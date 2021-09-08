CreatorsPublishersAdvertisers
REvil Ransomware Group is Back as "Happy Blog" Returns

Cover picture for the articleAn infamous ransomware group that appeared to shutter its operations following a major supply chain attack on IT software provider Kaseya seems to be back in business. The REvil/Sodinokibi variant has been used by countless affiliates to extort money from companies as diverse as now-defunct Travelex, Jack Daniels-maker Brown-Forman and meat processing giant JBS.

Conti Ransomware Threat Rising as Group Gains Affiliates

As the United States heads into a holiday weekend, experts are warning that ransomware-wielding attackers are sure to unleash crypto-locking chaos in the coming days. White House officials say they have no intelligence tied to any specific attack, but they are sounding a cautionary note based on attackers' typical behavior. "Attackers view holidays and weekends - especially holiday weekends - as attractive time frames in which to target potential victims, including small and large businesses," the U.S. Cybersecurity and Infrastructure Security Agency warned this week.
Public Safetyinforisktoday.com

ISMG Editors’ Panel: New and Rebranded Ransomware Groups

In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including the emergence of new and rebranded ransomware groups practicing double extortion and supply chain security challenges in the oil and gas industry. The editors - Tom Field, senior vice president, editorial; Anna Delaney,...
Public SafetyHackRead

REvil ransomware gang is back after disappearing amid Kaseya attack

The official .Onion website of REvil ransomware gang is back online while its chat platform and clearnet site is still offline. The official website of the REvil ransomware gang (aka Sodinokibi) which is accessible through the Tor browser is back online after mysteriously going offline in July 2021. It is...
Technologyinfosecurity-magazine.com

US Cyber Command: Patch Critical Atlassian Bug Now

US government security experts have urged system administrators to patch two critical flaws in widely used Cisco and Atlassian products, exposing them to compromise. In a rare move, US Cyber Command took to Twitter before the Labor Day holiday weekend on Friday to address the Atlassian bug. “Mass exploitation of...
Public SafetyComputer Weekly

REvil reappearance may herald new ransom campaigns

The apparent return of the REvil ransomware syndicate amid the reactivation of its infrastructure and dark web leak site – known as the Happy Blog – has cast doubt on previous reports of the crew’s demise and may yet herald a renewed campaign of ransomware attacks in the coming months.
Computersinfosecurity-magazine.com

5 Best Practices for Mitigating DDoS Attacks

For organizations, a distributed denial-of-service (DDoS) attack is one of the dangerous obstacles they’ll face. While a DDoS attack takes different forms, the goal of the attacks is to typically incapacitate targeted servers or networks by flooding them with traffic from compromised devices or networks. Not only do these attacks cause services to be severely interrupted, but there is a significant cost to organizations. The average DDoS attack costs enterprise businesses around $2m and costs small and medium-sized businesses around $120,000.
Public Safetybeckershospitalreview.com

FBI warns OnePercent ransomware group exploiting AWS & 8 other apps

The FBI and Cybersecurity and Infrastructure Security Agency warned that the OnePercent ransomware group has been launching attacks on U.S. companies since November. OnePercent compromises victims through phishing emails that have an attachment, according to an Aug. 23 alert. Once the attachment is opened, the system is infected with IcedID and Cobalt Strike software is downloaded. Cobalt Strike moves laterally through the network, allowing the hackers to encrypt the data and remove it from the victim's systems.
Data Securityinforisktoday.com

20 Years After 9/11: How US Cybersecurity Landscape Evolved

In the 20 years since the Sept. 11, 2001, Al-Qaida terrorist attacks on targets in the U.S., the need to shore up critical infrastructure and build resilience into systems remains a priority for the federal government as well as the businesses that operate these facilities. But according to experts, over...
Softwareinfosecurity-magazine.com

CISA Urges Firms to Mitigate New Windows RCE Bug

The US authorities are urging IT teams to follow newly released guidance from Microsoft designed to help mitigate a flaw in Windows currently under active exploitation. High severity remote code execution bug CVE-2021-40444 exists in Windows browser engine MSHTML. Microsoft revealed in a note yesterday that the vulnerability is being used in targeted attacks featuring specially crafted Office documents. It could enable a remote attacker to hijack an affected system.
Technologyinfosecurity-magazine.com

Why Apple's iCloud+ Provides a Future Unlocking for Authoritarian Government Data Surveillance

Earlier this year, Apple announced a new feature to roll out on certain devices in the US that will automatically scan personal devices in a bid to tackle child abuse. NeuralHash technology is a perceptual hashing function creating fingerprints in a different way to traditional cryptographic hashing. Essentially, it can identify imagery without decrypting it unless a threshold is met and a sequence of checks done. It then reports this to the country’s National Center for Missing & Exploited Children.
Softwarethefastmode.com

