Ransomware hackers extorted $1bn across 2023, according to data insights company and blockchain platform.

The company published a report showing the extent of malicious hacking and developing trends affecting entities across the last year.

Chainanalysis provides data, software, services, and research to government agencies and companies across seventy countries.

”Our data powers investigation, compliance, and market intelligence software that has been used to solve some of the world’s most high-profile criminal cases and grow consumer access to cryptocurrency safely,” says the company site.

The report details a staggering increase of $433 million in ransom taken from victims compared to 2022, growing to the highest-ever rate of $1bn in 2023.

Report shows biggest ransomware attack of 2023

The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI) released a Cybersecurity Advisory (CSA) in June of last year highlighting the MOVEit vulnerability, carried out by the CL0P Ransomware Gang.

This would be one of the biggest reported ransomware attacks recorded and was the spike point of 2023’s issue with ‘Zero-Day’ exploits.

What is a Zero-Day?

The report details this as a ‘Zero-Day’ vulnerability that compromised multiple institutions simultaneously. The attack is given this name as it gives the developers zero days to respond to it as it exploits an existing crack in the defenses they were unaware of.

The MOVEit hack was like finding all the keys to multiple company lockboxes in one big digital bank vault.

The hack hit several established institutions and exploited a vulnerability in the file transfer system. The software owner would announce that the service had been compromised with sensitive data, including personal details, and in some cases, banking information was in the hands of hackers.

Sony, the BBC, and Flagstar Bank were a few of those affected. The Maine Attorney General documented that 837,390 users had their data violated, with the report stating, “Information Acquired — Name or other personal identifiers in combination with Social Security Number.”

The Japanese tech giant, Sony, would also send letters to those affected stating that the company wanted to “provide you with information about a cybersecurity event related to one of our IT vendors, Progress Software, that involved some of your personal information.”

“This event was limited to Progress Software’s MOVEit Transfer platform and did not impact any of our other systems.”

This would extort massive amounts of data and considerably damage Progress Software’s reputation.

U.S. Federal forces and companies across the globe will be hoping that the number of attacks and the amount extorted will fall across 2024.

The post U.S. insights company shows ransomware hackers drew in $1bn across 2023 appeared first on ReadWrite.

Iranian state-backed hackers, identified as part of the Islamic Revolutionary Guards, recently disrupted TV streaming services in the United Arab Emirates, according to a recent Guardian report. They broadcasted a deepfake newsreader delivering a fabricated report on the war in Gaza, as reported by Microsoft analysts. This operation, dubbed “For Humanity” by the hackers, involved an AI-generated news anchor presenting unverified images purportedly showing Palestinians harmed by Israeli military actions in Gaza. The Iranian-backed hackers, known as Cotton Sandstorm, showcased their intrusion into three online streaming services on the Telegram messaging platform, interrupting news channels with the fake broadcaster.

In one instance, Dubai residents using a HK1RBOXX set-top box encountered a message claiming the necessity of hacking to deliver a message, followed by the AI-generated anchor introducing “graphic” footage and a ticker detailing casualties in Gaza. The disruptions extended to Canada and the U.K., affecting channels including the BBC, though the BBC itself was not directly hacked.

This incident marks the first time Microsoft has detected an Iranian influence operation leveraging AI as a significant component of its messaging. It represents a notable escalation in the scope of Iranian operations since the onset of the Israel-Hamas conflict, reaching audiences in the UAE, U.K., and Canada.

Deepfakes and election disruption

The rise of generative AI, capable of producing convincing text, voice, and images from simple prompts, has led to an increase in deepfake content online. Such technology poses a risk of being used to disrupt elections, including the upcoming 2024 U.S. presidential election. Iran’s history of targeting the 2020 U.S. election with cyber-campaigns, including impersonating American extremists and spreading disinformation about voting infrastructure, underscores the potential threat posed by these capabilities.

Microsoft’s report highlights the broad range of cyber-attacks and online influence operations launched by Iranian state-backed actors since the Hamas attacks on Oct. 7. These tactics have included exaggerating the impact of cyber-attacks, leaking personal data from an Israeli university, and targeting pro-Israel countries like Albania and Bahrain, as well as the U.S.

The post Iranian hackers broadcast deepfake news in cyber attack on UAE streaming services appeared first on ReadWrite.

The Cybersecurity & Infrastructure Security Agency, National Security Agency, and the Federal Bureau of Investigation released a joint advisory this week stating that China-backed hackers Volt Typhoon have maintained persistent access to some critical USA infrastructure for “at least five years.”

The advisory states that cybersecurity hackers backed by the People’s Republic of China (PRC) are positioning themselves on the IT networks of American infrastructure systems so they can launch “disruptive or destructive” cyberattacks if the USA faces any major crisis or conflict.

In the advisory, it is stated that Volt Typhoon are state-sponsored and backed by the Chinese government. They are known to exploit vulnerabilities in critical infrastructure such as routers, firewalls, and VPNs, targeting key industries such as water, communications, transport, and energy. The exploitations have been found across the continental and non-continental United States, including Guam.

