30-Apr-24: In Security News Today

Ransom Payments Surge to Staggering $2M on Average, a 500% Jump From Last Year

The average ransom payment for cyberattacks has surged to $2 million, marking a 500% increase from the previous year, with additional recovery costs averaging $2.7 million per incident. The Sophos State of Ransomware 2024 report highlights a slight decrease in attack frequency but emphasizes the growing financial burden on businesses. The report also notes that cybercriminals frequently target backups to cripple recovery efforts, underscoring the critical vulnerabilities within organizational cybersecurity measures.

China-Linked ‘Muddling Meerkat’ Hijacks DNS to Map Internet on Global Scale

A cyber threat named Muddling Meerkat, likely linked to China, has been conducting sophisticated DNS activities since October 2019 to evade security measures and map the internet globally. The threat actor abuses DNS open resolvers to send queries from Chinese IP space, demonstrating a deep understanding of DNS. The actor’s motives behind these activities, which involve fake DNS responses and manipulation of internet traffic, remain unclear but raise concerns about potential internet mapping efforts or research.

New U.K. Law Bans Default Passwords on Smart Devices Starting April 2024

The U.K. National Cyber Security Centre has introduced a law, the Product Security and Telecommunications Infrastructure act, prohibiting manufacturers from using default passwords on smart devices starting April 2024. This law aims to enhance consumer protection against cyber attacks by enforcing minimum security standards. Failure to comply can lead to recalls and fines of up to £10 million or 4% of global annual revenues.

The Dark Web is Seeing an Influx of Affordable Ransomware, Making Malware More Accessible Than Ever

Sophos researchers have identified a rise in ‘junk gun’ ransomware, which is unsophisticated and sold cheaply on the dark web, posing a serious threat to organizations. These low-cost ransomware variants, like Kryptina, Diablo, and others, offer simplicity and independence to criminals, making them harder to track for law enforcement. Despite lacking the scale of major ransomware groups, these attacks can still be profitable and challenging for defenders due to their low-tech nature and potential to go undetected.

Philadelphia’s Daily Newspaper Philadelphia Inquirer Struck by Cyberattack

The Philadelphia Inquirer reported a cyberattack that compromised personal information, including financial details, of over 25,000 subscribers. The breach occurred in May 2023, allowing unauthorized access to sensitive data. Despite no immediate misuse reports, the newspaper has offered affected subscribers free credit monitoring and urged vigilance against identity theft.

U.S. Government Releases New AI Security Guidelines for Critical Infrastructure

The U.S. government has released new security guidelines to protect critical infrastructure from AI-related threats, focusing on transparency, privacy, and civil liberties. The guidelines aim to manage AI risks by establishing an organizational culture of risk management, understanding individual AI use context, and prioritizing safety and security. Additionally, recent concerns include vulnerabilities in AI systems that could be exploited by cybercriminals for malicious purposes, prompting the need for robust security measures and careful deployment practices.

Change Healthcare Hacked Using Stolen Citrix Account With no MFA

Change Healthcare was breached by the BlackCat ransomware gang who used stolen Citrix credentials without multi-factor authentication. The attack led to severe operational disruptions and financial damages estimated at $872 million. The CEO confirmed the ransomware attack and the difficult decision to pay the ransom, while remediation efforts included swift containment, system securing, and rebuilding core services.

Ransomware Rising Despite Takedowns, Says Corvus Report

Corvus Insurance’s report reveals a 21% increase in ransomware activity in the first quarter of 2024 compared to the same period in 2023, with new ransomware gangs emerging to fill the void left by LockBit and BlackCat. Despite disruptions to high-profile ransomware gangs, the number of recorded victims in Q1 2024 was significantly higher than in the same period in 2023, with industries like information technology and medical specialists being targeted the most.

Chinese Hackers Have Been Probing DNS Networks Globally for Years

A Chinese hacking group named Muddling Meerkat has been probing DNS networks worldwide since 2019, utilizing sophisticated methods to evade detection and manipulate DNS responses. The group’s activities include altering MX records and conducting what appear to be DDoS attacks, though their true intentions remain unclear. These ongoing operations highlight significant vulnerabilities in global network infrastructure and suggest possible preparation for disruptive cyberattacks.

Finnish Hacker Gets Prison for Accessing Thousands of Psychotherapy Records and Demanding Ransoms

In Finland, a hacker was sentenced to over six years in prison for hacking into a psychotherapy center’s database, accessing thousands of patient records, and demanding ransoms. This extensive breach led to severe repercussions, with thousands of individuals impacted. The case highlighted the vulnerabilities in protecting sensitive health data and the harsh penalties for cybercrimes involving personal information.

Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.

Leave a Reply

Your email address will not be published. Required fields are marked *