cyber resilience | Breaking Cybersecurity News | The Hacker News

The  ransomware industry surged in 2023  as it saw an alarming 55.5% increase in victims worldwide, reaching a staggering 5,070.  But 2024 is starting off showing a very different picture.  While the numbers skyrocketed in Q4 2023 with 1309 cases, in Q1 2024, the ransomware industry was down to 1,048 cases. This is a 22% decrease in ransomware attacks compared to Q4 2023. Figure 1: Victims per quarter There could be several reasons for this significant drop.  Reason 1: The Law Enforcement Intervention Firstly, law enforcement has upped the ante in 2024 with actions against both LockBit and ALPHV. The LockBit Arrests In February, an international operation named "Operation Cronos" culminated in the arrest of at least three associates of the infamous LockBit ransomware syndicate in Poland and Ukraine.  Law enforcement from multiple countries collaborated to take down LockBit's infrastructure. This included seizing their dark web domains and gaining ac...

A botnet previously considered to be rendered inert has been observed enslaving end-of-life (EoL) small home/small office (SOHO) routers and IoT devices to fuel a criminal proxy service called Faceless. " TheMoon , which  emerged  in  2014 , has been operating quietly while growing to over 40,000 bots from 88 countries in January and February of 2024," the Black Lotus Labs team at Lumen Technologies  said . Faceless,  detailed  by security journalist Brian Krebs in April 2023, is a malicious residential proxy service that's offered its anonymity services to other threat actors for a negligible fee that costs less than a dollar per day. In doing so, it allows the customers to route their malicious traffic through tens of thousands of compromised systems advertised on the service, effectively concealing their true origins. The Faceless-backed infrastructure has been assessed to be used by operators of malware such as  SolarMarker  and  Ic...

Incident response (IR) is a race against time. You engage your internal or external team because there's enough evidence that something bad is happening, but you're still blind to the scope, the impact, and the root cause. The common set of IR tools and practices provides IR teams with the ability to discover malicious files and outbound network connections. However, the identity aspect - namely the pinpointing of compromised user accounts that were used to spread in your network - unfortunately remains unattended. This task proves to be the most time-consuming for IR teams and has become a challenging uphill battle that enables attackers to earn precious time in which they can still inflict damage.  In this article, we analyze the root cause of the identity of IR blind spots and provide sample IR scenarios in which it acts as an inhibitor to a rapid and efficient process. We then introduce Silverfort's Unified Identity Protection Platform and show how its real-time MFA and ident...

A new wave of phishing messages distributing the  QakBot  malware has been observed, more than three months after a law enforcement effort saw its infrastructure dismantled by infiltrating its command-and-control (C2) network. Microsoft, which made the discovery, described it as a low-volume campaign that began on December 11, 2023, and targeted the hospitality industry. "Targets received a PDF from a user masquerading as an IRS employee," the tech giant  said  in a series of posts shared on X (formerly Twitter). "The PDF contained a URL that downloads a digitally signed Windows Installer (.msi). Executing the MSI led to Qakbot being invoked using export 'hvsi' execution of an embedded DLL." Microsoft said that the payload was generated the same day the campaign started and that it's configured with the previously unseen version 0x500. Zscaler ThreatLabz, in a post shared on X, described the resurfaced QakBot as a 64-bit binary that utilizes AES ...

Today's security leaders must manage a constantly evolving attack surface and a dynamic threat environment due to interconnected devices, cloud services, IoT technologies, and hybrid work environments. Adversaries are constantly introducing new attack techniques, and not all companies have internal Red Teams or unlimited security resources to stay on top of the latest threats. On top of that, today's attackers are indiscriminate and every business - big or small - needs to be prepared. It is no longer enough for security teams to  detect and respond ; we must now also  predict and prevent . To handle today's security environment, defenders need to be agile and innovative. In short, we need to start thinking like a hacker.  Taking the mindset of an opportunistic threat actor allows you to not only gain a better understanding of potentially exploitable pathways, but also to more effectively prioritize your remediation efforts. It also helps you move past potentially harm...

Validate security continuously across your full stack with Pen Testing as a Service. In today's modern security operations center (SOC), it's a battle between the defenders and the cybercriminals. Both are using tools and expertise – however, the cybercriminals have the element of surprise on their side, and a host of tactics, techniques, and procedures (TTPs) that have evolved. These external threat actors have now been further emboldened in the era of AI with open-source tools like ChatGPT. With the potential of an attack leading to a breach within minutes, CISOs now are looking to prepare all systems and assets for cyber resilience and rapid response when needed. With tools and capabilities to validate security continuously – including penetration testing as a service – DevSecOps teams can remediate critical vulnerabilities fast due to the easy access to tactical support to the teams that need it the most. This gives the SOC and DevOps teams tools to that remove false po...