According to the advisory, Volt Typhoon’s activities differ significantly from traditional cyber espionage or intelligence-gathering activity. The agencies behind the advisory believe they are positioning themselves ready for a lateral move into disruptive activities.

Volt Typhoon’s methods have relied heavily on stolen administrator passwords and insufficiently secure front-end security. It has enabled them to take control of some camera surveillance systems to gain a further upper hand. They have been known to use “living off the land” attacks to hide their activities.

What are “living off the land” attacks?

“Living off the land” (LOTL) attacks help cyber attackers go unnoticed. Whereas many attacks use files and leave traces behind, LOTL attacks use legitimate tools on the target system to conduct malicious activities. This makes it very hard to detect using traditional security measures which look for scripts and files as the signature of attacks.

Cybersecurity is constantly evolving and it’s vital to keep systems updated with the latest security measures. Research into the benefits of artificial intelligence (AI) in cybersecurity is ongoing but AI will likely have more success against techniques such as LOTL due to their enhanced analytical powers.

Featured image credit: Pixabay via Pexels

The post Chinese hackers Volt Typhoon had critical US infrastructure access for 5 years appeared first on ReadWrite.

China-backed hackers have been infiltrating major U.S. critical infrastructure sectors for “at least five years,” an intelligence advisory revealed today. This campaign, detailed by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the NSA, and the FBI, underscores a bold shift in China’s cyber operations strategy, extending beyond traditional espionage to potentially seizing control of vital U.S. systems.

The advisory sheds light on the activities of the China-associated hacking group, Volt Typhoon, which has systematically targeted and gained prolonged access to networks within critical sectors, including water, transportation, energy, and communications. By exploiting vulnerabilities in routers, firewalls, and VPNs, and leveraging stolen administrator credentials, Volt Typhoon has not only infiltrated but also maintained its foothold within these essential systems for years.

One alarming capability of Volt Typhoon is its control over surveillance camera systems of some victims, which, combined with its sustained network access, could enable the group to disrupt critical controls in energy and water facilities. The use of “living off the land” techniques by the group — utilizing built-in tools to minimize detection — further complicates efforts to identify and mitigate these threats.

International concerns and defensive measures

The advisory, which also drew contributions from authorities in Canada, Australia, and New Zealand, highlights a growing international concern over China’s cyber activities. The collaborative warning points to a broader pattern of targeting by China, not limited to the U.S. but extending to other allied nations as well.

This revelation comes amid heightened U.S. apprehensions that China might initiate destructive cyberattacks in the context of escalating tensions over Taiwan. Previous alerts from Microsoft and the U.S. government have indicated Volt Typhoon’s strategic positioning to attack U.S. infrastructure, including water utilities and ports. Although recent efforts have thwarted the group’s immediate access, officials caution that Volt Typhoon remains determined to find alternative entry points.

The advisory underscores the systemic vulnerabilities plaguing U.S. critical infrastructure, from inadequate password management and security update protocols to financial constraints hindering security improvements in sectors like water systems. Legal obstacles have further impeded government efforts to mandate cybersecurity audits.

In response to these China-backed hackers, U.S. cyber defense agencies are urging infrastructure operators to strengthen their security postures. Recommended measures include applying software updates to all internet-facing systems, enabling multi-factor authentication, and activating activity logs to monitor for suspicious behavior.

The post China-linked hackers target US infrastructure for over five years appeared first on ReadWrite.

Part of the Pennsylvania Courts online system has fallen victim to a cyber attack.

The Chief Justice of the US State, Deborah Todd announced that that a denial of service attack (DDoS) had hit the Pennsylvania court website.

Integral court systems such as the PACFile, online docket sheets, PAePay, and the Guardianship Tracking System are affected.

Law enforcement agencies are now involved in diagnosing the extent of the attack.

“Our court information technology and executive team is working closely with law enforcement including the CISA, the U.S. Department of Homeland Security, and the F.B.I to investigate the incident.” The Chief Justice announced via the official statement.

pic.twitter.com/F0HQV0nxYm

— PA Courts (@PACourts) February 5, 2024

This cyber attack restricts litigants, lawyers and key court stakeholders who rely on the court’s online systems to prepare for legal proceedings.

“At this time, there is no indication that any court data was compromised, and our courts will remain open and accessible to the public,” said the Chief Justice.

The Pennsylvania courts will hope that all data remains secure and the investigating legal bodies can bring back the key functions that keep the wheels of the courthouse turning.

For updates on when the Pennsylvania Court website is back up, follow the organization’s X account.

What is a DDoS cyber attack?

A denial of service attack (DDoS) is a targeted attempt by a third party to cripple a digital system by undermining and removing core functions.

It is generally the precursor to information or a system being compromised and then a group will take responsibility for the attack, prompting further developments such as a ransom for extracted data or an official statement from those responsible.

Cyber attacks more than doubled across 2023. According to security firm Armis, in January, legacy systems were the cause of many breaches and assaults on digital security.

