Ransomware still going strong even through crackdowns

Term of the month: Brute Force Attack Brute force attack is one of the oldest methods of attack for guessing passwords, encryption keys or to find hidden web pages. It is simple in its essence since the hackers will use excessive force and just try all the possible combinations to gain access. This is done through automation and can take anywhere from seconds for easy passwords to millennia for complex long passwords.

BRIEF UPDATE The first story of this month’s CSIR is about the Lazarus group and the indication that they might be building capabilities for supply chain attacks. That is because of the recent attack attributed to the group that stray away from their usual targets and seem like they are testing their new attack vector. The second story focuses on the threat of small scale ransomware groups that have been popping up as of late. While the larger and well known groups usually make it to the news with large ransom demands and have a high technical skill, the new groups seem to just copy paste and create simplistic ransomware to target smaller firms. The next story is a rather simple hack where an android trojan was charging victims €36 per month through SMS subscription service while it masqueraded as an identity verification text. The next story might interest you if your company website is made through Wordpress. Researchers have found several vulnerabilities that that need to be patched to prevent your sites complete takeover or insertion of malicious code into existing posts. One of the most interesting reads for business owners this month has to be about the breach ripple effect. It is based on a join study to see how an intrusion that involves multiple parties has an effect on the cost of the breach. With the stand out figures being that it can multiply the financial damage by 13 times and depending on the size of the targeted firm can affect more than a 100 downstream firms.

CYBER SECURITY IN THE NEWS

•Lazarus APT Uses Updated Malware In Potential Supply Chain Attacks

•Organisations Warned Of Ransomware Risk From Smaller Operators

•NYT Reporter Details Being Attacked By Pegasus Malware

•Android Trojan Charges Millions Of Victims €36 Per Month

•Wordpress Plugin Exploit Puts Over 90,000 Sites At Risk

•Breach Ripple Effect Leads To Exponentially Greater Financial Damage

•Ransomware Hackers Nervous, Allege Harassment From U.S.

•Ransomware Hackers Freeze Millions In Papua New Guinea

•Powerful Mac Malware Used To Install Adware For Now

•Feds Reportedly Take Down Top Ransomware Hacker Group Revil With A Hack Of Their Own