Pierre Delcher reports: Despite our continuous research efforts to detect cyberattacks and enable defense, we often feel that we, as members of a global community, are failing to achieve an adequate level of cybersecurity. This is threatening the proper development and use of information technologies and digital assets, and as a consequence, most of society’s…
Category: Commentaries and Analyses
Too Cheap, Too Convenient: Replicas Offering Billions of User Records
Researchers at GDI Foundation recently took a look at sites where you can find or buy records with users’ login credentials. The researchers validated the accuracy of some the records by contacting individuals whose details they found on some sites. The risk of such sites is obvious — criminals can cheaply buy data that they…
Ransomware gangs are now cold-calling victims if they restore from backups without paying
Earlier this week, DataBreaches.net reported that a Georgia dental group was surprised to get a phone call from threat actors informing them that their files had been exfiltrated by the ransomware threat actors. It seems that when they had detected anomalies, they wiped the server and reinstalled from backup, and perhaps never noticed any “read…
A rough week in ransomware….
The following are just a few of the entities hit by ransomware attacks this week: USNR LLC is a manufacturing firm in Woodland, Washington. On their site, they describe themselves as “the world’s largest, most comprehensive supplier of equipment and technologies for the wood processing industry.” And according to a notification they sent, on September…
Attacked by ransomware, Golden Gate Regional Center continues providing services to developmentally disabled clients
On September 29, DataBreaches.net sent an email to Golden Gate Regional Center (GGRC) asking about claims by Conti threat actors that they had encrypted GGRC’s system(s). As proof, the attackers had uploaded more than a dozen files. GGRC, a state- and federally-funded nonprofit organization serving individuals with developmental disabilities in Marin, San Francisco and San…
Persist, Brick, Profit -TrickBot Offers New “TrickBoot” UEFI-Focused Functionality
AdvIntel & Eclypsium write: TrickBot malware now has functionality designed to inspect the UEFI/BIOS firmware of targeted systems. This marks a significant step in the evolution of TrickBot. Firmware level threats carry unique strategic importance for attackers. It is clear that TrickBot will benefit greatly from including a UEFI level bootkit in their kill chain….