Tag: dark web
Zscaler Clarifies, Only The Test Server Was Compromised – May 14th
In conclusion, in its investigations on hacking claims, Zscaler found that only an isolated test environment was compromised. The investigation arrived after a hacker named 'IntelBroker' confirmed that he breached Zscaler, offering to sell their data for $20K. The incident investigation is now also being conducted with Europol.
‘Brute force’ cyber-attacks continue to escalate
Cybersecurity firm Okta reports a spike in ‘brute-force’ credential-stuffing attacks over the last month. This follows earlier reports of a spike in ‘brute force’ credential-stuffing attacks reported last week. Increasingly sophisticated ‘brute force’ attacks use trial and error techniques to crack passwords, login credentials, and encryption keys. New life is now also being breathed into what is essentially an old hacking technique, with widely available software using artificial intelligence (AI) that can carry out large numbers of attempts automatically.
Millions of AT&T Data at Risk from Data Breach – April 1st
AT&T sent out a mass announcement to its customers, informing them that a dataset containing sensitive data from 7.6M current users and 65.4M former users is for sale on the dark web. To mitigate the breach, AT&T reset the passcodes of all its current users and will constantly communicate with customers to further protect accounts.
UK Deputy PM Warns of Chinese Cyber Threats to Government – March 25th
The UK's Deputy Prime Minister, Oliver Dowden, is expected to formally announce to the press that China is behind a wave of cyber attacks against UK government officials and will urge the protection of voters' data. Despite the denial from China's Ministry of Foreign Affairs, the UK government remains on high alert for politically fueled cyber attacks as the election period nears.
LockBit Resurfaces After Takedown – February 26th
Arriving days after law enforcement agencies took down LockBit's servers, the ransomware gang resurfaces with a new data leak portal on the dark web. On a public announcement of their re-launch, a LockBit administrator disclosed that their websites were confiscated, however, their operations recovered due to backup servers.
90 percent of US users mistrust social media
Nine out of 10 US citizens do not trust social media. In some other developed markets, trust in services such as Facebook is even lower. In the UK, only three percent of consumers trust social media services with their personal data, and in Japan, it is only two percent, about one in fifty. Thales 2024 Digital Trust Index, which surveyed 12,426 people worldwide, reports that, while the majority of users mistrust social media and online retail and entertainment services, trust in some other services is far higher. Consumers have much more trust in banking, healthcare, and government services when it comes to sharing their personal data – a universal trend witnessed in all the markets surveyed. Banking services are the most highly trusted with 44 percent of users placing their trust in them. This was closely followed by healthcare with 41 percent and government services with 37 percent.
Ransomware payments top US$1 billion in 2023
Last year, ransomware payments topped US$1 billion for the first time. According to a report from blockchain analyst firm Chainalysis, in 2023 ransomware gangs reached “an unprecedented milestone” in extorted cryptocurrency payments. “This number does not capture the economic impact of productivity loss and repair costs associated with attacks. This is evident in cases like the ALPHV-BlackCat and Scattered Spider’s bold targeting of MGM resorts. While MGM did not pay the ransom, it estimates damages cost the business over US$100 million,” warns the report.
Critical Sectors Faced 13 Cyber Attacks per Second in 2023 – January 30th
A Forescout Research - Vedere Labs report disclosed that over 420 million attacks were recorded between January and December 2023 in the medical, power, communications, waste, manufacturing, and transportation equipment sectors, amounting to 13 attacks per second. Forescout's report "2023 Global Threat Roundup” states that despite the ongoing surge in cyber attacks, the cybersecurity landscape remains optimistic considering proceedingly enhanced visibility and proactive defense strategies in the affected sectors.
Cyberattack Shuts Down loanDepot IT Systems – January 8th
In response to complaints regarding its payment portal, loanDepot informed its customers that they fell victim to a cyberattack that shut down its IT systems, disrupting its business operations. Currently in coordination with law enforcement and forensics experts to further investigate the attack. The attack on loanDepot marks the second major cyberattack on a US mortgage loan provider in the past few months, after the cyberattack on Mr. Cooper.
AI “overrated and overhyped” say cybercriminals
The verdict on artificial intelligence (AI) from the real experts is finally in; professional cybercriminal fraternities have judged AI to be “overrated, overhyped and redundant,” according to fresh research from cybersecurity firm Sophos. It has, hitherto, been accepted wisdom in the cybersecurity industry that cybercriminals, free from any regulatory authority or moral scruples, were among the first to harness the awesome power of AI to create bespoke and virtually unstoppable malware. However, having infiltrated the Dark Web forums where top professional cybercriminals discuss their trade, Sophos reports that the cybercrime sector has thoroughly tested the capabilities of AI and found it wanting.
Enterprises face a steep rise in insider threats
As we predicted earlier this year, harsh economic conditions across Western democracies are acting as a catalyst for cybercrime - particularly those cyber-attacks that target staff inside the organization. As cybersecurity becomes more effective, cybercriminals are finding ways to bypass digital security barriers by victimizing and sometimes terrorizing key personnel within the target organization.
Ransomware gangs start to fight dirty
According to cybersecurity company SecureWorks’ annual State of the Threat Report, over the last 12 months, attackers have shortened the time between the initial penetration of the corporate network to the ransomware demand itself from 4.5 days to less than one day. This period, known in the cybersecurity industry as ‘dwell time’, offers well-equipped cybercriminals a leisurely opportunity to drain the company of funds and its most sensitive secrets. In 10 percent of cases, ransomware was even deployed within five hours of initial access.