Europe's cybersecurity agency predicts hackers will take advantage of the growing overlap between information and operational technologies in the transport sector and disrupt OT processes in a targeted attack. Ransomware will become a tool wielded for political and financial motivations, says ENISA.
Threat actors are exploiting the ongoing economic downturn by using job-themed phishing and malware campaigns to target job seekers and employers to steal sensitive information and hack company recruiters. Researchers advise companies to be wary of attachments and URLs.
A Chinese law requiring mandatory disclosure to the government of vulnerability reports appears to be paying dividends for state-connected hacking. "The Chinese government is up-leveling their capabilities," says Adam Meyers, senior vice president of intelligence at CrowdStrike.
Attackers targeting unpatched VMware ESXi hypervisors to hit virtual machines have reportedly modified their ESXiArgs ransomware to prevent victims from using decryption workarounds identified by researchers. The campaign has already amassed nearly 3,000 known victims and could have many more.
The LockBit group has gone from denying it had any involvement in the ransomware attack on Britain's Royal Mail to trying to bargain for a ransom. The ransomware group's site now lists Royal Mail as a victim and demands it pay a ransom or see stolen data get dumped.
In the latest weekly update, ISMG editors discuss the lasting effects of the takedown of the Hive ransomware group, why the U.S. government is warning of a surge in Russian DDoS attacks on hospitals, and why the lack of transparency in U.S. breach notices is creating more risk for consumers.
A North Korean hacking group tracked by cybersecurity firm Proofpoint as TA444 in December unleashed a torrent of spam in a bid to harvest credentials - evidence of a hacking group that mirrors "startup culture in its devotion to the dollar and to the grind."
The total amount of ransom payments being sent by victims to ransomware groups appears to have taken a big dip, declining by 40% from $766 million in 2021 to $457 million in 2022 due to victims simply being unwilling to pay, blockchain intelligence firm Chainalysis reports.
The notorious LockBit 3.0 ransomware group runs just like a business, focusing on recruiting top talent and maintaining an advanced product - which has led to the group's longevity. But the operators' insecurities could be key to the group's undoing, says security researcher Jon DiMaggio.
Trend Micro spotted operators of the Gootkit malware loader targeting the Australian healthcare sector. Trend Micro doesn't assert the Gootkit campaign is behind a ransomware attack against the country's largest private health insurer but says the "recent campaign might remind us of this incident."
Researchers uncovered thousands of Citrix servers that are vulnerable to two critical flaws, one of which is being actively exploited by nation-state hackers. Netgear also warned its customers about a denial-of-service vulnerability affecting some of its devices.
Many healthcare sector organizations would raise their security maturity levels if more CISOs and their teams approached security with business enablement as the objective, says Taylor Lehmann, director for the office of the CISO at Google Cloud.
Many ransomware-wielding attackers are expert at preying on their victims' compulsion to clean up the mess. Witness victims' continuing willingness to pay a ransom - separate to a decryptor - in return from a promise from extortionists that they will delete stolen data. As if.
According to Accenture Security's Cyber Threat Intelligence team, information stealer malware - malicious software designed to steal information, including passwords - became one of the most discussed malware types on the cybercriminal underground in 2022.
Expel has released its latest quarterly threat report, which looks at continued identity-based attacks and the impact of MFA fatigue. Jon Hencinski shares insights on attack trends, gaps in compensating controls and what to look for in pre-ransomware activity.