All articles tagged with #cybercriminals
Google has filed a lawsuit against a Chinese-based cybercriminal group, dubbed the 'Smishing Triad,' responsible for a large-scale SMS phishing operation using a platform called 'Lighthouse' to steal sensitive information from over a million victims across 120 countries, aiming to dismantle the group and prevent further harm.
A massive data breach exposed 184 million accounts from major tech companies, risking credential theft and account hacking. Users are advised to change passwords, use a secure password manager like NordPass, and be cautious with browser autofill features to protect their digital security.
Change Healthcare, already dealing with a messy ransomware situation, now faces a new threat from a different ransomware group claiming to have 4 terabytes of stolen data and demanding a ransom. The group, RansomHub, has provided samples of patient records and contracts to support their claim. This development highlights the risks of trusting ransomware groups, as even after paying a ransom, victims may still face extortion and data exposure. The attack has had a significant impact on medical facilities, causing disruptions and financial strain for healthcare providers, with the American Medical Association warning of potential practice closures and patient access issues.
UnitedHealth Group accuses the ransomware gang Black Cat of hacking its health care payment systems, causing disruptions in pharmacies and hospitals nationwide. The attack has led to difficulties in filling prescriptions and seeking medical treatment. Despite efforts by the company to address the issue, the outage could last for weeks. The incident highlights the challenges in combating cybercriminal groups, particularly those with ties to countries with lax law enforcement regarding cybercrime, such as Russia.
A massive data breach has exposed the personal information of 200,000 Facebook Marketplace users, putting them at risk of phishing, identity theft, and cyberattacks. The leaked data, including names, phone numbers, and email addresses, is being sold to cybercriminals for targeted scams. Users are urged to change passwords, enable two-factor authentication, and be cautious of unusual messages. Cybersecurity experts warn that the leaked information can facilitate targeted attacks and advise against sharing too much personal information online. Additionally, users are encouraged to use secure authenticator apps and regularly update passwords to protect against potential threats.
The US State Department has offered a $10 million reward for information on the leaders of the ransomware group Hive, which has extorted over $100 million from US hospitals and other victims. The FBI infiltrated Hive last year and prevented $130 million in ransom payments. Despite government efforts, cybercriminals extorted a record $1.1 billion in ransom payments from victims, including a hospital in the Midwest that had to turn away patients during a ransomware attack. The ransomware epidemic has become more urgent for US officials following high-profile attacks, such as the Colonial Pipeline shutdown in May 2021.
Cybercriminals are targeting Mac users with a new proxy trojan malware, disguised as popular copyrighted macOS software available on warez sites. The malware infects computers and turns them into traffic-forwarding terminals for illegal activities. Kaspersky discovered the campaign, which offers trojanized versions of image editing, video compression, data recovery, and network scanning tools. The trojan is distributed as PKG files, which can execute scripts during installation, granting dangerous permissions. The trojan disguises itself as a legitimate system process and connects to a command and control server to receive instructions. The same infrastructure also hosts proxy trojan payloads for Android and Windows, suggesting a wide-ranging attack.
The use of generative artificial intelligence (AI) tools, such as ChatGPT, has led to a significant increase in malicious phishing emails, with a 1,265% rise in the fourth quarter of 2022 alone, according to a report by cybersecurity firm SlashNext. Cybercriminals are leveraging AI tools to write sophisticated and targeted business email compromise (BEC) and other phishing messages, resulting in an average of 31,000 phishing attacks sent daily. The report highlights the speed, volume, and sophistication of AI-based threats, which have been facilitated by the launch of ChatGPT. The success of phishing attacks, which have caused billions of dollars in losses, has prompted cybercriminals to double down on these tactics. Cybersecurity professionals are advised to provide continuous end-user education, implement email filtering tools, conduct regular testing and security audits, and enhance existing security infrastructure to mitigate the risks posed by AI-generated email attacks.
