on these accounts. They do this until any other account is compromised by their attack. Lastly, they use this account to load a Cobalt Strike beacon into the memory which later can be used for remote access and command and control (C2). 

Following the incident, the security researchers affirmed that they have contained and eradicated the threat from their clients’ network. They further added that “NCC Group and Fox-IT aim to provide the wider community with information and intelligence that can be used to hunt for this threat in historic data and improve detections for intrusions by this intrusion set”.
Read more »
Subscribe to: Posts (Atom)