Archive for the ‘extortion’ Category
Ransomware attacks that tear through corporate networks can bring massive organizations to their knees. But even as these hacks reach new popularity highs—and new ethical lows—among attackers, it's not the only technique criminals are using to shake down corporate victims. A new wave of attacks relies instead on digital extortion—with a side of impersonation.
On Wednesday, the Web security firm Radware published extortion notes that had been sent to a variety of companies around the world. In each of them, the senders purport to be from the North Korean government hackers Lazarus Group, or APT38, and Russian state-backed hackers Fancy Bear, or APT28. The communications threaten that if the target doesn’t send a set number of bitcoin—typically equivalent to tens or even hundreds of thousands of dollars—the group will launch powerful distributed denial of service attacks against the victim, walloping the organization with a fire hose of junk traffic strategically directed to knock it offline.
Ransomware has emerged as one of the top threats facing large organizations over the past few years, with researchers reporting a more than a fourfold increase in detections last year. A recent infection by a fairly new strain called LockBit explains why: after it ransacked one company’s poorly secured network in a matter of hours, leaders had no viable choice other than to pay the ransom.
A report published by McAfee documents the effectiveness of this newcomer ransomware. Incident responders with Northwave Intelligent Security Operations aided in the analysis. LockBit is most prevalent in countries including the US, the UK, France, Germany, Ukraine, China, India, and Indonesia.
Attackers started out by researching potential targets with valuable data and the means to make big payouts when faced with the dim prospect of losing access to it. The attackers then used a list of words in hopes of gaining access to one of the accounts. Eventually, they hit the jackpot: an administrative account that had free rein over the entire network. The weak account password, combined with the lack of multi-factor authentication protection, gave the attackers all the system rights they needed.
Virgin Media, the British telecom and Cable TV provider, has suffered a breach that allowed unauthorized access to customer data, some of which reportedly linked subscribers to porn, gambling, and extreme violence content.
Virgin Media said in a post that unauthorized access was to a marketing database that included “limited contact information such as names, home and email addresses, and phone numbers” for about 900,000 subscribers. The company went on to say that the breached database contained no passwords or financial information.
Despite Virgin Media characterizing the accessed data as limited contact information, the Financial Times and the BBC reported that the compromised database also included details of some 1,100 customers who had used an online form to request that specific websites be blocked or unblocked. Some of those sites offered content involving porn, gambling, and extreme gore videos.