Category: Blog

Hackers Hit By Pandemic, Start Auctioning Data

Cybercriminal businesses have seen a hit from the weakened economy. In response, they’re further morphing tactics to extract money.

Times are tough.

Cybercriminals are getting creative.

We’ve seen several stories of Ransomware groups releasing stolen data to force ransom payment (like here). Some have even formed a cartel to expand reach and revenue (like here). Now, they’ve added a new line of revenue from victim data.

The criminal group behind the REvil ransomware enterprise has begun auctioning off sensitive data stolen from companies hit by its malicious software.

Many Ransomed organizations are either unwilling or unable to pay Ransom demands. This could be in following law enforcement guidance or they simply don’t have the funds in this tough economy. Unfortunately, this has consequences.

“The problem is a lot of victim companies just don’t have the money [to pay ransom demands] right now.”

When ransom demands aren’t met, the REvil team is now exacting their tolls via data auctions.

Experts say the auction is a sign that ransomware groups may be feeling the financial pinch from the current economic crisis, and are looking for new ways to extract value from victims…

On the block in their first auction, the REvil team is selling data from a Canadian agricultural producer who has reportedly not paid their Ransom demand.

The victim firm’s auction page says a successful bidder will get three databases and more than 22,000 files stolen from the agricultural company.

Cybercriminals have been printing money (figuratively) through these attacks, and they don’t seem to be stopping.

“Others are now charging a fee not only for the ransomware decryptor, but also a fee to delete the victim’s data. So it’s a double vig.”

This is yet another dark turn in the Ransomware game. As much as we don’t want to admit it, these criminals are crafty and smart.

It’s time to protect your team and your assets from these attacks.

Are you ready to take action?
You already have a lot on your plate, so we make it easy. Find out how to protect your team with Invincia’s Automated Security Awareness platform.

To get a quote, set up a call with our team here!

Original article here.
[https://krebsonsecurity.com/2020/06/revil-ransomware-gang-starts-auctioning-victim-data/]

June 15, 2020
Office 365 Phishing Attack Targets WFH

Hackers keep abusing WFH confusion. This time focused on VPNs.

With many employees working from home, VPNs (virtual private networks) have become widely used for WFH security. And they should be! It’s an important layer of security for any remote work environment.

As we’ve seen recently, hackers are creating and exploiting pandemic confusion for their profit (just like here and here). A new Phishing attack warns users to urgently update VPN configurations. The email impersonates the victim’s IT department with a link to a spoofed Office 365 login page.

The attackers are spoofing the sender email address to match the domains of their targets’ organizations and embed hyperlinks that send them to phishing landing sites designed to steal their Office 365 credentials.

The hackers are spoofing the victim’s domain in the sender email address. This can provide a false sense of security to the user and increase the likelihood of taking the bait.

These attacks could have a high rate of success in tricking potential victims since many recipients might click through and log into their Office 365 accounts to avoid losing remote access to company servers and resources.

Once the user clicks the link, they’re sent to a landing page that looks exactly like a legitimate Office 365 login. The attackers exploit Microsoft’s Azure Blob Storage, making the URL look safe.

The landing page is a cloned Office 365 login page hosted on the Microsoft-owned web.core.windows.net domain by abusing the Azure Blob Storage and it comes with a valid Microsoft certificate.

Hackers keep improving spoofing tactics, making attacks harder to recognize. It is up to every organization to take action to arm their people with the safe online behaviors and tools to protect their networks and data.

Are you ready to take action?
Find out how to protect your team with INFIMA’s Automated Security Awareness platform.

To get a quote, set up a call with our team here!

Original article here.

June 8, 2020
Lady Gaga & Springsteen’s Law Firm Hacked

Attackers compromised a law firm, stealing a huge trove of data on A-List celebs.

The media & entertainment law firm of Grubman Shire Meiselas & Sacks suffered a vicious cyber attack. The 756GB in stolen files appears to contain data on dozens of high profile celebs, also including Mariah Carey, Cam Newton and John Oliver.

The ransomware attack was perpetrated by a group called “REvil,” also known as “Sodinokibi.”

The REvil group has its own A-List of previous attacks, including Travelex and Brooks International. A hallmark of their attacks includes stealing data before ransoming the organization.

“Cybercriminals use the threat of releasing the stolen data as leverage to extort payment.”

In this case, the compromised data could be very valuable to the law firm and, in turn, the attackers.

“The trove of data allegedly stolen includes contracts, nondisclosure agreements, phone numbers and email addresses, and “personal correspondence.”

To prove their case, the hackers posted snippets of the stolen data on a dark web forum. This is very similar to this attack on a Texas law firm earlier this year.

The attacks on law firms will continue. They hold tons of sensitive data, and cyber criminals know it. As always, they will go after the softest targets.

Are you ready to take action?
Start with booking quick call to learn how Invincia’s Managed IT Security can help your company.

To learn more, set up a call with our (non-pushy) team here!

Original article here.
[https://variety.com/2020/digital/news/entertainment-law-firm-hacked-data-breach-lady-gaga-madonna-bruce-springsteen-1234602737/]

May 15, 2020