The FBI however managed to eradicate the Volt Typhoon bot net earlier this month after a series of routers were flagged as compromised. The coordinated strike operation prevented the reinfection of the routers and removed the malware that was deployed by the hackers.

FBI Director Christopher Wray said “Volt Typhoon malware enabled China to hide as they targeted our communications, energy, transportation, and water sectors. Their pre-positioning constitutes a potential real-world threat to our physical safety that the FBI is not going to tolerate.”

Image credit:  Pete Linforth from Pixabay

The post Pennsylvania Court website down in DDoS cyber attack appeared first on ReadWrite.

The FBI has suppressed an attack by Chinese hackers Volt Typhoon group.

The concentrated attack focused on routers in an attempt to cripple Cisco and Netgear devices in small businesses and homes.

The court-authorized operation prevented reinfection of the routers and removed the malware that was deployed by the hackers.

”The United States will continue to dismantle malicious cyber operations – including those sponsored by foreign governments – that undermine the security of the American people,” said Attorney General Merrick B. Garland in a statement.

FBI’s Houston Field Office and Cyber Division, the U.S. Attorney’s Office for the Southern District of Texas and the National Security Cyber Section of the Justice Department’s National Security Division were responsible for the successful co-ordination and delivery of the operation.

FBI Director Christopher Wray said “Volt Typhoon malware enabled China to hide as they targeted our communications, energy, transportation, and water sectors. Their pre-positioning constitutes a potential real-world threat to our physical safety that the FBI is not going to tolerate.”

”We are going to continue to work with our partners to hit the PRC hard and early whenever we see them threaten Americans.” he concluded.

Disrupting the botnet

The Hackers targeted a vulnerability in old routers that were near the “end of their life” according to the U.S. Department of Justice.

The malware, known as “KV Botnet” had its ties severed by the co-ordinated response from the FBI.

Deputy Attorney General Lisa O. Monaco said that “in wiping out the KV Botnet from hundreds of routers nationwide, the Department of Justice is using all its tools to disrupt national security threats – in real-time.”

The operation did not alter or compromise the devices, nor was any data collected by the response to the Chinese hacker group.

The FBI has contacted the service providers of the Cisco and Netgear devices to inform them of the suppressed corruption of the devices.

In other cybersecurity infrastructure news earlier this month, the Biden Administration announced more robust measures for U.S. hospitals. The new requirements are set to fortify digital defenses in healthcare facilities.

The current administration has been dedicated to finding solutions to cybercrime and building bulwarks against invasive online criminals. Last year the White House laid the foundations of a national cybersecurity certification and labeling program.

Featured image: FBI

The post FBI shuts down Chinese hacker group Volt Typhoon’s Botnet appeared first on ReadWrite.

The U.S. government has thwarted a sophisticated Chinese hacking campaign that posed a serious threat to American and allied critical infrastructure networks, according to the Wall Street Journal. This action, announced on Wednesday, reflects the Biden administration’s heightened vigilance against China’s increasingly advanced hacking capabilities.

Attorney General Merrick Garland emphasized the U.S. commitment to dismantling foreign-sponsored cyber operations that jeopardize American security. This latest effort involved the Justice Department and the FBI taking decisive steps in December to dismantle a botnet—a network of hacked devices—comprising primarily small office and home office (SOHO) routers.

The routers, predominantly Cisco and Netgear products, were vulnerable due to their end-of-life status, meaning they no longer received regular security updates. These routers served as nodes for the hackers, allowing them to conduct their operations covertly. The U.S. officials successfully removed the botnet from these routers and cut off the hackers’ access.

FBI Director Chris Wray issued a stark warning about the Chinese hacking threat, particularly their focus on infiltrating U.S. critical infrastructure networks. In his testimony before the House China committee, Wray highlighted the potential for real-world harm and disruption, noting that Chinese hackers have targeted essential sectors such as water treatment, energy, transportation, and communication systems.

The disrupted hacking campaign, known as Volt Typhoon, has been a concern for the U.S. and its allies for nearly a year. Microsoft and other private-sector entities have reported on this campaign’s attempts to access sensitive networks in various critical sectors. The campaign’s objectives appear to include disrupting communication infrastructure between the U.S. and Asia, potentially impacting American support for Taiwan in the event of a crisis.

China has consistently denied involvement in cyberattacks against the U.S. and other nations. The Chinese Embassy in Washington has not responded to requests for comment on this latest development. This operation by the U.S. government underscores the ongoing cyber warfare landscape and the need for robust cybersecurity measures to protect national infrastructure and interests.

The post FBI and DOJ counter advanced Chinese hacking campaign against American networks appeared first on ReadWrite.

The Nevada Gaming Control Board, the regulatory body overseeing the state’s gaming industry, has experienced a significant cyber attack, leading to the temporary shutdown of its public-facing website. According to Gambling Insider, the attack, which also targeted the Nevada Gaming Commission’s website, has raised concerns about cybersecurity in the state’s gaming sector.

