November 30, 2025
Dark Light
Search

Blog Post

Cyber Intelligence > blackcat
Tony Glover
cybercrime News ransomware Russia
0
49

Teenage hackers run rings around cyber-defenses

The recent UK retail cyberattacks that impacted Marks & Spencer and the Co-Op supermarket chain are only the tip of a very large iceberg that now threatens organizations on both sides of the Atlantic.

Although media reports have attributed the attacks to a group named “Scattered Spider,” the actual threat is far bigger. For a start, there is no criminal group that actually calls itself “Scattered Spider”, which is just a made-up name attributed by cybersecurity researchers. These attacks and many others in the US and the UK are now known to be the work of a vast sprawling network of hackers, some as young as 14, spread across the US and the UK. They call themselves “the Community”, or “the Com” for short, and are essentially a vast teenage subculture of criminal hackers.

Read More
Tony Glover
Analysis Healthcare Latest News
0
16

US Healthcare companies on high cyber-alert

While the assassination of health insurance CEO Brian Thompson on the streets of central New York last week has been grabbing headlines this month, life-endangering cyber-attacks on the US healthcare industry are escalating at an alarming rate. Once again, the pressing need for both IT and physical security could not be more clear.

According to John Riggi, national advisor for healthcare security and risk at the American Hospital Association, healthcare security must now be seen as far more than just an IT issue. This year has seen what amounts to a sea change in the way healthcare executives must view not only their own personal security but also the impact of cyber-attacks not only on their bottom line but also on the lives and well-being of patients.

Read More
Editorial Team
cybercrime Healthcare News
0
10

Healthcare attack exposes 200,000 Los Angeles patient records

The Los Angeles County Department of Public Health has been breached by a cyber-attack that has compromised the personal information of over 200,000 private individuals. This is the latest breach in a series of major cyber-attacks on the healthcare sector.

As with so many breaches, the Los Angeles County breach was the result of a phishing attack aimed at unsuspecting staff. The attack enabled a hacker to gain the log-in credentials of 53 public health employees and subsequently compromised the personal information of 200,000 patients.

According to the LA County Department of Public Health: “The information identified in the potentially compromised e-mail accounts may have included DPH clients/employees/other individuals’ first and last name, date of birth, diagnosis, prescription, medical record number/patient ID, Medicare/Med-Cal number, health insurance information, Social Security Number, and other financial information.”

Read More
Editorial Team
cybercrime Healthcare News
0
29

BlackCat gives go-ahead for healthcare attacks

Following actions taken against the infamous BlackCat ransomware group in December by the US Federal Bureau of Investigation (FBI), the cybercriminal gang has warned it is taking off the gloves in its fight with law enforcement. BlackCat previously took pride in regularly announcing that it does not encourage or support affiliates who target crucial sectors such as healthcare. But this approach has changed radically since the end of 2023.

“Since mid-December 2023, of the nearly 70 leaked victims, the healthcare sector has been the most commonly victimized. This is likely in response to the ALPHV Blackcat administrator’s post encouraging its affiliates to target hospitals after operational action against the group and its infrastructure in early December 2023,” said the FBI.

Read More
Editorial Team
cybercrime News ransomware
0
30

Ransomware payments top US$1 billion in 2023

Last year, ransomware payments topped US$1 billion for the first time. According to a report from blockchain analyst firm Chainalysis, in 2023 ransomware gangs reached “an unprecedented milestone” in extorted cryptocurrency payments.

“This number does not capture the economic impact of productivity loss and repair costs associated with attacks. This is evident in cases like the ALPHV-BlackCat and Scattered Spider’s bold targeting of MGM resorts. While MGM did not pay the ransom, it estimates damages cost the business over US$100 million,” warns the report.

Read More
Editorial Team
Analysis Cyber Media cybercrime
0
16

Cyber-gangs to launch media offensive in 2024

Cybercrime, which has become a multi-trillion-dollar industry over recent decades, became increasingly sophisticated during 2023, with criminal groups now adopting many of the business practices used by legitimate enterprises. According to a new report from cybersecurity firm, Sophos, leading ransomware gangs now increasingly employ their own internal HR and PR departments.

