Identity Attacks Overtake Exploits as Top Ransomware Cause
Email attacks overtook exploits as the top ransomware root cause last year. Multifactor authentication (MFA) was deployed in 97% of credential-based attacks but failed to prevent compromise.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Email attacks overtook exploits as the top ransomware root cause last year. Multifactor authentication (MFA) was deployed in 97% of credential-based attacks but failed to prevent compromise.
This week’s security news is mostly about weak spots
Some customer orgs tell staff to block inbound email from the provider Autovista confirms that it called in outside support to help clean up a ransomware infection currently affecting systems in Europe and Australia.…
Threat hunters have called attention to a new campaign as part of which bad actors masqueraded as fake IT support to deliver the Havoc command-and-control (C2) framework as a precursor to data exfiltration or ransomware attack
Incident Responders Detail Top Ransomware and Business Email Compromise TacticsThere's no need to invest into sophisticated hacking operations when moving fast and exploiting well-trod techniques gives threat actors all the access they want. Threat actors are prioritizing "low-complexity entry points, rather than investing in sophisticated exploits," say incident responders.
SmarterTools confirmed last week that the Warlock ransomware gang breached its network after compromising an email system, but did not impact business applications or account data. [...]
Interpol said law enforcement across 19 countries made 574 arrests and recovered $3 million, against a backdrop of spiraling cybercrime in the region, including business email compromise, digital extortion, and ransomware schemes.
A law enforcement operation coordinated by INTERPOL has led to the recovery of $3 million and the arrest of 574 suspects by authorities from 19 countries, amidst a continued crackdown on cybercrime networks in Africa
An Interpol-coordinated initiative called Operation Sentinel led to the arrest of 574 individuals and the recovery of $3 million linked to business email compromise, extortion, and ransomware incidents. [...]
Also, Australian Police Arrest 55 in New Round of Anom App StingThis week: UPenn hit by email breach, Australian police arrested 55, 'SesameOp' backdoor hid C2 traffic, BEC scammers used AWS, hackers stole trucking cargo, Ukrainian national extradited to United States for role in Conti ransomware and a supply chain risk in advanced installer tool.
Digital Extortionists Try Recruiting Insiders, Email BarragesCollective efforts to bolster cybersecurity defenses have been taking a big bite out of ransomware groups' earnings, leading groups to reach for new strategies, including social engineering, supply chain attacks, extortion services and bribing insiders, warn incident response experts.
Crypto mines, BEC scams, fake passports, and a $300M fraud empire allegedly brought down during Serengeti 2.0 Interpol's latest clampdown on cybercrime resulted in 1,209 arrests across the African continent, from ransomware crooks to business email compromise (BEC) scammers, the agency says.…
Cybercrime accounts for more than 30% of all reported crime in East Africa and West Africa, with online scams, ransomware, business email compromise, and digital sextortion taking off.
Former members tied to the Black Basta ransomware operation have been observed sticking to their tried-and-tested approach of email bombing and Microsoft Teams phishing to establish persistent access to target networks
The emerging threat group is the latest to adopt the combo attack tactic, which Black Basta and other groups already are using to gain initial access for ransomware deployment.
A 3AM ransomware affiliate is conducting highly targeted attacks using email bombing and spoofed IT support calls to socially engineer employees into giving credentials for remote access to corporate systems. [...]
Barracuda observed threat actors impersonating the Clop ransomware group via email to extort payments, claiming to have exfiltrated sensitive data
Ransomware gangs are increasingly adopting email bombing followed by posing as tech support in Microsoft Teams calls to trick employees into allowing remote control and install malware that provides access to the company network. [...]
Sophos has warned of IT impersonation vishing attacks designed to remotely deploy ransomware
The threat actors linked to the Black Basta ransomware have been observed switching up their social engineering tactics, distributing a different set of payloads such as Zbot and DarkGate since early October 2024