Security News

The US' Federal Bureau of Investigation and Cybersecurity and Infrastructure Security Agency have released fresh guidance on the Royal ransomware operation, saying that evidence suggests it may soon undergo a long-speculated rebrand. The security industry has highlighted a suspected link between Royal and BlackSuit for months and the latest update to the security agencies' advisory confirms code overlaps and similarities in intrusion techniques.

The FBI and CISA revealed in a joint advisory that the Royal ransomware gang has breached the networks of at least 350 organizations worldwide since September 2022. [...]

The threat actors behind a new ransomware group called Hunters International have acquired the source code and infrastructure from the now-dismantled Hive operation to kick-start its own efforts in the threat landscape. While it's common for ransomware actors to regroup, rebrand, or disband their activities following such seizures, what can also happen is that the core developers can pass on the source code and other infrastructure in their possession to another threat actor.

A swing and a miss by the 50 member countries of the International Counter Ransomware Initiative, headlined by the US, who have confirmed a commitment to collectively address ransomware. The most powerful direction to address ransomware is little more than a feeble suggestion.

The LockBit ransomware gang published data stolen from Boeing, one of the largest aerospace companies that services commercial airplanes and defense systems. LockBit hackers said that Boeing ignored warnings that data would become publicly available and threatened to publish a sample of about 4GB of the most recent files.

Ransomed.vc shuts after 20% discount fails to entice bids Short-lived ransomware outfit Ransomed.vc claims to have shut down for good after a number of suspected arrests.…

Fortify password policies - At the heart of many breaches lies poor password hygiene. Tools, such as Specops Password Policy enables IT teams to set stringent password protocols, from meeting compliance standards, setting length and complexity requirements, to ensuring the absence of common and weak terms, as well as blocking known compromised passwords, which significantly tightens access controls.

The state-owned Industrial and Commercial Bank of China, which is one of the largest banks in the world, has been hit by a ransomware attack that led to disrupted trades in the US Treasury market. "On November 8, 2023, U.S. Eastern Time, ICBC Financial Services experienced a ransomware attack that resulted in disruption to certain FS systems. Immediately upon discovering the incident, ICBC FS disconnected and isolated impacted systems to contain the incident," the bank said in their security incident notice.

China's largest bank, ICBC, was hit by ransomware that resulted in disruption of financial services systems on Thursday Beijing time, according to a notice on its website. "Immediately upon discovering the incident, ICBC FS disconnected and isolated impacted systems to contain the incident," said the bank's financial services division, which added that it was both investigating and progressing recovery efforts.

Kyocera AVX Components Corporation (KAVX) is sending notices of a data breach exposing personal information of 39,111 individuals following a ransomware attack. [...]