Tag: alphv
Q1 2024 Ransomware Attacks See 22% Drop – April 10th
Cyberint released a report that discloses the 22% drop in ransomware cases from Q4 2023 to Q1 2024, or from 1,309 down to 1,048 cases. The 'Q1 Ransomware Report' credits the decrease in ransomware attacks to a major uptick in law enforcement crackdowns on cyber criminal gangs, with notable major actions against LockBit and ALPHV.
BlackCat gives go-ahead for healthcare attacks
Following actions taken against the infamous BlackCat ransomware group in December by the US Federal Bureau of Investigation (FBI), the cybercriminal gang has warned it is taking off the gloves in its fight with law enforcement. BlackCat previously took pride in regularly announcing that it does not encourage or support affiliates who target crucial sectors such as healthcare. But this approach has changed radically since the end of 2023. “Since mid-December 2023, of the nearly 70 leaked victims, the healthcare sector has been the most commonly victimized. This is likely in response to the ALPHV Blackcat administrator’s post encouraging its affiliates to target hospitals after operational action against the group and its infrastructure in early December 2023,” said the FBI.
Ransomware payments top US$1 billion in 2023
Last year, ransomware payments topped US$1 billion for the first time. According to a report from blockchain analyst firm Chainalysis, in 2023 ransomware gangs reached “an unprecedented milestone” in extorted cryptocurrency payments. “This number does not capture the economic impact of productivity loss and repair costs associated with attacks. This is evident in cases like the ALPHV-BlackCat and Scattered Spider’s bold targeting of MGM resorts. While MGM did not pay the ransom, it estimates damages cost the business over US$100 million,” warns the report.
$80M in Crypto Stolen from Orbit Chain Cyberattack – January 3rd
Orbit Chain revealed to its users that as a result of a cyber attack, $84.5M worth of Ethereum and DAI (cryptocurrencies) were illicitly transferred to seven wallet addresses on the 1st of January. Orbit Chain is now coordinating with the Korean National Police Agency and the Korea Internet & Security Agency (KISA) to find the threat actors behind the cyber attacks, and to further protect its customers' crypto wallets.
Cyber-gangs to launch media offensive in 2024
Cybercrime, which has become a multi-trillion-dollar industry over recent decades, became increasingly sophisticated during 2023, with criminal groups now adopting many of the business practices used by legitimate enterprises. According to a new report from cybersecurity firm, Sophos, leading ransomware gangs now increasingly employ their own internal HR and PR departments. Far from shying away from the media, as criminals always have in the past, some ransomware gangs have been swift to seize the opportunities it affords them. Some regularly issue press releases and take great pains to forge relationships with individual journalists using the same PR methods as those employed by legitimate corporations. Threat actors also offer Frequently Asked Questions (FAQs) and answers for journalists visiting their leak sites, encouraging reporters to get in touch, give in-depth interviews, and recruit writers, reports Sophos.
Fraudulent LinkedIn Profiles Targeting Saudi Workers for Corporate Data Leaks – December 12th
Revealed in a presentation at last month's Black Hat Middle East and Africa conference, was a corporate information leak tactic targeting Saudi Arabian workers using fraudulent LinkedIn profiles. The LinkedIn attacks start with fraudulent accounts pretending to be Muslim women in their 20s who say they work in Southeast Asia. Once the connection is made, attempts to harvest sensitive corporate information through long, seemingly legitimate professional conversations ensue.
ALPHV/BlackCat Reports MeridianLink for Undisclosed Cyber Attack – November 16th
Ransomware gang, ALPHV/BlackCat has reported MeridianLink to the SEC, for not disclosing cyber attack. ALPHV/BlackCat informed the SEC that MeridianLink did not disclose details of the attack, which could potentially affect the data of the publicly traded company's thousands of financial organizations, banks, credit unions, and mortgage lenders. The lack of cyber compliance from MeridianLink breaks the SEC’s rule of disclosing cyber attacks within 4 days of the attack occurring to the agency.
Google’s Vulnerability Rewards Program (VRP) Expansion – October 27th
Google's Vulnerability Rewards Program (VRP), a program made to reward researchers who find system vulnerabilities, has been expanded for generative AI. Google explained the expansion of the VRP as a reaction to the risks brought by AI, and the magnified implications it has for traditional digital security.
Upbit announces 159k hack attempts in Q1 – October 9th
Crypto exchange server Upbit has announced it was targeted by hackers 159,000 times during the first quarter of this year. This is more than double the number of hacker attacks it experienced in the same period last year. The figures were released by Dunamu, the company that operates Upbit.
Weak cyber M&A activity shows significant slowdown – August 21st
Crunchbase News reported that “The first seven months of the year saw only 34 cyber startups get acquired,” compared to a high of 123 in 2021 and a significantly reduced 82 last year. Rising interest rates and geopolitical tensions that have already hit the tech sector hard are now clearly putting a damper on M&A activity in cyber.