The compromised website contained a variety of public information, including meeting agendas, gaming regulations, press releases, and contact details. However, officials have assured that critical data such as gaming license details and financial records were stored on a separate, secure internal system and were not affected by the breach.

Kirk Hendrick, the Chairman of the Nevada Gaming Control Board, has not yet commented on the specifics of the incident. The Board, however, has been proactive in addressing the situation. In a statement released via social media, they mentioned, “Technology personnel initiated immediate steps to protect the website by taking it offline. The board is working with experts to thoroughly assess the situation. While working to restore the full website, the board is preparing to publish a temporary website for those seeking access to information.”

This cyber attack on the Nevada Gaming Control Board’s website comes in the wake of similar high-profile attacks on major casino operators in Nevada, including MGM Resorts International and Caesars Entertainment, last September. Those incidents led to substantial financial and reputational losses for the companies involved.

In response to the growing threat of cyber attacks, Nevada lawmakers approved funding last June for the Nevada Gaming Control Board to upgrade its information technology system. This system, which is separate from the website, is crucial for the board’s operations and has been in dire need of modernization since it was first implemented in the 1980s.

The recent cyber attack did not impact other state agencies, which continue to operate normally. The Nevada Gaming Commission’s monthly meeting also proceeded as scheduled, with no mention of the cyber incident.

The post Nevada Gaming Control Board’s website compromised in cyber attack appeared first on ReadWrite.

Last year was a bad year for cybersecurity. Just months after US Government emails were hacked, in October 2023, biotech company 23andMe admitted that they too were the victim of hacking.

Per Reuters, this hacking impacted roughly 5.5 million customers, with bad actors being able to access their information online along with the Family Tree profile information of 1.4 million DNA Relative participants.

The company filed a data breach notification last week, and in this letter, more details emerged about the cyber-attack.

New information has emerged about the hack

A new legal filing revealed that hackers first started breaking into customers’ accounts in April 2023, and that this continued right up until the end of September that year. This means that the attack went on unnoticed for five months before it was eventually detected by the genetic testing company. But by that point, it was too late. As reported by TechCrunch, the genetic data of roughly 6.9 million people had already been stolen, which accounts for roughly half of the company’s customer base.

23andMe became aware of the breach after hackers provided a sample of the data they stole on the 23andMe subreddit and other forums. However, according to TechCrunch, the company failed to notice hackers advertising the stolen data on forums as far back as August.

The filing, which is available in the public domain, also includes letters from 23andMe to affected customers. It was in these letters that 23andMe confirmed that the bad actors gained access to customer data via a technique known as ‘credential stuffing’, which involves exploiting previously-compromised login credentials to gain access to customer accounts. Some of the data the hackers stole includes birth years, relationship labels, locations, DNA percentages, and customer names.

When they were made aware of the breach, numerous customers tried to band together and sue 23andMe in a class-action lawsuit. The company then sparked controversy by changing the language of its terms and service, which, purportedly, made it harder for customers to sue.

In a statement in December, 23andme said: “Since detecting the incident, we emailed all customers to notify them of the investigation and are continuing to notify impacted customers, based on applicable laws. We also required every 23andMe customer to reset their password. In addition, 23andMe now requires all new and existing customers to login using two-step verification. Protecting our customers’ data privacy and security remains a top priority for 23andMe, and we will continue to invest in protecting our systems and data.”

Featured Image: Photo by Braňo on Unsplash

The post 23andMe’s data breach: cyberattack was missed for months appeared first on ReadWrite.

Cyber attacks more than doubled in 2023, according to analysis from cyber security firm Armis, as it is claimed many businesses around the world continue to fail to acknowledge the increasing threat to cyber security.

The Armis report that attack attempts were at their peak in July, with imaging, manufacturing and communications devices targeted the most. Attacks on utilities tripled and attacks on manufacturing increased by 165%.

But businesses continue to ignore the growing threat and aren’t taking cyber security seriously, it is believed, with the report suggesting that companies are regularly ignoring blind spots, which is causing a surge in cyber breaches.

Co-founder and CTO of Armis, Nadir Izrael, said: “Armis found that not only are attack attempts increasing, but cyber security blind spots and critical vulnerabilities are worsening, painting prime targets for malicious actors.

“It’s critical that security teams leverage similar intelligence defensively so that they know where to prioritize efforts and fill these gaps to mitigate risk.”

The report goes on to suggest legacy technology is most at risk, with pre-2012 Windows OS versions found to be 77% more likely to experience cyber attacks than newer versions. Moreover, older server versions are reaching end-of-support, leaving them even more vulnerable to attack. This is mostly an issue in the educational services sector, with 18% of organizations facing this very issue.

Businesses in the education industry are 41% more vulnerable compared to other industries, which have a general average of 10%. Other vulnerable industries, due to outdated OS servers are retail, healthcare, manufacturing and public administration.

The report says more than 65,000 common vulnerabilities and exposures (CVEs) were discovered, pointing to wearable devices as having the highest percentage (93%) of unpatched CVEs.

What is a cyber attack?

