Security News

Due to constant ransomware attacks on US interests, President Biden has once against warned President Putin that Russia needs to arrest the ransomware gangs operating from Russia or the US will take action instead. Finally, a new ransomware payment tracking site called Ransomwhere was launched this week. REvil is increasing ransoms for Kaseya ransomware attack victims.

The Texas Bankers Association documented at least 139 chain gang attacks against Texas financial institutions in the year ending November 2020. Santor said the chain gang attacks have spread to other states, and that in the year ending June 2021 Travelers saw a 257 percent increase in the number of insurance claims related to ATM smash-and-grabs.

The Federal Bureau of Investigation warns cryptocurrency owners, exchanges, and third-party payment platforms of threat actors actively targeting virtual assets in attacks that can lead to significant financial losses. The FBI issued the warning via a TLP:GREEN Private Industry Notification designed to provide cybersecurity professionals with the information required to properly defend against these ongoing attacks.

Commercial insurer CNA has started notifying customers that threat actors did have access to some personal data during a ransomware attack in March. This week, the company started notifying customers that some personal data was accessed during the attack, but stressed that it was able to recover all the data.

Identity-based access, frequent password changes and multi-factor authentication can help reduce the incidence of such attacks, but to be proactive Greatwood and I agreed that identifying the source of repeated, excessive login attempts and blocking such attempts are crucial to detecting and reducing the impact of ransomware attacks. "A zero-trust model is a valuable defense mechanism in blocking ransomware."One of the most effective ways to prevent ransomware attacks is through the adoption of zero-trust architecture, the modern alternative to perimeter-based security.

The information sharing organization helps companies deal with security threats and supports more collaboration overall. Ransomware attacks are not going to stop any time soon and bad actors refine their attack techniques with every new breach.

The ZLoader malware family has switched to a new delivery mechanism in recent spam campaigns, fetching malicious code only after the initial attachment has been opened, McAfee reports. ZLoader is being distributed through spam emails that carry various types of attachments, with the most recent ones featuring Microsoft Word documents.

CNA Financial Corporation, a leading US-based insurance company, is notifying customers of a data breach following a Phoenix CryptoLocker ransomware attack that hit its systems in March. CNA is considered the seventh-largest commercial insurance firm in the US based on stats from the Insurance Information Institute.

The REvil ransomware gang's attack on MSPs and their customers last week outwardly should have been successful, yet changes in their typical tactics and procedures have led to few ransom payments. This tactic led to the most significant ransomware attack in history, with approximately 1,500 individual businesses encrypted in a single attack.

This weekend's attack was carried out with almost surgical precision. According to Cybereason, the REvil affiliates first gained access to targeted environments and then used the zero-day in the Kaseya Agent Monitor to gain administrative control over the target's network.