Tag: Cybersecurity
Third-Party Breach Places AmEx Cardholders at Risk – March 5th
American Express released a notification to its customers, informing them of a third-party data breach, placing 'some' customer information at risk. Despite the breach, American Express ensured that its systems remain secure, is taking measures to address the issue, and will constantly monitor the integrity of its accounts for fraudulent activity.
BlackCat gives go-ahead for healthcare attacks
Following actions taken against the infamous BlackCat ransomware group in December by the US Federal Bureau of Investigation (FBI), the cybercriminal gang has warned it is taking off the gloves in its fight with law enforcement. BlackCat previously took pride in regularly announcing that it does not encourage or support affiliates who target crucial sectors such as healthcare. But this approach has changed radically since the end of 2023. “Since mid-December 2023, of the nearly 70 leaked victims, the healthcare sector has been the most commonly victimized. This is likely in response to the ALPHV Blackcat administrator’s post encouraging its affiliates to target hospitals after operational action against the group and its infrastructure in early December 2023,” said the FBI.
Joe Biden to cripple China’s car industry
US President Joe Biden has dealt a potentially devastating blow to China’s tottering economy by accusing China’s auto industry of posing a serious cyber risk to US national security. An impassioned speech from the President concerning the cyber threat posed by China comes only weeks after a similar warning from the US Federal Bureau of Investigation (FBI) concerning China’s plans to launch a cyber-attack on US national infrastructure. “China is determined to dominate the future of the auto market, including by using unfair practices. China’s policies could flood our market with its vehicles, posing risks to our national security. I’m not going to let that happen on my watch,” promises the President.
“Morris II Worm” Built to Target GenAI Systems – March 4th
Researchers from the Israel Institute of Technology, in collaboration with Intuit, and Cornell Tech developed the "Morris II Worm" to automatically leverage GenAI systems to spread malware and steal data. The researchers made the worm to demonstrate the dangers behind GenAI systems through the dangerous "0-click propagation" worm which unleashes unprompted payloads, allowing easier attacks from threat actors.
Geopolitical crises fuel cyber-attacks in the US
As geopolitical tensions and conflicts rise across the globe, so are cyber-attacks on critical Western infrastructure, particularly industrial facilities running on operation technology (OT) systems. Ransomware attacks on industrial organizations increased by over 50 percent in 2023, according to a report by cybersecurity firm Dragos: OT Cybersecurity – 2023 in Review. Seventy percent of all ransomware attacks targeted 638 manufacturing entities in 33 unique manufacturing subsectors. Dragos tracked a total of 21 threat groups targeting industrial organizations including three new threat groups: Gananite, Laurionite, and Voltzite. Dragos reports all three new groups as conducting diverse operations against various organizations, including cybersecurity research firms, government and military defense entities, rail, manufacturing, automotive, and utilities. Voltzite has been the most active of the three in targeting critical infrastructure.
50% of Companies Experienced IoT Cyber Incidents – February 28th
A Viakoo survey unveiled that 50% of respondents experienced IoT cyber incidents in 2023. Among those IoT cyber incidents, 44% were reported to be 'severe', while 22% were labeled as 'threatening'.
US Energy Sector Receives a $45M Investment to Bolster Cybersecurity – February 27th
As part of the US Biden-Harris administration's "Investing in America" agenda, the US energy sector received a $45M investment to bolster the sector's cybersecurity infrastructure. The announcement strengthens the US government's initiatives to boost cybersecurity efforts for critical infrastructure, in light of attacks on US critical infrastructure.
Ransomware is evolving into protection rackets
There is growing evidence that ransomware gangs are rapidly evolving into full-scale protection rackets. Ransomware gangs are increasingly returning to fleece their victims multiple times, even after the ransom has been paid. “Despite most victims agreeing to pay the ransom, less than half who did get their systems and data back uncorrupted. And most were breached again within a year,” says security company Cybereason’s report Ransomware: the true cost to business 2024. All of the 1008 enterprise IT professionals surveyed had been breached at least once in the past 24 months. While 84 percent paid the ‘ransom’, only 47 percent got their data and services back intact. But this new generation of ransomware attacks frequently do not stop – even once the ransom is paid. An astonishing 78 percent were breached again and 63 percent were asked to pay more the second time. In 36 percent of the cases, the second attack was carried out by the same gang that conducted the first.
LockBit Resurfaces After Takedown – February 26th
Arriving days after law enforcement agencies took down LockBit's servers, the ransomware gang resurfaces with a new data leak portal on the dark web. On a public announcement of their re-launch, a LockBit administrator disclosed that their websites were confiscated, however, their operations recovered due to backup servers.
FTC Fines Avast $16.5M for Selling User Data – February 23rd
The U.S. Federal Trade Commission (FTC) filed a complaint against Avast for selling user data, along with a $16.5M fine. The FTC's complaint claims "Avast unfairly collected consumers' browsing information through the company's browser extensions and antivirus software, stored it indefinitely, and sold it without adequate notice and consumer consent."
Doppleganger mob set to spike US and UK elections
Russian hacktivists named Doppelgänger have been interfering in Germany’s elections with a view to influence the outcome of upcoming European elections, according to a report from SentinelLabs and ClearSky Cyber Security. “Doppelgänger represents an active instrument of information warfare. We anticipate that Doppelgänger’s activities, targeting not only Germany but also other Western countries, will persist and evolve, particularly in light of the major elections scheduled across the EU and the USA in the coming years,” says the report.
I-Soon Leak Offers Glimpse Into Chinese Hacking Campaigns – February 22nd
The Chinese Police reported on a nation-state sensitive data leak on Chinese company, I-Soon. The data uncovers in detail, methods used by Chinese authorities to surveil dissidents, and hacking networks across Central and Southeast Asia.