A cyber attack can be defined as a malicious attempt to gain access to a computer, operating system or network without authorization, with the sole purpose of causing damage and/or stealing confidential information.

These attacks look to disrupt, destroy or control said computer systems and may also intend to steal, block or manipulate the data stored on these systems.

How to prevent a cyber attack?

Typically, installing up-to-date antivirus software protects your computer and network against malware, while firewalls are there to filter traffic that might enter your device.

Other ways people and businesses can protect themselves from cyber security threats include multi-factor authentication, ensuring passwords are strong, password encryption and using robust Virtual Private Networks (VPN).

The most simple way of staying on top of your cyber security is ensuring all of your apps, devices, operating systems and devices are running the most up-to-date versions to ensure security patches are prepared for any new cyber attacks.

Featured Image: Dall-E

The post Cyber attacks doubled in 2023 but businesses remain slow to act appeared first on ReadWrite.

The UK’s National Cyber Security Centre (NCSC) has warned artificial intelligence (AI) will increase the threat of ransomware globally over the next two years.

In a report titled The near-term impact of AI on the cyber threat assessment, organizations and individuals have been encouraged to recognize the situation and take preventative measures.

NCSC – part of GCHQ (similar to America’s NSA), the United Kingdom’s intelligence, security, and cybersecurity agency – takes the position that AI will almost certainly contribute directly to the increase in quantity and impact of cyber attacks moving forward.

The study found cyber criminals and hackers, operating at a lower level of competence, can effectively piggyback on the advances of AI to penetrate further in terms of their operations. This includes improved targeting of victims, adding to the threat of ransomware which was pinpointed as the most acute threat to businesses and groups in the UK.

Crucially, AI is likely to make the discovery of vulnerable devices easier reflecting the gains to be made by threat actors.

James Babbage, Director General for Threats at UK’s National Crime Agency, highlighted the dangers of ransomware as a national security threat, which will be exacerbated by advancements in AI:

“AI services lower barriers to entry, increasing the number of cybercriminals, and will boost their capability by improving the scale, speed and effectiveness of existing attack methods. Fraud and child sexual abuse are also particularly likely to be affected.”

UK cyber threat response

In response to the threat, the British government has pumped £2.6 billion as part of its Cyber Security Strategy to increase its resilience to hostile acts, whilst NCSC and private industry are already returning the serve with AI, to enhance cyber security defenses via improved threat detection and security-by-design.

NCSC CEO Lindy Cameron commented on the risk and reward situation presented by AI:

“The emergent use of AI in cyber attacks is evolutionary, not revolutionary, meaning that it enhances existing threats like ransomware but does not transform the risk landscape in the near term. As the NCSC does all it can to ensure AI systems are secure by design, we urge organizations and individuals to follow our ransomware and cyber security hygiene advice to strengthen their defenses and boost their resilience to cyber attacks.”

Image: Dall-E

The post UK cyber attack: GCHQ warns of AI ransomware threat appeared first on ReadWrite.

Twelve terabytes of data and a staggering 26 billion records comprise the historic data leak from sites like X and Linkedin.

Data researcher Bob Dyachenko worked alongside Cybernews.com to uncover the ‘mother of all breaches’ (MOAB).

The breach is a compilation of existing breaches that have been gathered together on what the researchers are saying is an “unsecured site.” While duplicates are highly likely, the leaked data contains far more information than just credentials – most of the exposed data is sensitive and, therefore, valuable for bad actors.

Mother of all breaches

X was reported to have 281 million breaches, Linked in 251 million, and Deezer 258 million recorded leaks.

China’s messaging app QQ from tech giant Tencent was the most heavily affected with 1.5 billion records exposed, followed by another Chinese app Weibo.

The post X, Linkedin and more hit by ‘mother of all breaches’ data leak appeared first on ReadWrite.

HP CEO, Enrique Lores, has revealed the company has found that ink cartridges can be hacked with viruses and has used this as the reason the company has implemented its Dynamic Security system (DSS), as reported by Ars Technica.

The global IT company is facing another lawsuit over its DSS, which it insists on deploying to its printers. It prevents HP printers from functioning without ink cartridges that have an HP chip or HP electronic circuitry installed. It has installed firmware updates that block printers with non-HP cartridges from printing, which has led to the latest lawsuit.

The suit claims HP printer customers were not made aware that these firmware updates could lead to their printers no longer working if they used third-party cartridges and calls for an injunction preventing the company from issuing printer updates that block cartridges without an HP chip.

But Lores has moved to explain the reasons behind this move by confirming a rather frightening discovery. Speaking to CNBC Television, he said: We have seen that you can embed viruses in the cartridges.

“Through the cartridge, [the virus can] go to the print, [and then] from the printer, go to the network.”

A 2022 article from research company Actionable Intelligence revealed that a researcher in the program uncovered a way to hack a printer via a third-party ink cartridge, but was unable to replicate the same hack when using an HP cartridge. This has seemingly led to HP making moves to prevent such incidents, although it has acknowledged that there’s currently no evidence of such a hack happening in the real world, only claiming that it’s possible.

