#NSBCS.013 - Ransomware Payments on the Rise

#NSBCS.013 - Ransomware Payments on the Rise

Source: NSB Cyber

 

Ransomware Payments on the Rise

Ransomware payments exceeded $1.1 billion in 2023, highlighting a 60% increase compared to 2022. This alarming figure paints a picture of the evolving threat that ransomware presents to organisations and individuals in 2024, as revealed by cybersecurity firm Chainalysis https://www.wired.com/story/ransomware-payments-2023-breaks-record/.

Several factors have fuelled this surge:

  • Increased Attack Frequency: Cybercriminals are launching more ransomware attacks, targeting businesses and individuals with sophisticated tactics.

  • Escalating Ransom Demands: Threat actors are building off successes from previous attacks and often demanding higher ransoms in future incidents, placing immense pressure on victims and their organisations.

  • Rise of Ransomware-as-a-Service (RaaS): RaaS models lower the barrier to entry for new actors, expanding the threat pool and fueling attack proliferation.

The implications for the cybersecurity field are significant:

  • Greater urgency for proactive defence: Organisations must prioritise robust cybersecurity measures including data backups, security awareness training, and incident response plans.

  • Enhanced collaboration: Increased cooperation between law enforcement, security researchers and government agencies is crucial to disrupt cybercriminal networks.

  • Focus on dismantling RaaS ecosystems: Tackling RaaS platforms could effectively aid in undermining the infrastructure supporting many ransomware attacks.

The future of cyber holds challenges, but also opportunities:

  • Innovation in detection and prevention: Advancements in AI and machine learning can equip organisations and individuals with powerful tools to identify and thwart attacks.

  • Strengthening public-private partnerships: Collaborative efforts can accelerate vulnerability patching, intelligence sharing and coordinated responses.

  • Promoting cybersecurity awareness: Educating individuals and businesses about cyber hygiene and safe online practices is essential in minimising attack surfaces.

While the rise in ransomware payments is concerning, it underscores the critical need for collective action and continuous improvement in cybersecurity practices. By remaining vigilant, adopting proactive measures and fostering collaboration, organisations and individuals can build resilience and take #NoStepsBackward.

For information on NSB Cyber’s Cyber Threat Intelligence capabilities or to book a meeting with our team, click here.


What we read this week

  • Fake LastPass password manager spotted on Apple’s App Store - A fake LastPass password manager app called LassPass Password Manager was available on the Apple app store and had a very similar interface, which could have fooled users into thinking it was the real app. The fake app was likely created as a phishing application that could steal users’ credentials if they had downloaded it. If individuals have accidentally installed the fake LastPass app, users should immediately remove it and change their password, and are advised to reset all passwords stored in their vault to be safe.

  • Ongoing Microsoft Azure account hijacking campaign targets executives - A phishing campaign was detected in late November 2023, with hundreds of user accounts in the Microsoft Azure environment being targeted including senior executives who have high privileges. Cybercriminals had been targeting executive accounts because they have access to confidential corporate information and access to critical systems. Once attackers are gaining access to an account, they can steal data, manipulate accounts, and launch further attacks. Organisations with Microsoft Azure accounts can protect themselves from these attacks by monitoring user activity, resetting compromised passwords, and using security tools.

  • New Fortinet RCE bug is actively exploited, CISA confirms - A critical remote code execution bug Fortinet devices tracked as CVE-2024-21762 is being actively exploited by attackers. This bug allows attackers to execute arbitrary code remotely on affected devices, which could give them complete control over the device. The Cybersecurity and Infrastructure Security Agency (CISA) has added the bug to its list of exploited vulnerabilities and has ordered federal agencies to patch their devices by February 16. Fortinet has also released a patch for the vulnerability, and all users are urged to apply it as soon as possible.

  • Ubuntu ‘command-not-found’ Tool Could Trick Users into Installing Rogue Packages - Threat actors are actively exploiting the Ubuntu command-not-found tool to recommend malicious packages. Attackers can manipulate the tool through the snap repository to recommend their own malicious packages and this can lead to software supply chain attacks, where attackers compromise the integrity of the software supply chain to install malware on victim devices. Up to 26% of APT package commands are vulnerable to this attack because the command-not-found tool uses an internal database and the advise-snap command to recommend packages.

  • Microsoft, OpenAI Warn of Nation-State Hackers Weaponising AI for Cyberattacks - Microsoft and OpenAI have found evidence that nation-state actors associated with Russia, Iran, China, and North Korea are using artificial intelligence (AI) for malicious purposes. The two organisations have reported of disrupting efforts made by five state-affiliated actors that used AI capabilities by terminating their assets and accounts. AI can be used by malicious actors to automate tasks, such as reconnaissance, coding assistance and malware development. Microsoft and OpenAI are working to mitigate the risks posed by AI-powered cyberattacks, including developing new detection methods and working with governments to raise awareness of the threat.

References
https://www.bleepingcomputer.com/news/security/fake-lastpass-password-manager-spotted-on-apples-app-store/
https://www.bleepingcomputer.com/news/security/ongoing-microsoft-azure-account-hijacking-campaign-targets-executives/
https://www.bleepingcomputer.com/news/security/new-fortinet-rce-bug-is-actively-exploited-cisa-confirms/
https://thehackernews.com/2024/02/ubuntu-command-not-found-tool-could.html
https://thehackernews.com/2024/02/microsoft-openai-warn-of-nation-state.html 
Previous
Previous

#NSBCS.014 - Artificial Intelligence: Secret Weapon for Success

Next
Next

#NSBCS.012 - Securing your Data - Third-Party Risk