Ransomware, ransomware and more ransomware! This month’s news shows that threat actors are thirstier than ever, not only targeting organizations and state nations, but also entire cities. Attackers are making use of AI to achieve their objectives, creating a new challenge on the cybersecurity front. Read on to find out more about what we’re talking about this month.
Cybercrime is world’s third-largest economy thanks to booming black market
The ease with which threat actors can acquire malware and ransomware as a service, has catapulted cybercrime to become the world’s third-largest economy after the US and China, according to the World Economic Forum (WEF). Threat actors can buy access to networks and ransomware online and launch sophisticated cyber attacks, all without being a technical expert. Ransomware is booming with advanced targeted attacks across all verticals, and it’s projected to cost the world $8 trillion in 2023 and $10.5 trillion by 2025, according to Cybersecurity Ventures.
“Cybercrime is the world’s third largest economy in the world after the USA and China. The rapid growth doesn’t show any sign of stopping, so it’s essential to craft strategies that prevent threat actors from attacking at a larger and larger scale.” — David Brown, CRO
Source: Cybernews, February 6
Hacker develops new ‘Screenshotter’ malware to find high-value targets
A custom malware that performs surveillance and data theft on infected systems targeting organizations in the United States and Germany has been discovered. The threat actor tracked as TA886, carries out a preliminary evaluation that determines if the target is valuable enough before stealing data. The threat actor targets victims using phishing emails that download and execute the “Screenshotter” malware in their device. This tool then sends a screenshot of the targets’ machine to the threat actor for further evaluation. The capabilities of this malware include stealing cryptocurrency wallets, credentials, cookies, FTP clients, Steam, Telegram accounts, Discord accounts, VPN configurations and email clients.
“This article highlights the fact that every day a new threat actor arises, terrorizing industries. It also underscores the fact that the financial industry continues to be one of the most targeted industries today, bombarded with malware/ransomware and phishing attacks daily. Traditional cybersecurity is not enough to protect financial organizations. All industries need a solution that can help them misdirect threat actors, detect threats in real time, and capture applicable CTI with context. Only CounterCraft deception technology makes it possible for organizations to take a proactive cybersecurity stance against sophisticated threat actors.” — Shunta Sharod Sanders, Director of Global Pre-Sales Engineering
Source: Bleeping Computer, February 10
Aims: the software for hire that can control 30,000 fake online profiles
Team Jorge, a unit of disinformation group based in Israel, manages large amounts of fake social media accounts on Twitter, Facebook, Gmail, Instagram, Amazon and Airbnb. This software mimics human behavior, steals images from real users and publishes social posts powered by artificial intelligence. Tal Hanan, who runs the covert group using the pseudonym “Jorge”, told undercover reporters that they sold access to their software to unnamed intelligence agencies, political parties and corporate clients.
The article cites examples of people who found their pictures on a false profile sharing content they totally disagree with. Meta, the owner of Facebook, took down Team Jorge bots on its platform after reporters shared a sample of the fake accounts with the company.
“The rise of disinformation, especially when used to subvert democratic processes, is one the key social issues we face today. This article dives deep into the organization of a team dedicated to disinformation and subversion for over 20 years. They are applying best practices of business processes breaking down the problem into small chunks and either outsourcing (Bot Farms) or building specialist teams (Real World Fake Protests). Whilst this is the current state of the art in disinformation, it is obvious that readily available access to content generation AI (ChatGPT) will enable these criminal teams to do so much more damage with the same or reduced resources. We must constantly fight against the proliferation of disinformation with all the tools at our disposal. CounterCraft provides a suite of tools to challenge threat actors using disinformation to gain technical access to IT systems (aka Hackers or Threat Actors). Whilst this is not in the political disinformation space, there is a crossover. For this reason I feel this article is a great read.” — Dan Brett, Founder and CSO
Source: The Guardian, February 16
City of Oakland declares state of emergency after ransomware attack
Ransomware is reaching unprecedented levels of severity, this time even shutting down a whole city’s IT systems. Oakland, California, has declared a local state of emergency because of a ransomware attack that forced the city to take all its IT systems offline. Although the attack didn’t impact core emergency services such as 911 dispatch and fire and emergency resources, many systems taken down immediately after the incident to contain the threat are still offline. The ransomware group behind the attack is currently unknown, and the city is yet to share any details regarding ransom demands or data theft from compromised systems.
“Ransomware is not only targeting organizations or state nations. Threat actors are going after entire cities now! The ransomware wave is here to stay and the only way to stay one step ahead of attackers is by misdirecting and learning from their techniques.” — Member of the Marketing Team
Source: Bleeping Computer, February 15
Ransomware gang uses new zero-day to steal data on 1 million patients
One of the largest healthcare providers in the United States, Community Health Systems (CHS), confirmed that a group of hackers accessed the personal and protected health information of one million patients. Hackers found a vulnerability in the GoAnywhere software, developed by Fortra, which the healthcare giant used to transfer large files. CHS hasn’t said what types of data were exposed. Details of the zero-day vulnerability in Fortra’s GoAnywhere software, tracked as CVE-2023-0669, were first flagged by security journalist Brian Krebs on February 2. Five days later, Fortra released an emergency patch and urged all GoAnywhere customers to apply the fix as soon as possible.
“Healthcare is a highly targeted sector due to the value of sensitive private health data. This is why we can see a clear upward trend in investment in cybersecurity by these organizations trying to implement more strict protocols to prevent similar incidents. Deception-based cybersecurity provides custom targeted intelligence that can be used to safeguard patient information”. — Fernando, Founder and Head of Development
Source: Techcrunch, February 16
Don’t miss next month’s roundup. Follow us on LinkedIn, Twitter, or sign up for our newsletter to stay in touch.