A stronger case for HP’s subscription model?

As the California-based firm uses potential ink cartridge hacks as an excuse to protect its printers, it’s also another step closer to HP strengthening its subscription model.

They aim to convince printing device owners to commit to HP ink, which subsequently recoups losses from the initial sale of a printer. Lores confirmed that the company loses money when it sells a printer and makes its money through supplies, such as cartridges.

Therefore, HP’s DSS moves to strengthen that decision-making process for the consumer and subsequently increase the company’s recurring revenues via its existing subscription program, Instant Ink, which the company’s CFO, Marie Myers, previously confirmed brought a “20 percent uplift” on the value of a single customer.

With the potential threat of printers and computers being hacked, HP printer owners now have an even larger incentive to subscribe.

Featured Image: World Economic Forum/Flickr/ CC 2.0 license

The post HP CEO reveals ink cartridge hack ahead of lawsuit appeared first on ReadWrite.

VF Corp, the parent company of popular sneaker brand Vans, has disclosed a significant data breach impacting approximately 35.5 million consumers, according to a recent Reuters report. The breach, which stemmed from a cyber attack detected on Dec. 13, led to disruptions in the company’s e-commerce operations and affected global customer orders.

In a recent regulatory filing, VF Corp revealed that the cyber attack caused delays in order fulfillment and resulted in the cancellation of some product orders. Despite these operational challenges, the company has assured stakeholders that it does not anticipate any material impact on its financials.

One of the key concerns arising from the incident is the breach of personal data. VF Corp clarified that while a substantial number of consumer records were compromised, the company does not store sensitive information such as social security numbers, bank account details, or payment card information in its IT systems. This limitation in data storage has potentially mitigated the severity of the breach.

Furthermore, VF Corp stated that there is currently no evidence suggesting that consumer passwords were acquired during the cyber attack. This information provides some reassurance to affected consumers regarding the security of their accounts.

In response to the incident, VF Corp has taken steps to restore its IT systems and data. The company reported that it has substantially recovered the systems impacted by the cyber attack. However, it is still addressing minor operational issues that have arisen in the aftermath.

The post Vans maker VF Corp hit by cyber attack, personal data 35.5 million compromised appeared first on ReadWrite.

Saturday witnessed a cyberattack on the Spanish city of Calvià in Majorca, with hackers now demanding 10 million euros to be paid to restore functionality to integral systems.

The Calvià City Council website has been offering updates on the situation, saying the local authority is “working to recover normality as soon as possible, after having been subject, early last Saturday, to a Ransomware cyber attack, through which it is intended to extort money from the council.”

Majorca’s mayor, Juan Antonio Amengual, has reiterated that the extortion attempt will not be answered, as reported in the Majorca Daily Bulletin.

Ransomware attack slows Spanish council.

Amengual took to X to post about the current state of play and mentioned that the council continues to work with experts to stop the attack:

Trabajamos con expertos y otras instituciones para atajar el ciberataque

El Ayuntamiento no se detiene, sigue funcionando algo más lento, pero en marcha

Los hechos han sido denunciados a Guardia Civil pic.twitter.com/GS5a1L0Y0x

— Ajuntament de Calvià – Ayuntamiento de Calviá (@_Calvia) January 15, 2024

In the social media post, he said, “We (Calvià City Council) work with experts and other institutions to stop the cyber attack. The City Council does not stop, it continues to function a little slower, but moving.”

The Calvià City Council will work with the Telematic Crimes Group of the Spanish Civil Guard and hopes to keep residents and onlookers updated through the official website.

Spain and Ukraine are seeing cyberattacks.

Spain is not the only country that has been battling against cyber-security threats like the Ukraine, which has seen national impact of hacking late last year.

The largest telecommunications company, Kiyvstar, and banking power Monobank were subject to the hacking attempt. The cell provider going down would cause a communications blackout for millions.

In the United States, Distributed Denial of Service (DDoS) attacks and hacking attempts were seen across 2023 for Sony and Open-AI.

Open-AI, creator of ChatGPT reported the “an abnormal traffic pattern” that caused outages for developers in November.

Sony-owned studio Insomniac Games was the focus of one of the most scathing cyber attacks in December 2023.  This would lead to the blackmail of the studio for 50 Bitcoin (BTC), equivalent to around $2 million.

The studio and Sony refused to give in to these demands, resulting in sensitive information being released to the public alongside business strategy and company documents.

Image Credit: Pexels

The post Spanish cyberattack: ransom of €10million demanded by hackers appeared first on ReadWrite.

Hackers are specifically targeting prominent verified accounts on X, formerly known as Twitter, to promote crypto scams and drop links to drainers.

They are focusing on profiles belonging to government and business figures and entities with gold and grey verifications, leaning on the pretense of legitimacy as part of the nefarious intent.

A crypto drainer is a form of malware that targets cryptocurrency wallets by tricking the victim into consenting to a malicious transaction.

