Articles

Sprite Spider emerging as one of the most destructive…

Having flown under the radar for several years, the Sprite Spider group is using a ransomware code suite that is effective and hard to detect.

At the recent SANS Cyber Threat Intelligence Summit, two CrowdStrike cybersecurity leads, Senior Security Researcher Sergei Frankoff and Senior Intelligence Analyst Eric Loui, offered details on an emerging major ransomware actor they call Sprite Spider. Like many other ransomware attackers, the gang behind Sprite Spider’s attacks has grown rapidly in sophistication and damage capacity since 2015.

Today Sprite Spider is poised to become one of the biggest ransomware threat actors of 2021 and has a threat profile on par with what advanced persistent threat actors were five or ten years ago. Sprite Spider’s rise as a sophisticated threat is not surprising given that it, like many other organized ransomware gangs are filled with hackers who are often gainfully employed by nation-state threat actors.

This article appeared in CSO Online. To read the rest of the article please visit here.

Photo by Dev Leigh on Unsplash

 

Articles

Egregor ransomware group explained: And how to defend against…

Newly emerged Egregor group employs “double ransom” techniques to threaten reputational damage and increase pressure to pay.

Egregor is one of the most rapidly growing ransomware families. Its name comes from the occult world and is defined as “the collective energy of a group of people, especially when aligned with a common goal,” according to Recorded Future’s Insikt Group. Although descriptions of the malware vary from security firm to security firm, the consensus is that Egregor is a variant of the Sekhmet ransomware family.

It arose in September 2020, at the same time the Maze ransomware gang announced its intention to shut down operations. Affiliates who were part of the Maze group appear, however, to have moved on to Egregor without skipping a beat.

Insikt and Palo Alto Networks’ Unit 42 think Egregor is associated with commodity malware such as Qakbot, which became prominent in 2007 and uses a sophisticated, evasive worm to steal financial credentials, as well as other off-the-shelf malware such as IcedID and Ursnif. These pieces of malware help attackers gain initial access to victims’ systems.

All security researchers seem to agree with Cybereason’s Nocturnus Team that Egregor is a rapidly emerging, high-severity threat. According to security firm Digital Shadows, Egregor has claimed at least 71 victims across 19 different industries worldwide

This article appeared in CSO Online. To read the rest of the article please visit here.

 

 

Articles

Ransomware attacks growing in number, severity: Why experts believe…

lead centered=”no”
Law enforcement and federal experts discuss recent ransomware trends and challenges of fighting the attacks.
/lead

Ransomware has become the most chronic and common threat to digital networks. At a time when 41% of all cybersecurity insurance claims flow from ransomware attacks, it’s no surprise that ransomware is top of mind for leading security experts, government officials and law enforcement leaders.

“I think ransomware is going to get worse and I hate to say it, but it’s almost the perfect crime,” Mark Weatherford, chief strategy officer and board member of the non-profit National Cyber Security Center, told attendees at the third annual Hack the Capitol event. “It’s easy to pull off and it’s almost impossible to get caught.”

While major ransomware events grab all the headlines, Weatherford worries about the smaller victims of ransomware attackers. “Small- and medium-sized businesses simply don’t have the resources or the technical acumen to understand the threat environment that they live in,” he said.

Sometimes it can seem like a ransomware attack is inevitable. “A lot of my friends in companies that I talk to on a regular basis literally are waiting for that shoe to drop when they are the victim of a big ransomware event,” Weatherford said.

This article appeared in CSO Online. To read the rest of the article please visit here.

Photo by Michael Geiger on Unsplash

Articles

Security in the spotlight as the US heads into…

lead centered=”no”
A new report and tabletop exercise show how the upcoming US elections could be disrupted at the local government level without hacking the election itself.
/lead

Attacks on the digital infrastructures of US state, local, tribal and territorial (SLTT) governments continue at a healthy clip, a chronic trend that does not bode well for election security as the nation moves into the crucial run-up to the 2020 presidential election. Although a lot of research has focused on the potential hacking of election equipment and related backend infrastructure, recent studies and exercises suggest that adversaries can disrupt the democratic process almost as well by simply targeting other local government and community systems.

In a report released today, cybersecurity firm Blue Voyant presents the results of a study that examined the local governments’ cybersecurity posture in 108 jurisdictions going back to 2017. They found a steep rise in ransomware attacks on SLTT governments from 2017 to 2019 and a jump in the amount of ransom demanded from $30,000 in 2017 to $380,000 in 2019, with some ransom amounts exceeding $1 million.

This article appeared in CSO Online. To read the rest of the article please visit here.

Photo by Tiffany Tertipes on Unsplash

Articles

To pay or not pay a hacker’s ransomware demand?…

lead centered=”no”
A recent call for city leaders to stop paying ransomware demands underscores the need for municipalities to step up their cyber practices and have a good backup process in place.
/lead

Baltimore Mayor Jack Young announced last week that the U.S. Conference of Mayors (UCSM) passed a resolution calling on mayors to oppose the payment of ransomware attackers. The resolution states that “at least 170 county, city or state government systems have experienced a ransomware attack since 2013” with 22 of those occurring in 2019 so far.

One of those cities is Young’s own Baltimore, which was crippled by a Robbinhood ransomware attack on May 7, causing well more than a month’s worth of turmoil and city service outages that brought down real estate sales in the city and ultimately cost $18 million (and counting) in recovery costs and lost revenues. Baltimore applied for federal disaster funds, and the city’s IT chief publicly apologized for doing a “poor job” of communicating in the wake of the attack. Mayor Young and IT experts say it will still be months before Baltimore’s systems are fully functional.

Baltimore’s ransomware disaster could have theoretically been minimized if the city had paid the hacker’s initial ransom demand of what was then about $76,000 in bitcoin, less than 1% of the ultimate cost of the attack. At least two other cities recently hit by ransomware made their own calculations and decided to do just that.

This article appeared in CSO Online. To read the rest of the article please visit here.

Articles

Why local governments are a hot target for cyberattacks

lead centered=”no”
Recent ransomware and other attacks underscore the value attackers see in the data stored in city and regional government systems. Here’s why they are vulnerable and what they can do to reduce the threat.
/lead

Despite what appears to be a recent spurt in municipal ransomware attacks, these infections are nothing new to the nation’s cities. The most high-profile municipal ransomware attack took place over a year ago in March 2018 when the city of Atlanta was crippled by SamSam ransomware. According to Wired magazine, the city of Atlanta ended up spending $2.6 million to respond to that attack, roughly 52 times the amount of the $50,000 or so in ransom demanded by the attackers.

Still, the recent spate of attacks raises the question: Are municipal ransomware infections on the rise? According to some municipal cybersecurity experts, cities have long grappling with malware and ransomware attacks at the same rate as private sector organizations, but are just now becoming more public about it.

This article appeared in CSO Online. To read the rest of the article please visit here.