Far from shying away from the media, as criminals always have in the past, some ransomware gangs have been swift to seize the opportunities it affords them. Some regularly issue press releases and take great pains to forge relationships with individual journalists using the same PR methods as those employed by legitimate corporations. Threat actors also offer Frequently Asked Questions (FAQs) and answers for journalists visiting their leak sites, encouraging reporters to get in touch, give in-depth interviews, and recruit writers, reports Sophos.

Read More
admin
News One Minute Roundup
0
7

Fraudulent LinkedIn Profiles Targeting Saudi Workers for Corporate Data Leaks – December 12th

Revealed in a presentation at last month’s Black Hat Middle East and Africa conference, was a corporate information leak tactic targeting Saudi Arabian workers using fraudulent LinkedIn profiles.

The LinkedIn attacks start with fraudulent accounts pretending to be Muslim women in their 20s who say they work in Southeast Asia. Once the connection is made, attempts to harvest sensitive corporate information through long, seemingly legitimate professional conversations ensue.

Read More
Editorial Team
Government News SEC
0
18

US Congress tries to block new cyber rulings

New cybersecurity rulings due to come into full force less than a month from today are being blocked in the US Congress and the House of Representatives. The new rulings include the mandatory reporting of any ‘material’ cyber-attack within four working days and were drawn up by the Securities and Exchange Commission (SEC).

But, according to a statement issued by Congressman Andrew Barbarino, Chairman of Homeland Security’s Cybersecurity and Infrastructure Protection Subcommittee, and Senator Thom Tillis: “This cybersecurity disclosure rule is a complete overreach on the part of the SEC … also increasing cybersecurity risk without a congressional mandate and in direct contradiction to public law that is intended to secure the homeland.”

Read More
admin
News One Minute Roundup
0
8

ALPHV/BlackCat Reports MeridianLink for Undisclosed Cyber Attack – November 16th

Ransomware gang, ALPHV/BlackCat has reported MeridianLink to the SEC, for not disclosing cyber attack.

ALPHV/BlackCat informed the SEC that MeridianLink did not disclose details of the attack, which could potentially affect the data of the publicly traded company’s thousands of financial organizations, banks, credit unions, and mortgage lenders. The lack of cyber compliance from MeridianLink breaks the SEC’s rule of disclosing cyber attacks within 4 days of the attack occurring to the agency.

Read More
admin
News One Minute Roundup
0
14

BlackCat turns to ‘Munchkin’ to advance hacker operations – October 23rd

The BlackCat ransomware group has employed the use of a new tool, called Munchkin, making the Ransomware-as-a-Service (Raas) operation more attractive to potential affiliates. This is because Munchkin allows for the use of remote systems to deploy encryptors on network devices.

After violating a device’s security, the threat actors are able to install something called a VirtualBox, which enhances their ability to propagate a malicious payload across victim networks.

Read More
Editorial Team
News ransomware Trends
0
26

Ransomware gangs start to fight dirty

According to cybersecurity company SecureWorks’ annual State of the Threat Report, over the last 12 months, attackers have shortened the time between the initial penetration of the corporate network to the ransomware demand itself from 4.5 days to less than one day. This period, known in the cybersecurity industry as ‘dwell time’, offers well-equipped cybercriminals a leisurely opportunity to drain the company of funds and its most sensitive secrets. In 10 percent of cases, ransomware was even deployed within five hours of initial access.

Read More
Boyd Wilson
News One Minute Roundup
0
10

BlackCat gang wields new weapon to target cloud storage – September 18th

The BlackCat ransomware gang is now using the Sphynx encryptor to target Azure cloud storage. The Spynx variant was discovered in March this year in an investigation of a data breach that shared similarities with another attack described in an IBM-Xforce report.

BlackCat continues to be one of the most high-profile, sophisticated threat actor groups, owing to the gang’s ability to continuously refine and adapt its tactics.

Read More