Latest news with #ransomware
Forbes
18 minutes ago
- Business
- Forbes
FBI Warning Issued As 2FA Bypass Attacks Surge — Act Now
The FBI issues Scattered Spider attack warning. When the Federal Bureau of Investigation issues a cybersecurity alert, you would be well advised to pay attention and take action. Whether that's involving malicious SMS messages, AI-powered phishing attacks, or, as I recently reported, the skyrocketing number of ransomware threats. And ransomware is the subject of this latest, critical, warning from the FBI. This time involving the Scattered Spider threat group which has made headlines after taking responsibility for multiple retail sector attacks including that against Marks & Spencer in the U.K. which is estimated to have cost the high street chain at least $600 million. Now the group is targeting the airline industry, the FBI has warned, both directly and through the entire supply chain. Here's what you need to know. FBI Confirms Scattered Spider Attacks Targeting Transportation A June 26 report from ransomware analysts at Halcyon warned that there were 'indications that Scattered Spider is also now targeting the Food, Manufacturing, and Transportation (particularly Aviation) sectors in the US.' This has now been confirmed by the FBI which provided a statement to me by email that said: 'The FBI has recently observed the cybercriminal group Scattered Spider expanding its targeting to include the airline sector.' The statement continued to confirm that the ransomware group is using the same methods during this surge of attacks into new sectors, namely 'social engineering techniques, often impersonating employees or contractors to deceive IT help desks into granting access.' Specifically, Scattered Spider looks to bypass mutli-factor authentication, commonly referred to as MFA or 2FA, by using various methods to get those help desks to 'add unauthorized MFA devices to compromised accounts.' Scattered Spider has been on the FBI radar for a number of years, with a joint cybersecurity advisory alongside the Cybersecurity and Infrastructure Security Agency published in 2023 in response to what it described as 'activity by Scattered Spider threat actors against the commercial facilities sectors and subsectors.' The FBI told me that it is currently actively working with aviation and industry partners 'to address this activity and assist victims,' and urged anyone who thinks their organization may have been targeted to contact their local FBI office. In the meantime, beware of anyone asking for unauthorized 2FA devices to be added to accounts and follow established security processes and procedures to the letter, no matter what the person making the request may say.
Wall Street Journal
15 hours ago
- Politics
- Wall Street Journal
New York Orders Local Governments to Start Reporting Cyberattacks
New York Gov. Kathy Hochul signed legislation Friday that requires local governments in the state to begin reporting cyberattacks on their networks. The new law orders municipalities and public authorities to notify the state's Department of Homeland Security and Emergency Services within 72 hours of a hack. It also obliges these organizations to report any ransom payments made to hackers within 24 hours and mandates security awareness training for government employees in New York.
Zawya
21 hours ago
- Business
- Zawya
South Africa is a prime target for ransomware attacks: How to safeguard your system?
Ransomware attacks have become a significant threat to South African businesses, with the country emerging as a top target in Africa. The prevalence of these attacks is driven by a combination of factors, including the rapid digital transformation of businesses, the increasing sophistication of cybercriminals, and the economic incentives for attackers. South Africa's relatively strong economy and high levels of digital adoption make it an attractive target for ransomware operators, who know that businesses and institutions here are more likely to pay ransoms to recover critical data. Why South Africa is a hotspot for ransomware South Africa's position as a regional economic hub means that its businesses and government institutions store vast amounts of sensitive data online. Cybercriminals are well aware of this, and they exploit vulnerabilities in outdated systems, weak passwords, and human error to infiltrate networks. For instance, a healthcare provider could fall victim to a ransomware attack if its systems are not updated with the latest security patches, allowing attackers to encrypt patient records and demand a hefty ransom. Similarly, a financial institution might be targeted if employees click on a phishing email, granting attackers access to the network. Common tactics used by ransomware operators Ransomware attacks often begin with phishing emails, where attackers use social engineering to trick employees into clicking malicious links or downloading infected attachments. Once inside the network, the ransomware spreads rapidly, encrypting files and rendering them inaccessible. Attackers then demand payment in exchange for decryption keys. In some cases, they also steal sensitive data and threaten to leak it if the ransom is not paid. Another common tactic is using exploit kits, which scan systems for vulnerabilities and deploy ransomware payloads without the need for user interaction. For example, a manufacturing company could be targeted through a compromised website, where an exploit kit silently installs ransomware on its systems. The cost of ransomware attacks The financial impact of ransomware attacks can be devastating. Beyond the ransom itself, businesses face costs related to downtime, lost revenue, and reputational damage. A retail chain might lose millions of rands in sales during a ransomware-induced shutdown, while a logistics company could suffer delays in delivering goods, leading to customer dissatisfaction. Moreover, the recovery process could take weeks or months, compounding the financial losses. Prevention is key: building resilient infrastructure Businesses must adopt a proactive approach to cybersecurity to protect themselves from ransomware. This starts with regular employee training to recognise phishing attempts and other social engineering tactics. Companies should also implement robust password policies and multi-factor authentication (MFA) to reduce the risk of unauthorised access. Keeping software and systems up to date is crucial, as outdated systems are a common entry point for ransomware. Partnering with an experienced IT security provider can make a significant difference in preventing ransomware attacks. An expert partner can help businesses identify vulnerabilities, implement advanced monitoring tools, and develop a comprehensive incident response plan. For example, a small business might work with an IT partner to deploy endpoint protection software that detects and blocks ransomware before it can encrypt files. Additionally, regular backups of critical data, stored securely offsite, can ensure businesses recover quickly without paying a ransom. A multi-layered defence strategy A multi-layered approach to cybersecurity is essential for safeguarding against ransomware. This means having multiple layers of security measures in place, each one adding a different level of protection, such as firewalls, email security, and intrusion detection systems, which can be used to block attacks at the perimeter. Inside the network, businesses should use tools that monitor for suspicious activity and automatically respond to potential threats. For example, a financial institution might use machine learning algorithms to analyse network traffic and detect anomalies that could indicate a ransomware attack. While prevention is the best defence, cyber insurance can provide additional protection. Policies that cover ransomware attacks can help businesses recover financially from the costs of downtime, data recovery, and ransom payments. However, insurers are increasingly scrutinising the cybersecurity measures of their clients, meaning businesses with stronger defences might benefit from lower premiums. Ransomware attacks are a growing threat to South African businesses but are not inevitable. By investing in robust cybersecurity measures, training employees, and working with expert IT partners, businesses can significantly reduce their risk of becoming a target. Prevention is key, and a proactive approach to cybersecurity can help ensure that businesses remain resilient in this evolving threat.
