February 7, 2024 TLP:CLEAR Report: 202402071200 Executive Summary Akira ransomware is a relatively new ransomware gang that has demonstrated aggressive and capable targeting of the U.S. health sector in its short lifespan. U.S. healthcare organizations are advised to follow the steps in this alert to minimize their risk of attack. Overview Akira ransomware was first…
Category: Commentaries and Analyses
Ransomware Payments Exceed $1 Billion in 2023, Hitting Record High After 2022 Decline
Chainalysis got everyone’s attention with their new report. They write, in part: 2023 marks a major comeback for ransomware, with record-breaking payments and a substantial increase in the scope and complexity of attacks — a significant reversal from the decline observed in 2022, which we forewarned in our Mid-Year Crime Update. Ransomware payments in 2023 surpassed…
Protect Good Faith Security Research Globally in Proposed UN Cybercrime Treaty
Statement to be submitted by the Electronic Frontier Foundation, accredited under operative paragraph No. 9 of UN General Assembly Resolution 75/282, on behalf of 124 signatories. We, the undersigned, representing a broad spectrum of the global security research community, write to express our serious concerns about the UN Cybercrime Treaty drafts released during the sixth session and the most recent…
Was BrightStar Care attacked by two different groups — or was there only one breach?
On January 24, DataBreaches was contacted by a spokesperson for AlphV (“BlackCat”) to see if this site would be interested in reporting on a breach involving BrightStar Care (“BrightStar”). BrightStar had been added to their dark web leak site that day but without any proof of claim. The spokesperson was offering to show DataBreaches data…
Cloudflare hacked using auth tokens stolen in Okta attack
Sergiu Gatlan reports: Cloudflare disclosed today that its internal Atlassian server was breached by a suspected ‘nation state attacker’ who accessed its Confluence wiki, Jira bug database, and Bitbucket source code management system. The threat actor first gained access to Cloudflare’s self-hosted Atlassian server on November 14 and then accessed the company’s Confluence and Jira…
Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider
Brian Krebs reports: On Jan. 9, 2024, U.S. authorities arrested a 19-year-old Florida man charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. Sources close to the investigation tell KrebsOnSecurity the accused was a key member of a criminal hacking group blamed for a string of cyber…