Attack

The five biggest ransomware trends you need to know about

The five biggest ransomware trends you need to know about

Organizations should assume that they and any of their employees can be a target for ransomware gangs as they hold the data the threat actors seek.  Most threat actors today are motivated by financial gain and will use various tactics in order to exploit organizations into big multi-million-dollar ransoms. This year we have seen the Costa Rican government held to ransom by the Conti ransomware gang, an Illinois university close its doors because of a ransomware attack and the Lapsus$ hacker group target both Microsoft and Okta.  The ongoing threat from ransomware gangs is clear and in this article CS…
Read More
Albanian government falls prey to “unprecedented and dangerous” cyberattack

Albanian government falls prey to “unprecedented and dangerous” cyberattack

The country of Albania has been forced to temporarily suspend its government sites following an attack on government IT systems Add bookmark The Albanian National Agency of the Information Society (AKSHI) has been forced to shut down government systems after falling prey to a cyberattack which came from outside the country.  AKSHI described the attack in a statement to local news outlets as “a synchronized and sophisticated cybercriminal attack.” The organization went on to say that in response to the attack, they had been “forced to shut down government systems until the enemy attacks are neutralized.” Due to this, access…
Read More
IOTW: Marriott International suffers latest in series of data breaches

IOTW: Marriott International suffers latest in series of data breaches

Update: This article has been updated to reflect the scale of the breach, which affected 300-400 individuals Hotel group Marriott International has reported that it has suffered its third major data breach of the past eight years as hackers gained access to one of its customer databases.  The latest incident in a string of attacks was reported to have happened in June 2022 when an anonymous hacking group used social engineering in order to gain access to an employee’s computer.  The unnamed group reportedly told DataBreaches that they were able to exfiltrate 20 GB of data including "some confidential and proprietary…
Read More
IOTW: Marriott International suffers latest in series of major data breaches

IOTW: Marriott International suffers latest in series of major data breaches

Hotel group Marriott International has reported that it has suffered its third major data breach of the past eight years as hackers gained access to one of its customer databases.  The latest incident in a string of attacks was reported to have happened in June 2022 when an anonymous hacking group used social engineering in order to gain access to an employee’s computer.  Marriott spokesperson Melissa Froehlich Flood said in a statement to technology publication TechCrunch that the company was “aware of a threat actor who used social engineering to trick one associate at a single Marriott hotel into providing…
Read More
Five ransomware gangs and their tactics (part two)

Five ransomware gangs and their tactics (part two)

Ransomware continues in an upwards trend and attacks have increased by 13% in 2022 compared with the previous year, according to Verizon’s 2022 Data Breach Investigations Report. With this in mind, it is clear that malicious threat actors are prolific and pose a significant threat to any organization that cannot boast solid cyber security. Following on from CS Hub’s article five active ransomware gangs and their tactics (part one), we look into five more of the top ransomware gangs that pose a threat to organizational cyber security. BlackMatter BlackMatter is a ransomware-as-a-service (RaaS) tool first identified in July 2021. The…
Read More
IOTW: Iran’s steel industry targeted by hacktivists

IOTW: Iran’s steel industry targeted by hacktivists

Khouzestan Steel Company, one of Iran’s largest steel manufacturers, was targeted by hacktivist group Gonjeshke Darande (Predatory Sparrow) on 28 June. According to reports, the steel company was said to close its plant until further notice following a cyber attack which caused technical issues. At the time of writing the Khuzestan Steel Company’s website was down. Other targets claimed by Predatory Sparrow in a video posted on social media included the Mobarakeh Steel Company and the Hormozgan Steel Company. The group claimed that the company continued to operate despite international sanctions. In January 2021 the US Treasury Department sanctioned several…
Read More
IOTW: CISA reveals 130GB Log4shell breach

IOTW: CISA reveals 130GB Log4shell breach

First discovered in December 2021, the Log4Shell vulnerability continues to be exploited by threat actors as highlighted by a joint advisory by the Cybersecurity and Infrastructure Security Agency (CISA) and United States Coast Guard Cyber Command (CGCYBER) on 23 June. Cyber threat actors have exploited unpatched, public-facing VMware Horizon, a virtual desktop provider, and Unified Access Gateway (UAG) servers to gain initial access to networks, the joint advisory said. VMware did make fixes available for the vulnerability in December 2021. Multiple threat actors target victims The joint statement highlights two incidents where the CISA and CGCYBER were involved in response.…
Read More
Five active ransomware gangs and their tactics (part one)

Five active ransomware gangs and their tactics (part one)

As ransomware gangs continue to threaten organization’s cyber security, it is important to make note of the most prominent groups at the moment and their techniques. Today’s ransomware gangs continue to evolve and Ransomware-as-a-Service (RaaS), double extortion and cross-platform functionality are now common traits. In this article we review just five of the top ransomware gangs active today, some of their recent attacks and the tactics they are deploying. Hive Hive, who first emerged in June 2021, has been become renown as an incredibly aggressive group targeting the healthcare sector. On 31 May Hive attacked the Costa Rican Social Security…
Read More
IOTW: BlackCat ransomware strikes Italian university

IOTW: BlackCat ransomware strikes Italian university

Microsoft published details about BlackCat ransomware, also known as ALPHV, in the same week an Italian university was added to the ransomware gang’s list of victims. According to cyber security organization, BetterCyber, the University of Pisa was added to BlackCat’s list of victims on 11 June with the message “Let’s play, the university goes to sleep, the mafia wakes up?” The gang have requested a US$4.5mn ransom by 16 June which will increase to US$5mn if the date is passed, according to Italian news site Cybersecurity360. The outlet shared a screenshot of the compromised network page which appears to invite…
Read More
Why Russia has refrained from a major cyber-attack against the West

Why Russia has refrained from a major cyber-attack against the West

As tensions rose between Ukraine and Russia, ultimately escalating to warfare, the West expected Russia to use its cyber-attacking capabilities to target western critical infrastructure (CI) in a SolarWinds-style incident, especially in retaliation to ongoing sanctions against Moscow. However, such an attack has not come to fruition despite government organizations like the US’ Cybersecurity and Infrastructure Security (CISA) and the UK’s National Cyber Security Centre (NCSC), among others, issuing statements and warnings to CI organizations to bolster their cyber security and expect increased Russian cyber-activity. CS Hub spoke to cyber security experts about their theories as to why we have…
Read More