As reported by Bleeping Computer, Google subsidiary Mandiant, a cyber intelligence company bought for $5.4bn, was hijacked this week when it was used to distribute a fake airdrop which subsequently applied the drain.

The report also detailed how Malware Hunter Team has been monitoring X for this type of activity with the following gold and grey accounts flagged as compromised.

Profiles attributed to Canadian senator Amina Gerba, nonprofit firm The Green Grid, and Brazilian politician Ubiratan Sanderson were used as examples of those to have been penetrated by hackers.

The account of Amina Gerba, a senator in the Canadian Senate got pwned, renamed & being used to spread scam. And as she is a senator, the account has a gray checkmark.

The actors are using it to fake as the "LFG" project that not even have a blue checkmark on their account.
pic.twitter.com/keeyUPyggz

— MalwareHunterTeam (@malwrhunterteam) January 2, 2024

Previously on Twitter, a blue tick or checkmark indicated a verified account. It could have been a mainstream, renowned company, a sports personality or a senior politician but since Elon Musk’s takeover and re-branding of the social media platform as X, all that has changed.

Now, anyone can pay a subscription fee to have a blue checkmark, bringing with it certain user benefits including the ability to edit posts.

A gold tick attached to an X account denotes an official organization or company, while the grey mark represents a government office or an individual official. They are supposed to promote trust, reliability, and authenticity as well as be bound by eligibility criteria.

Despite this, the associated costs for verification and the supposed difficulty of impersonating an official account have not proven to be an effective barrier to hackers seeking to manipulate the social media platform to scam unsuspecting users.

CloudSEK, a digital risk monitoring platform, has outlined the rise of a new black market where hackers trade compromised gold and grey X accounts for prices ranging from $1,200 to $2,000 in what is a stark reminder of the dangers that can be hiding in plain sight online.

The post Hackers hijack X accounts for crypto scams, including Google’s Mandiant appeared first on ReadWrite.

Arion Kurtaj, an 18-year-old hacker, has been sentenced to an indefinite hospital order following his involvement in the leak of unreleased Grand Theft Auto game footage, according to a recent BBC report. Diagnosed with acute autism, Kurtaj was a key figure in the notorious hacking group Lapsus$, known for targeting several tech giants, including Uber, Nvidia, and Rockstar Games, the developer behind GTA.

The group’s cyber-attacks, which involved data theft and ransom demands, caused nearly $10 million in damages to the affected companies. The court determined that Kurtaj’s advanced hacking skills and persistent inclination towards cyber-crime posed a significant public risk. Consequently, he will remain in a secure hospital for an indefinite period, subject to ongoing assessments by medical professionals.

The Lapsus$ group’s notorious hacks

Kurtaj’s most infamous act was the leak of 90 clips from the highly anticipated Grand Theft Auto 6. He managed to breach Rockstar’s internal systems and threatened to release the game’s source code unless contacted by the company. Remarkably, he executed this hack while under police protection and without his primary hacking tools, using an Amazon Firestick, a hotel TV, and a mobile phone.

Rockstar Games reported substantial financial and operational impacts due to Kurtaj’s actions, including a recovery cost of $5 million and extensive staff hours. Additionally, the City of London Police revealed that Lapsus$ sent threatening messages to 26,000 EE customers, further demonstrating the group’s wide-reaching cyber-terror.

In a related trial at Southwark Crown Court, another Lapsus$ member, a 17-year-old, was found guilty alongside Kurtaj. This younger hacker, involved in attacks on Nvidia and BT/EE, received an 18-month Youth Rehabilitation Order, including strict supervision and a prohibition on VPN usage. He also faced charges for stalking and harassing two young women.

The Lapsus$ group, primarily composed of teenagers from the UK and Brazil, gained infamy for their audacious cyber-attacks on multinational corporations like Microsoft and Revolut. Their combination of social engineering and technical hacking skills led to a comprehensive report by US cyber-authorities on the activities of teen hacker gangs.

This report emphasized the ease with which Lapsus$ members infiltrated highly secure organizations, highlighting significant cybersecurity vulnerabilities. The total financial gain from Lapsus$’s cyber-crimes remains uncertain, as no companies have publicly acknowledged paying ransoms, and the hackers did not release passwords for the seized cryptocurrency wallets.

The post Teen hacker behind GTA leak sentenced to indefinite hospital order appeared first on ReadWrite.

The Federal Bureau of Investigation has taken a significant step in combating the notorious Blackcat hacker group, also known as ALPHV, by releasing a decryption tool aimed at assisting over 500 victims of cyberattacks worldwide. The FBI’s strategic move, as reported by SBC Americas, is part of a broader effort to dismantle the group’s operations, which have inflicted substantial financial damage over the past 18 months.

Blackcat, responsible for extracting hundreds of millions of dollars through ransomware attacks, targeted various entities, including a notable attack on MGM Resorts in the fall. This particular attack compromised sensitive customer data, such as social security and passport numbers, though on a limited scale. MGM Resorts experienced a week-long shutdown of its computer systems, incurring approximately $100 million in recovery costs.

