Malware
The Escalating Threat of Ransomware: Brace Yourself for its Unyielding Grip
Ransomware continues to wreak havoc, and the situation is deteriorating rapidly. With cybercriminals becoming more sophisticated, businesses and individuals must prioritize their security measures. This article delves into the alarming rise of ransomware attacks, offers insights into their evolving tactics, and highlights the urgent need for robust defenses. Don’t wait until it’s too late; safeguard your digital assets now.
Protecting Against Ransomware Attacks with Strong Password Policies
As the world becomes increasingly digital, organizations rely heavily on IT systems to operate their services. Unfortunately, cybercriminals have recognized this dependence and are capitalizing on it. In the past, computer viruses were used to disrupt target systems. However, with the development of modern attack tools, a new and more destructive criminal model has emerged – ransomware. Ransomware not only harms targeted systems but also extorts money from victims by encrypting their files and holding them hostage.
A recent report by Malwarebytes reveals that global ransomware attacks have seen a significant increase. In just one year, there were 1,900 ransomware attacks against the US, Germany, France, and the UK. The costs associated with these attacks are also predicted to rise. According to Cyber Security Ventures, by 2031, a ransomware attack will occur every two seconds, resulting in annual losses of around $265 billion (USD) globally.
Is Ransomware Exclusively Targeting Big Organizations?
While most recorded ransomware attacks have targeted big organizations in the past, this is no longer the case. Ransomware operators are now increasingly targeting small and medium-sized businesses, as well as individuals. For example, with the recent back-to-school season, ransomware attacks against schools have surged. Recorded Future reports that at least 27 schools and districts were hit with ransomware in August alone.
This increase in attacks against smaller entities is due to the rise of the ransomware-as-a-service (RaaS) business model. This model allows cybercriminals without technical skills to launch ransomware attacks. RaaS operators provide the necessary tools and infrastructure in exchange for a fee based on successful ransoms. This enables novice attackers to carry out devastating ransomware campaigns against various targets, contributing to the global spread of these attacks.
Recent Ransomware Attacks
Almost every day, we hear about major ransomware incidents impacting organizations. Here are some recent examples:
- The LockBit ransomware group targeted Oakland city in April 2023, resulting in the shutdown of 311 public services.
- The Royal ransomware hit the city of Dallas’ IT infrastructure, causing the suspension of numerous public services and exposing the personal information of 26,212 Texas residents.
- A ransomware attack against Harvard Pilgrim Health Care in April 2023 resulted in the unauthorized access of 2,550,922 patients’ medical data.
Ransomware gangs are constantly evolving their techniques to infect their targets and maximize profits. The lucrative nature of ransomware attacks has allowed hackers to invest in developing more sophisticated tools and methods.
Ransomware Attack Techniques
Ransomware operators employ various techniques to gain access to their targets. Some common methods include:
- Outsourcing initial access to target IT environments through phishing, exploit kits, or stolen credentials.
- Exploiting zero-day vulnerabilities in target security controls and applications.
- Using legitimate penetration testing tools like Cobalt Strike to deliver the ransomware payloads.
- Compromising websites and distributing exploit kits to visitors, allowing attackers to exploit vulnerabilities in their web browsers and operating systems.
One prevalent method used by ransomware operators is password-related attacks. The LockBit ransomware, for example, heavily relies on password-related attacks. These attacks include executing customized phishing campaigns, launching brute-force attacks against internet-facing enterprise applications, and purchasing stolen access credentials from darknet marketplaces.
Exploiting Weak Password Practices
Cybercriminals take advantage of poor password practices to exploit their targets. Some common methods include:
- Credential stuffing: Hackers use previously compromised username/password pairs to gain unauthorized access to other accounts where users have reused their credentials.
- Brute-force attacks: Hackers use automated tools to guess users’ passwords, such as John the Ripper and Cain and Abel.
- Password spraying: Attackers try a common password (e.g., default password) across a list of usernames to gain access to multiple accounts.
- Phishing attacks: Hackers create fake login pages that resemble legitimate websites to trick users into entering their account credentials.
Specops Password Policy offers comprehensive protection against ransomware attacks by addressing weak password practices. This solution extends the functionality of Group Policy in Active Directory and provides advanced password policy features, including:
- Custom dictionary lists to block commonly used passwords within your organization, such as company names and locations.
- Settings to prevent predictable password compositions, such as reusing parts of old passwords, consecutive characters, and incremental characters.
- Breached password protection by daily checks against known compromised password lists, blocking the use of over 4 billion unique compromised passwords.
- Passphrase support for stronger and easier-to-remember passwords.
As ransomware continues to evolve, organizations must strengthen their cyber defenses using a layered security approach. Enforcing strong password policies, such as those provided by Specops Password Policy, is a crucial step in preventing ransomware attacks. By blocking the use of compromised passwords, organizations can significantly reduce the risk of falling victim to these devastating cyberattacks.
Sponsored and written by Specops Software.