News.com.au
a day ago
- News.com.au
Wild thing alleged Western Sydney Uni hacker has to do before release on bail
An alleged hacker accused of ransoming gigabytes of data stolen from Western Sydney University is set to be released on bail but not before her housemate hands over her smart TV. Kingswood woman and firmware engineer Birdie Kingston, 27, appeared via videolink in Parramatta Local Court on Friday, two days after being arrested on a string of serious charges relating to an alleged data breach at the institution. Police opposed her release on bail citing the risk that she could gain access to cloud servers and delete evidence before investigating officers could access them, the court was told on Friday. The former WSU student was arrested over a series of alleged cyber attacks spanning four years with police arguing she was driven by a grievance against the institution. Police have alleged that from 2021 her cyber attacks escalated dramatically, from securing discounted parking and changing her grades before she last year threatened to release data onto the internet. The court heard on Friday she allegedly demanded $80,000 in exchange for the stolen data. She threatened to sell personal information on the dark web and it has been estimated that hundreds of university staff and students were affected, it has been alleged. It's not alleged that the data was ever posted to the internet and the university did not pay the ransom. She was first spoken to by police in 2023 but was not arrested until this week when she was charged with 20 offences. She is facing 10 counts of accessing/modifying restricted data, four counts of unauthorised modification of data, two counts of unauthorised function with intent serious offence, possess data with intent to commit computer offence, dishonestly obtaining property by deception, dishonestly obtaining financial advantage by deception, attempting to dishonestly obtain financial advantage by deception and demand with menaces. Police seized mobile phones and computers from her Kingswood apartment and are combing through mountains of data that is located on cloud servers belonging to Ms Kingston. Ms Kingston appeared in Parramatta Local Court on Friday morning, dressed in the same sweater she was wearing when she was arrested on Wednesday. The police opposed her release on bail, citing the risk of her committing serious offences and tampering with evidence. The court was told on Friday that police were in the process of trying to get access to cloud servers belonging to Ms Kingston. And they were concerned that if she was on bail, that she could get in and delete evidence. Police had accessed one server, but were yet to gain access to others. The court was told that the servers had about 160GB of data on them. In arguing for her release, her solicitor argued that custody would be more onerous given that she had several medical conditions - including ADHD, autism and a heart condition - and because she was transgender. Acting Magistrate Judith Sweeney described Ms Kingston's alleged offending as 'sophisticated, ongoing' and 'impacting people's lives in a way that is unconscionable'. She noted many people had been affected by hacking and identity theft, such as the 2022 Optus data breach. Ms Kingston was released on bail on strict conditions including that she live with her flatmate at Kingston, abide by a curfew and report to police daily. Ms Kingston is also banned from accessing the internet or owning an internet-capable phone. And before she was released, the court ordered that her flatmate surrender her smart TV so there was no risk of Ms Kingston accessing the internet. Ms Kingston will return to court on July 18.
CNA
a day ago
- Business
- CNA
Hawaiian Airlines hit by cyber attack
WASHINGTON :Hawaiian Airlines said on Thursday that some of its IT systems were disrupted by a hack, adding its flights were operating as scheduled. In a statement, Hawaiian Airlines said 'some of our IT systems' had been affected by a 'cybersecurity event.' The nature of the event was not disclosed, but that kind of language is typically used in cases of ransomware incidents, where digital extortionists paralyze a victim's computer network until a cryptocurrency ransom is paid. The airline, which is owned by Alaska Air Group, said it had 'taken steps to safeguard our operations, and our flights are operating safely and as scheduled.' Reuters could not immediately ascertain the extent of the disruption at Hawaiian, but a representative responded using a Gmail address when contacted to seek further details. The Federal Aviation Administration said its safety office responsible for airline oversight is in contact with Hawaiian Airlines. "There has been no impact on safety, and the airline continues to operate safely. We are monitoring the situation," the agency said in a statement.
