Security News

Ransomware attacks are a major problem for organizations everywhere, and the severity of this problem continues to intensify. Recently, Microsoft's Incident Response team investigated the BlackByte 2.0 ransomware attacks and exposed these cyber strikes' terrifying velocity and damaging nature.

Ransomware has been an acute concern for organizations for more than a decade, but one of the more recent trends we see is that groups are now setting up infrastructure, but outsourcing actual infection to "Affiliates" who effectively act as contractors to the Ransomware as a Service group and split the profits at the end of a successful attacks. A ransomware group encrypts a company's data, but first exfiltrates data, which is posted on ransomware blogs on a certain date if the victim doesn't pay.

The port of Nagoya - which shifted 2.68 million shipping containers and 164 million tons of cargo in 2022 - has moved precious few in the last 24 hours after finding itself the latest victim of Russia's notorious LockBit ransomware gang. Japanese media have reported substantial disruptions at the port and named LockBit as the culprit.

The malware "Possesses the ability to steal information from various browsers, enabling the exfiltration of sensitive data, while also incorporating different modules for carrying out ransomware activities," Zscaler researchers Shatak Jain and Gurkirat Singh said in a recent analysis. Following a successful breach, the malicious binary is used as a conduit to set up persistence, perform the actual browser update, and also drop a stealer capable of covertly harvesting sensitive information and encrypting the stolen files, leaving the victims at risk of potential data loss, exposure, or even the sale of their valuable data.

As 40% of consumers harbor skepticism regarding organizations' data protection capabilities, 75% would shift to alternate companies following a ransomware attack, according to Object First. Consumers request increased data protection from vendors, with 55% favoring companies with comprehensive data protection measures such as reliable backup and recovery, password protection, and identity and access management strategies.

Healthcare continues to be one of the most attractive targets for cyberattackers, and the number of breaches affecting the industry is increasing yearly. In this Help Net Security video, Steve Gwizdala, VP of Healthcare at ForgeRock, discusses how vigilance and new ways of enhancing cybersecurity measures will be crucial to healthcare organizations and businesses responsible for protecting consumers' online information - across the entire supply chain.

Threat actors associated with the BlackCat ransomware have been observed employing malvertising tricks to distribute rogue installers of the WinSCP file transfer application. "Malicious actors used malvertising to distribute a piece of malware via cloned webpages of legitimate organizations," Trend Micro researchers said in an analysis published last week.

Unlocking internet's secrets via monitoring, data collection, and analysisIn this Help Net Security interview, Ryan Woodley, CEO of Netcraft, discusses the importance of monitoring, collecting, and analyzing internet data to gain a profound understanding of the internet. Preparing health systems for cyber risks and insurance coverageIn this Help Net Security interview, Dennis Fridrich, VP of Cybersecurity at TRIMEDX, delves into the hidden costs of cyberattacks on health systems, the role of insurers in promoting cybersecurity preparedness, and how organizations can better manage their cyber risk.

The BlackCat ransomware group is running malvertizing campaigns to lure people into fake pages that mimic the official website of the WinSCP file-transfer application for Windows but instead push malware-ridden installers. The BlackCat attack observed by Trend Micro begins with the victim searching for "WinSCP Download" on Bing or Google and getting promoted malicious results ranked above the safe WinSCP download sites.

A case of mistaken identity and further MOVEit Transfer data breaches continue dominated the ransomware news cycle this week. A new report by VMware's Carbon Black team sheds light on the 8Base ransomware operation, illustrating how they use the Phobos ransomware in attacks.