The FBI reported a record $12.5 billion in losses from online scams in 2023, with over a third attributed to investment scams, particularly those involving fraudulent cryptocurrency schemes. The report also highlighted the increasing costs of ransomware attacks, which jumped from $34 million in 2022 to about $59 million in 2023, although the total financial impact is much higher. Cybercriminals extorted a record $1.1 billion in ransom payments from victim organizations worldwide last year, with the health care sector reporting the highest number of ransomware incidents.
The LockBit ransomware gang has relaunched its operations on new infrastructure after law enforcement disrupted their servers, threatening to target government sectors more. They admitted negligence led to the breach and announced plans to enhance security and decentralize affiliate panels. The gang's message appears to be damage control, aiming to restore credibility after the setback.
A cybersecurity expert from McAfee warns against downloading files from untrusted sources and clicking on pop-ups, as these actions can trigger automatic spyware downloads that can drain your bank account. The expert advises closing out of a browser entirely using the task manager or force quit option, regularly updating the operating system, and using the latest secure version of web browsers. AI is also posing a risk through personalized phishing scams, with scammers able to create highly personalized campaigns at a massive scale. Recent incidents include AI cloning voices of children for ransom calls. Families are advised to create verbal passwords to authenticate identity on the phone. Major brands and companies have also been targeted by ransomware attacks, causing significant disruptions and financial losses.
A group of highly skilled Gen-Z hackers known as Scattered Spider, Muddled Libra, or UNC3944 has been targeting companies worldwide, with a particular focus on the United States. These hackers employ sophisticated social engineering techniques and excel at bypassing multi-factor authentication. They have breached the systems of major companies, including MGM Resorts and Caesars Entertainment, and have targeted industries ranging from telecommunications to finance, hospitality, and media. The group is known for its ruthlessness, speed, and ability to overwhelm security response teams. They have also engaged in tactics such as SWATing and leaving threatening notes for victims. While their motives are not entirely clear, experts believe they are driven by power, influence, and notoriety rather than financial gain. The FBI is investigating the recent breaches, and cybersecurity specialists anticipate that the attacks will continue.
The White House held its first-ever cybersecurity summit on the ransomware crisis affecting U.S. schools, where criminal hackers have been stealing and dumping sensitive student data. At least 48 districts have been hit by ransomware attacks this year, with data stolen in all but 10 cases. The summit aimed to raise awareness and provide federal resources to combat the issue, including tailored security assessments, grants, and support from technology providers. However, experts noted that limited federal funds currently exist to address the problem, and school districts have been ill-equipped to defend against these attacks. The lasting impact of these attacks goes beyond financial costs, with the exposure of private records causing trauma for staff, students, and parents.
Microsoft has highlighted the growing cybersecurity concerns for major sporting events, warning that the expanding cyber risk surface poses a threat to stadium operations. The company emphasized that valuable information related to athletic performance, competitive advantage, and personal data is at risk, with hospitals providing critical support and health services being targeted for ransomware attacks. To defend against such attacks, Microsoft recommends disabling unnecessary ports, securing apps and devices, patching point-of-sale devices, implementing logical network segmentations, and configuring systems before events. These efforts are crucial in deterring adversaries from exploiting poorly configured networks within large sporting event environments.