The Play ransomware strain, also known as Balloonfly and PlayCrypt, has transitioned into a Ransomware-as-a-Service (RaaS) operation, offering its services to other cybercriminals. Evidence suggests that affiliates who have purchased the ransomware are carrying out attacks using step-by-step instructions provided with the malware. The attacks exhibit little variation, including the use of the same tactics, passwords, and commands. Play initially targeted Microsoft Exchange Server vulnerabilities and dropped remote administration tools before deploying the ransomware. This shift to RaaS is expected to attract script kiddies and lead to a surge in ransomware incidents.
ALPHV/BlackCat's recent move to report a ransomware case to the SEC may become the new normal in the ransomware economy, as the SEC's new disclosure ruling requires companies to report "material" cybersecurity incidents within four days. While some argue that this aggressive move could draw unwanted attention from law enforcement, it is likely that the SEC is already monitoring dark web exposure sites. It is important for organizations to prepare in advance for ransomware attacks by identifying critical systems and building resiliency into them, as 90% of organizations have experienced at least one ransomware attack in the last two years.
The US Department of the Treasury's Office of Foreign Assets Control (OFAC) has sanctioned Ekaterina Zhdanova, a Russian national, for her involvement in laundering and moving funds using virtual currency on behalf of Russian elites and ransomware actors. Zhdanova facilitated access to Western financial markets for Russian individuals, helping them evade US and international sanctions. She used entities lacking anti-money laundering controls and relied on cash transactions and connections to move funds internationally. Zhdanova also provided services to individuals connected with the Russian Ryuk ransomware group. As a result of the sanctions, all property and interests in property of Zhdanova in the US or under the control of US persons are blocked. Financial institutions and individuals engaging in transactions with the sanctioned entities may also face sanctions or enforcement actions.
Okta CEO Todd McKinnon stated that all companies are facing massive cyberattacks from cybercriminals, following a major cybersecurity incident at MGM Resorts, one of Okta's clients. McKinnon emphasized the importance of collaboration within the security industry to combat cybercriminals, as every organization possesses sensitive data that is vulnerable to attacks. While digitization and automation have brought business growth, they have also increased the risk of cyber threats. Okta's system and products remain secure and unaffected by breaches.
The FBI, in collaboration with international partners, has successfully disrupted a long-running cybercriminal botnet named Qakbot, which had infected over 700,000 computers worldwide. The malware turned victim computers into a coordinated network, allowing the perpetrators remote control. The operation involved hacking Qakbot's infrastructure, uninstalling the malware from victim computers, and seizing $8.6 million in extorted funds. This success highlights the FBI's capabilities in targeting cybercriminal organizations and making the American people safer.
The FBI is warning smartphone users about a new scheme where cybercriminals promote malicious beta versions of apps on popular app stores. These apps, disguised as legitimate ones, are used to steal personal information and drain bank accounts. The FBI advises users to be cautious of apps with red flags such as rapid battery draining, unauthorized installations, and persistent pop-up ads. They also recommend reading customer comments before installing apps from unknown developers, avoiding sharing personal financial information via email, and keeping software up-to-date. Victims of malware-laden apps can report incidents to the FBI.
As Amazon's annual Prime Day sale approaches, cybersecurity experts warn of an increase in scams and phishing attempts targeting consumers. Researchers have observed a significant rise in Amazon Prime-related phishing campaigns, with scam emails claiming billing issues or account freezes to trick users into revealing personal and financial information. Impersonation scams, not limited to Amazon, have cost American consumers millions of dollars. Amazon has taken down thousands of phishing websites and phone numbers used in impersonation schemes, but the battle against cybercriminals remains ongoing. Shoppers are advised to double-check domain names, stick to official retailer websites, use strong passwords and two-factor authentication, be cautious of urgent offers, look for SSL encryption, use credit cards for protection, keep personal information private, and report scam messages. If a deal seems too good to be true, it's likely a scam.