Researchers at GDI Foundation recently took a look at sites where you can find or buy records with users’ login credentials. The researchers validated the accuracy of some the records by contacting individuals whose details they found on some sites. The risk of such sites is obvious — criminals can cheaply buy data that they…
Category: Commentaries and Analyses
Ransomware gangs are now cold-calling victims if they restore from backups without paying
Earlier this week, DataBreaches.net reported that a Georgia dental group was surprised to get a phone call from threat actors informing them that their files had been exfiltrated by the ransomware threat actors. It seems that when they had detected anomalies, they wiped the server and reinstalled from backup, and perhaps never noticed any “read…
A rough week in ransomware….
The following are just a few of the entities hit by ransomware attacks this week: USNR LLC is a manufacturing firm in Woodland, Washington. On their site, they describe themselves as “the world’s largest, most comprehensive supplier of equipment and technologies for the wood processing industry.” And according to a notification they sent, on September…
Attacked by ransomware, Golden Gate Regional Center continues providing services to developmentally disabled clients
On September 29, DataBreaches.net sent an email to Golden Gate Regional Center (GGRC) asking about claims by Conti threat actors that they had encrypted GGRC’s system(s). As proof, the attackers had uploaded more than a dozen files. GGRC, a state- and federally-funded nonprofit organization serving individuals with developmental disabilities in Marin, San Francisco and San…
Persist, Brick, Profit -TrickBot Offers New “TrickBoot” UEFI-Focused Functionality
AdvIntel & Eclypsium write: TrickBot malware now has functionality designed to inspect the UEFI/BIOS firmware of targeted systems. This marks a significant step in the evolution of TrickBot. Firmware level threats carry unique strategic importance for attackers. It is clear that TrickBot will benefit greatly from including a UEFI level bootkit in their kill chain….
Three Estonian ministries had significant data breaches in November
Sten Hankewitz reports: According to the Estonian Information System Authority – also known by its Estonian acronym, RIA – three Estonian ministries reported cybersecurity incidents in November that resulted in significant breaches of personal data. The three ministries were the economy ministry, the foreign ministry and the social affairs ministry. “The affected ministries have been…