Hacken Token
$ -- --.--

Weekly Digest #55

Thieves are targeting healthcare entities: 1 in 5 targets of FIN12 hacking group is from the healthcare

One may suppose that due to ethical considerations ransomware groups may exclude from their list of targeted entities representing specified sectors such as healthcare. However, it’s not about the FIN12 group since 1 in 5 its targets are from the healthcare sector. The potential disruptive effects of ransomware attacks may heavily outweigh the negative effects caused by other forms of cybercrimes such as insider threats, cryptojacking, and direct data thefts. 

There were several serious incidents involving ransomware attacks this year such as the Microsoft Exchange Server hacking spree, the Colonial Pipeline attack, and the disruption of supply chains of one of the biggest meat manufacturers in the world JBS USA. And now this list of victims also includes healthcare entities such as Ireland’s Health Service Executive. 

Read more

Chinese cyberespionage group may stand behind malware campaign targeting victims in India

According to the research conducted by the BlackBerry Research & Intelligence team, the Chinese cyberespionage group APT41 may be behind malware campaigns targeting victims in India. The malicious group took advantage of Cobalt Strike activity. The APT41 group masqueraded phishing PDF and ZIP files as the information coming from Indian government entities. In 2020, the US government filed charges against 5 members of the APT41 group stating that they were responsible for hacking more than 100 companies worldwide.

APT41 is a state-sponsored hacking group. The first time its activities were detailed in August 2019 in a FireEye report. According to the information provided in the report, this group committed its first attack in 2012. The group is actively using publicly available profiles designed to look like legitimate network traffic from OneDrive, Gmail, Amazon, etc. BlackBerry has identified connections between this campaign and others detected by FireEye including PTSecurity, Subex, and Prevailion. 

Read more

Data Breach Volumes for 2021 have already exceeded these figures for 2020

According to the data provided by the Identity Theft Resource Center, 2021 will likely become a record year in terms of the number of detected data breaches. The total number of breaches detected by the non-profit group in 2020 equalled 1108 while only for the first 9 months of 2021 this figure equalled 1291. That is why there is a high chance that the number of data breaches detected in 2021 will exceed this figure for the record year 2017 when the non-profit group detected 1529 breaches. 

Phishing and ransomware attacks are leading the way in driving volumes in 2021. The figures provided by ITRC include not only traditional breaches during which malicious actors steal data from organizations but also the cases of cloud misconfigurations resulting in the leakage of data to public domains. The key characteristic of cloud leaks is that they may affect a large number of users.

Read more

Russia is responsible for the greatest number of state-sponsored attacks

According to the data provided by the tech giant Microsoft, in 2020, Russia accounted for the majority of state-sponsored attacks and the SolarWinds attackers were dominating threat activity. The report issued by Microsoft is called Digital Defense Report 2021 and it’s covering the period from July 2020 to June 2021. Kremlin-backed groups are responsible for 58% of all nation-state attacks and Nobelium (aka APT29, Cozy Bear) generated the biggest share (92%) of notifications issued by Microsoft to customers regarding cyberattacks.

The APT29 group is responsible for the SolarWinds campaign that compromised the security of at least 9 US government departments. At the same time, Microsoft provides info that the malicious groups backed by Russia are increasingly successful, the compromise rates jumped from 21% to 31% year on year. The key purpose of malicious actors is to gather information from government agencies from the USA, UK, and Ukraine. 

Read more

Scammers scoop up misspelt cryptocurrency URLs to rob users’ wallets

Such websites as blpchain, hlockchain, or Wwwblockchain aren’t typos. These sites are set up for a single purpose, to dupe Internet users to buy and sell crypto. These sites allow malicious actors to get huge financial resources from users. For example, one man in Brazil sent more than $200,000 in bitcoin to typo addresses. The cost of the sites ending in dot-com is just $10 per year and that is why they allow scammers to generate huge profits. 

These typo websites also allow malicious actors to steal users’ credentials. Using the stolen credentials hackers can easily transfer victims’ assets. In most cases, victims have no recourse since cryptocurrencies are not regulated in most countries of the world. Generally, it’s almost impossible for victims to get their money back. 

Read more

Subscribe to our research

Enter your email address to subscribe to Hacken Reseach and receive notifications of new posts by email.

    hackenproof logo

    The world trusted Bug Bounty Platform. Run custom-tailored Bug Bounty Programs to secure your business and assets.