Understanding REvil and the Rise of Ransomware Business Models Featured

Five years ago, our global threat intelligence team Unit 42 released athreat reportwarning that ransomware was quickly becoming one of the greatest cyberthreats facing organisations. The majority of ransoms were between US$200 and US$500 then, but we predicted that ransom demands would grow exponentially higher in the coming years. Unfortunately, those predictions came true as today, ransomware attacks run rife with ransoms being demanded in the millions.
Public SafetyArkansas Online

Hackers get data trove in U.N. breach

Hackers breached the United Nations' computer networks earlier this year and made off with a trove of data that could be used to target agencies within the intergovernmental organization. The hackers' method for gaining access to the U.N. network appears to be unsophisticated: They likely got in using the stolen...
Technologysecuritymagazine.com

Azurescape attack allows cross-container cloud compromise

The Unit 42 Threat Intelligence team has identified the first known vulnerability that could enable one user of a public cloud service to break out of their environment and execute code on environments belonging to other users in the same public cloud service. According to the Palo Alto Networks Unit...
Technologyinfosecurity-magazine.com

Interview: Rodney Joffe Discusses the Rise of RDDoS

The surge in ransomware attacks over the past 18 months has created havoc for organizations across numerous critical sectors, leading to enormous payments being made to cyber-criminal gangs. Ransomware operators have also rapidly evolved their tactics in this period, with trends like double-extortion ransomware attacks and ransomware-as-a-service becoming increasingly prominent. This means attacks are becoming more sophisticated and more complex for organizations to prevent. Another trend being observed in this space is the rise of ransom-related distributed denial of service (RDDoS); essentially, a tactic that aims to extort victims by taking or threatening to take their systems offline through DDoS. This is often easier and can be just as effective as encrypting an organization's systems and data. Following recent research conducted by tech firm Neustar in this area, Infosecurity recently caught up with Rodney Joffe, chairman of Neustar International Security Council (NISC), SVP and fellow to find out more about this technique and how organizations should respond to an attack of this nature. In Neustar’s recent study, 44% of organizations reported being the target or victim of an RDDoS attack in the last 12 months, while fewer organizations (41%) were on the receiving end of a ransomware attack. Could you explain how RDDoS attacks work, and does Neustar’s findings demonstrate a shift in the tactics employed by ransomware attackers? An RDDoS attack aims to knock an organization’s systems offline completely. While a ransomware attack encrypts a company’s system, an RDDoS attack doesn’t require the cyber-criminal to gain access to a businesses’ internal systems before it can be carried out. While there is technically no difference between a DDoS attack and an RDDoS attack, the element involving ransom means organizations are subject to extortion from criminals. Additionally, launching a DDoS attack has become relatively simple. It has the added benefit of being harder to trace back to its origin, meaning cyber-criminals are turning to RDDoS attacks over ransomware as an evolutionary point from DDoS but also a migration from ransomware-based attacks. Organizations that receive extortion threats are typically sent an additional demand letter that follows a rudimentary template format. In the letter, users are threatened with a DDoS attack unless the demands for payment — usually in the form of Bitcoin — are met. How effective is this approach in infecting organizations with ransomware? What advice do you have for organizations to defend themselves against RDDoS? Unfortunately, this approach is highly effective in infecting organizations with ransomware. While RDDoS in itself doesn’t include any ransom software, i.e., ransomware itself, instead, cyber-criminals are extorting the organization with attack threats. Cyber-criminals are also combining RDDoS with additional tactics, installing encryption ransomware while systems are down and stealing data and threatening data leaks. These triple attacks are becoming increasingly common.
Technologyinfosecurity-magazine.com

Combating Cyber-Threats in the Age of Big Tech

The report concerning Microsoft Azure’s Cosmos DB database should be an IT security wake-up call to the tech giants and other organizations, especially those moving more and more toward cloud services. In addition, as office reopenings are being halted due to the ongoing pandemic, more and more emphasis must be placed on keeping organizations secure, especially while their employees continue to work remotely.
Technologychannele2e.com

Supply Chain Attacks are Closing in on MSPs

If you attended Black Hat this year, you couldn’t avoid the topic of supply chain attacks. From keynotes to vendor messaging to booth presentations, they were a ubiquitous topic in Las Vegas this year. Supply chain attacks are cyberattacks targeting an upstream vendor for the ultimate purpose of compromising one...
Economytechxplore.com

Big Tech made billions during 'war on terror': report

Tech giants made billions through contracts with the US military and other government agencies during the so-called "war on terror", according to a report released ahead of the 20th anniversary of 9/11. The "Big Tech Sells War" report, published Thursday by three US campaign groups, documented an explosion of government...
TechnologyBeta News

Security experts predict a global AI-related cyber attack before year-end

As artificial intelligence technologies become more complex and better integrated with new services and products, executives worldwide are concerned about cyber security vulnerabilities. While AI is a strong tool for security, security experts also predict that malicious actors will utilize artificial intelligence to unleash a global cyber incident in the near future.