Malware
23andMe Enhances User Agreement to Shield Against Data Breach Lawsuits
Genetic testing service 23andMe has updated its user agreement to avoid potential data breach lawsuits. Customers must now agree to resolve any legal disputes through arbitration and won’t be able to file class-action lawsuits. The move follows several high-profile data breaches that have led to costly legal settlements for companies.
Genetic testing provider 23andMe is currently facing multiple lawsuits due to an October credential stuffing attack that resulted in the theft of customer data. In response, the company has made changes to its Terms of Use, making it more difficult for customers to sue them.
Last October, a cybercriminal attempted to sell 23andMe customer data but ultimately failed, leading them to leak the data of 1 million Ashkenazi Jews and 4.1 million people living in the United Kingdom.
Our IT Services team learned that the data was obtained through credential stuffing attacks used to breach customer accounts. The cybercriminals exploited a limited number of these accounts to access the ‘DNA Relatives’ feature and scrape the data of millions of individuals.
In a recent update, 23andMe disclosed that a total of 6.9 million people were affected by the breach — 5.5 million through the DNA Relatives feature and 1.4 million through the Family Tree feature.
Terms of Use Updates: Preventing Lawsuits?
As a result of the breach, 23andMe is now facing numerous lawsuits. In an effort to minimize legal troubles, the company updated its Terms of Use on November 30th. The updated terms now require mandatory arbitration for all disputes, prohibiting jury trials or class action lawsuits.
The updated Terms of Use state, “These terms of service contain a mandatory arbitration of disputes provision that requires the use of arbitration on an individual basis to resolve disputes in certain circumstances, rather than jury trials or class action lawsuits.”
23andMe sent emails to customers informing them of the change and advising that they had 30 days to notify the company at [email protected] if they disagreed with the new terms. Customers who disputed the update would remain on the previous Terms of Service.
However, Nancy Kim, a Chicago-Kent College of Law professor, told Axios that this change in the Terms of Use may not protect 23andMe from lawsuits. It could be difficult for the company to prove that they provided reasonable notice for customers to opt out of the new terms.
Stay Informed and Protect Your Data
As cyber threats continue to evolve, it’s more important than ever to stay informed and take proactive measures to safeguard your personal data. We’re here to help you navigate the ever-changing world of cybersecurity, providing you with the information and resources you need to stay safe online.
Contact us to learn more about how to protect yourself from cyber threats, and remember to come back regularly for the latest updates on cybersecurity developments.
Malware
23andMe Revamps Terms of Use with Robust Measures to Thwart Data Breach Lawsuits
Discover how 23andMe has updated its Terms of Use to prevent data breach lawsuits, requiring users to agree to arbitration and waive their right to file a class action suit. Learn about the changes and how they affect customers’ legal rights in case of a data breach.
Imagine getting a DNA test for fun or curiosity, only to have your sensitive genetic information stolen by cybercriminals. That’s exactly what happened to millions of 23andMe customers this past October. As a result, the genetic testing provider is now facing multiple lawsuits and has decided to change its Terms of Use to make it harder for people to sue the company. Let’s dive into the details and see what this means for you.
The Credential Stuffing Attack on 23andMe
In October, a malicious threat actor tried to sell 23andMe customer data. When they failed to find a buyer, they leaked the data of 1 million Ashkenazi Jews and 4.1 million people living in the United Kingdom. We found out from 23andMe that the data was obtained through a credential stuffing attack, wherein the criminals breached customer accounts using stolen login information. They then used the “DNA Relatives” feature to scrape the data of millions of individuals.
Since then, 23andMe has reported that a total of 6.9 million people were impacted by the breach – 5.5 million through the “DNA Relatives” feature and 1.4 million through the “Family Tree” feature.
23andMe’s Response: Updating Terms of Use to Prevent Lawsuits
As you can imagine, this massive breach has led to a flurry of lawsuits against the company. In response, 23andMe updated its Terms of Use on November 30th to include a provision requiring mandatory arbitration for all disputes, rather than allowing for jury trials or class action lawsuits.
The updated Terms of Use state, “These terms of service contain a mandatory arbitration of disputes provision that requires the use of arbitration on an individual basis to resolve disputes in certain circumstances, rather than jury trials or class action lawsuits.”
Users were informed of this change via email, and they had 30 days from the notification to disagree with the new terms by contacting 23andMe. Those who disputed the update would remain on the previous Terms of Service.
Will This Change Protect 23andMe from Lawsuits?
According to Nancy Kim, a professor at the Chicago-Kent College of Law, it’s unlikely that this change in the Terms of Use will protect 23andMe from lawsuits. She told Axios that it would be difficult for the company to prove they gave customers reasonable notice to opt out of the new terms.
What Does This Mean for You?
This situation serves as a reminder of the importance of cybersecurity and protecting your personal data. If you’ve used 23andMe or other genetic testing services, it’s crucial to stay informed about any potential breaches and take action to protect yourself.