In response to these escalating threats, the FBI, under the leadership of Deputy Director Paul Abbate, developed the decryption tool as a countermeasure. This tool has already played a crucial role in preventing around $68 million in ransom payouts. Abbate emphasized the FBI’s commitment to defeating ransomware campaigns and assisting victims in recovering from such attacks.

The release of the decryption tool marks a proactive approach by the FBI to address the cybersecurity challenges posed by groups like Blackcat. Deputy Attorney General Lisa O. Monaco highlighted the importance of these efforts, stating that the Justice Department’s actions have enabled businesses, schools, healthcare, and emergency services to resume operations after being affected by ransomware.

In addition to the decryption tool, the FBI has infiltrated Blackcat’s network, seizing several websites operated by the group. This disruption is part of a larger strategy to dismantle the cybercrime ecosystem and prioritize victim support.

The MGM Resorts attack and subsequent FBI actions have elevated cybersecurity to a top priority within the industry. Companies are now more aware of the need for robust security measures and the importance of collaborating with law enforcement agencies to tackle cyber threats effectively.

The post FBI’s decryption tool a powerful weapon against Blackcat hackers appeared first on ReadWrite.

The United Kingdom’s (UK) government is at high risk of a “catastrophic ransomware attack” due to a lack of focus and funding, in a stark warning from a parliamentary report.

As reported by The Record, the government has been accused by the nation’s Joint Committee on the National Security Strategy (JCNSS) of not effectively planning to prevent a large-scale cyber attack that could “bring the country to a standstill.”

The news will add more pressure onto Prime Minister Rishi Sunak who is currently under heavy scrutiny on matters of illegal immigration. He breathed a sigh of relief on Tuesday after his key Rwanda bill passed its first Commons hurdle but further challenges will be presented in the new year.

The parliamentary report was highly critical of the former Home Secretary Suella Braverman for failing to address the ransomware threat:

“We found that the Home Office’s public output on cyber security and ransomware has been almost nonexistent, and has been dwarfed by its focus on small boats and illegal migration,” the JCNSS said.

UK failing to invest sufficiently in cyber security

Any potential attack is likely to be aimed at the UK’s critical national infrastructure (CNI) which consists of national assets that keep the country running, including energy supply, water supply, health, transport and telecommunications.

In recent times, the UK’s National Health Service (NHS) has been targeted which saw patient data fall into the hands of cyber attackers and a council in the North of England was crippled for more than two weeks, as outlined by the Guardian.

In the response, the JNCSS has recommended that the responsibility for ransomware should be taken away from the Home Office and put within the remit of the Cabinet Office, in conjunction with the National Cyber Security Centre and the National Crime Agency “to be overseen directly by the Deputy Prime Minister, as part of a holistic approach to cyber security and resilience.”

The government will be aware of the threat posed by these forms of cyber attacks and the damage that can be caused, but unless it acts appropriately, it will see the UK remain in a vulnerable position. This was reflected in the joint committee report with one of its findings damning the government which “knows that the possibility of a major ransomware attack is high, yet it is failing to invest sufficiently to prevent catastrophic costs later on.”

image credit, pixabay, pexels.com

The post UK government risking ‘catastrophic ransomware attack’ appeared first on ReadWrite.

In the latest high-profile gaming hack, it seems Spiderman 2, and current Wolverine developer Insomniac Games has been breached, by a group called Rysida, who has published screenshots from Wolverine, alongside the identity pages of passports of staff, past and current, suggesting that the data stolen is from multiple departments.

Rysida has said that Insomniac has seven days to agree to a ransom or they will release the data, but, somewhat confusingly also seem to be auctioning the heist off to the highest bidder online.

A message from the group says, “With just 7 days on the clock, seize the opportunity to bid on exclusive, unique, and impressive data,” Rhysida said in its leak message online.

“Open your wallets and be ready to buy exclusive data. We sell only to one hand, no reselling, you will be the only owner!”

Do I hear 50 Bitcoin in the room?

The starting bid is a rather ambitious 50 Bitcoin, which works out around $2 million dollars.

Insomniac Games is a Sony studio and the PlayStation manufacturers told Eurogamer, “We are aware of reports that Insomniac Games has been the victim of a cyber security attack. We are currently investigating this situation. We have no reason to believe that any other SIE or Sony divisions have been impacted.”

Rysida, named after a species of caterpillar is suspected to be a Russian group and was responsible for the recent ransomware attack on the British Library last month. 

According to that same Guardian article US government agencies released an advisory note on Rhysida, stating that the “emerging ransomware variant” had been deployed against the education, manufacturing, IT, and government sectors since May. 

The Government also said it had also seen the Rhysida gang running a “ransomware as a service” (Raas) operation – this is a system where the group would hire out its tools and share profits with other criminal enterprises involved.

It is unclear at this point what will happen next, but we will keep this story updated with any developments.

The post PlayStation game dev hit by major ransomware attack – stolen data being auctioned off appeared first on ReadWrite.