And for those of us who aren’t directly affected, this case demonstrates the need for strong cybersecurity measures across all industries, especially when sensitive data is involved. As we continue to rely more and more on technology, the potential for breaches and cyberattacks only increases.
Stay informed and stay safe by keeping up with the latest cybersecurity news and best practices. We’re here to help you navigate the complex world of digital security, so don’t hesitate to reach out if you have any questions or concerns. Together, we can work to protect our data and our privacy.
Malware
Austal USA, Navy Contractor, Confirms Devastating Cyberattack Following Massive Data Leak
US Navy contractor Austal USA has confirmed a cyberattack after sensitive data was leaked online. The defense shipbuilder is working with the FBI and local authorities to investigate the incident, which has not affected any government projects. The breach highlights the need for increased cybersecurity measures in the defense sector.
Austal USA Suffers Cyberattack: What We Know
Austal USA, a shipbuilding company and contractor for the U.S. Department of Defense (DoD) and the Department of Homeland Security (DHS), recently confirmed a cyberattack against it. As a company that specializes in high-performance aluminum vessels, Austal USA plays a critical role in U.S. national security. Its American subsidiary is responsible for building the Independence class littoral combat ships for the U.S. Navy, which cost $360 million per unit, as well as an active $3.3 billion contract for constructing 11 patrol cutters for the U.S. Coast Guard.
Hunters International Ransomware Group Takes Credit
The Hunters International ransomware and data extortion group claimed responsibility for the breach, even leaking some information as proof of the intrusion. In response, a spokesperson for Austal USA confirmed the attack and stated that the company acted swiftly to mitigate the incident:
Austal USA recently discovered a data incident. We were able to quickly mitigate the incident resulting in no impact on operations.
Regulatory authorities, including the Federal Bureau of Investigation (FBI) and Naval Criminal Investigative Service (NCIS) were promptly informed and remain involved in investigating the cause of the situation and the extent of information that was accessed.
No personal or classified information was accessed or taken by the threat actor. We are working closely with the appropriate authorities and will continue to inform any stakeholders impacted by the incident as we learn new information.
Austal USA recognizes the seriousness of this event and the special responsibility we have as a DoD and DHS contractor. Our assessment is on-going as we seek to fully understand this incident so that we can prevent a similar occurrence.
The Threat of More Data Leaks
Hunters International has threatened to publish more stolen data from Austal’s systems in the coming days, including compliance documents, recruiting information, finance details, certifications, and engineering data. Austal USA has not disclosed whether the threat actor accessed engineering schematics or other proprietary U.S. Navy technology.
Who Are Hunters International?
Hunters International emerged recently as a ransomware-as-a-service (RaaS) operation and is suspected to be a rebrand of the Hive ransomware gang due to overlaps in their malware code. The group denies these allegations, claiming they are a new operation that purchased the encryptor source code from the now-defunct Hive. They say that encryption is not their end goal, but rather stealing data and using it as leverage to extort victims into paying ransoms. Currently, the gang’s data leak site lists over a dozen victims from various sectors and regions worldwide.
A Call to Action: Protect Your Data and Stay Informed
This incident highlights the importance of staying informed about cybersecurity threats and taking steps to protect your data. We at IT Services encourage you to keep coming back to learn more about the latest cyberattacks and how to safeguard your information. Don’t hesitate to contact us if you have questions or need assistance in fortifying your digital defenses.
23andMe Enhances User Agreement to Shield Against Data Breach Lawsuits
23andMe Revamps Terms of Use with Robust Measures to Thwart Data Breach Lawsuits
Austal USA, Navy Contractor, Confirms Devastating Cyberattack Following Massive Data Leak
Breaking News: Yamaha Motor’s Philippines Subsidiary Falls Victim to Devastating Ransomware Attack
Blackbaud: Taking Responsibility with a Landmark $49.5 Million Settlement for Devastating Ransomware Data Breach
13 Key Cybersecurity Regulations for Financial Firms
-
Malware3 weeks agoBreaking News: Yamaha Motor’s Philippines Subsidiary Falls Victim to Devastating Ransomware Attack
-
Malware2 months ago
Blackbaud: Taking Responsibility with a Landmark $49.5 Million Settlement for Devastating Ransomware Data Breach
-
Data Protection Regulations3 weeks ago
13 Key Cybersecurity Regulations for Financial Firms
-
Malware2 weeks ago
Hacktivists Infiltrate Top US Nuclear Research Lab, Swipe Sensitive Employee Data
-
Malware5 months ago
Breaking: Microsoft Firmly Refutes Reports of Data Breach, Safeguarding 30 Million Valued Customer Accounts
-
Security Audits and Assessments3 weeks ago
Mastering Healthcare Data Security: 5 Essential Audit Tips
-
Malware7 months ago
“Massive Cyber Attack on American Bar Association Exposes Personal Information of 1.4 Million Members”
-
Malware2 months ago
Alarming Breakthrough: Voter Roll Potentially Compromised by Hackers
