Crowdstrike – Page 4 – WindowsTechs.com

Ransomware isn’t always about gangs making money. Sometimes it’s about nations manufacturing mayhem.

Posted on January 18, 2022 by Tim Starks

Ransomware is fundamentally about reaping massive profits from victims — payments were on pace to cross the billion-dollar threshold in 2021, according to the U.S. government — but there are signs foreign government-connected groups are increasingly moving into a territory dominated by criminal gangs, and for an entirely different motive: namely, causing chaos. Research that Microsoft and cybersecurity company CrowdStrike recently publicized separately concluded that Iranian hackers tied to Tehran had been conducting ransomware attacks that weren’t about making money, but instead disrupting their enemies. It echoed research from last spring and summer by FlashPoint and SentinelOne, respectively. When disruptive ransomware pays off, those who have studied the phenomenon say, it can embarrass victims. It can be used to steal data and leak sensitive information the public. It can lock up systems, disabling targets. And given the prominence of ransomware, it’s another method that foreign intelligence and military agencies can use […]

The post Ransomware isn’t always about gangs making money. Sometimes it’s about nations manufacturing mayhem. appeared first on CyberScoop.

Continue reading Ransomware isn’t always about gangs making money. Sometimes it’s about nations manufacturing mayhem.→

Chinese hackers use Log4j exploit to go after academic institution

Posted on December 29, 2021 by Tonya Riley

A Chinese hacking group known for industrial espionage and intelligence collection used a vulnerability in Log4j to go after a large academic institution, researchers at CrowdStrike revealed Wednesday. Threat analysts observed the group attempting to install malware after gaining access using a modified version of a Log4j exploit for VMWare Horizon, a virtual workspace technology. CrowdStrike also observed the Chinese hackers trying to harvest credentials for further exploitation. CrowdStrike analysts believe that the group behind the attack, which it is calling “Aquatic Panda,” has likely been active since at least May 2020. Its operations have primarily focused on targets in the telecommunications, technology and government sectors. “Because OverWatch disrupted the attack before AQUATIC PANDA could take action on their objectives, their exact intent is unknown,” Param Singh, vice president of CrowdStrike OverWatch, wrote to CyberScoop in an email. “This adversary, however, is known to use tools to maintain persistence in environments […]

The post Chinese hackers use Log4j exploit to go after academic institution appeared first on CyberScoop.

Continue reading Chinese hackers use Log4j exploit to go after academic institution→

Why is trust in legacy vendors on shaky ground?

Posted on December 13, 2021 by Help Net Security

A Vanson Bourne survey report highlights ransomware payout demands and extortion fees are massively increasing, while trust in legacy IT vendors has dipped and organizations are in fact getting slower at detecting cybersecurity incidents. “The survey p… Continue reading Why is trust in legacy vendors on shaky ground?→

Cloudflare collaborates with leading cyber insurers to help businesses reduce their cyber risk

Posted on December 11, 2021 by Industry News

Cloudflare announced it is partnering with leading cyber insurance companies to help businesses manage their risks online. Eligible Cloudflare customers can qualify for discounts or other added benefits from insurance providers like At-Bay, Coalition, … Continue reading Cloudflare collaborates with leading cyber insurers to help businesses reduce their cyber risk→

SOC Prime Quick Hunt delivers one-click threat hunting capabilities to security teams

Posted on November 20, 2021 by Industry News

SOC Prime announced the availability of Quick Hunt, a module powered by SOC Prime’s Detection as Code platform that delivers one-click threat hunting capabilities to security teams across the world. With access to the SOC Prime Threat Detection M… Continue reading SOC Prime Quick Hunt delivers one-click threat hunting capabilities to security teams→

Iranian government-backed hackers target critical infrastructure with ransomware, US says

Posted on November 17, 2021 by Tim Starks

U.S., U.K. and Australian cyber agencies on Wednesday accused Iranian government-sponsored hacking groups of exploiting Microsoft and Fortinet vulnerabilities this year in a bid to deploy ransomware against critical infrastructure. The hackers are interested in taking advantage of known software flaws where they can, the agencies said. The FBI and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency in March, May and June saw Iranian “advanced persistent threat” groups capitalizing on Fortinet vulnerabilities, in one case for a server associated with a U.S. municipal government and in another involving networks associated with a U.S.-based hospital focused on children’s care. In October the hackers relied on a Microsoft Exchange ProxyShell vulnerability “to gain initial access to systems in advance of follow-on operations,” the subject of another recent CISA alert. “The Iranian government-sponsored APT actors are actively targeting a broad range of victims across multiple U.S. critical infrastructure sectors, including […]

The post Iranian government-backed hackers target critical infrastructure with ransomware, US says appeared first on CyberScoop.

Continue reading Iranian government-backed hackers target critical infrastructure with ransomware, US says→

Rockwell Automation announces investments to enhance its incident response services

Posted on November 8, 2021 by Industry News

Rockwell Automation announced new investments to enhance its information technology (IT) and operational technology (OT) cybersecurity offering, better equipping customers with the protection they need in today’s perilous environment. These initiatives… Continue reading Rockwell Automation announces investments to enhance its incident response services→

A China-aligned espionage group is targeting global telecoms, sweeping up call data dating back years

Posted on October 19, 2021 by AJ Vicens

An advanced network of digital spies with a nexus to Chinese interests has successfully compromised parts of the global telecommunications network, in some cases allowing access to subscriber information, call metadata, text messages, and other data, according to research released Tuesday by CrowdStrike. The hacking group, dubbed “LightBasin” by the firm and known publicly as UNC1945, has targeted the telecommunications sector since at least 2016, investigators found. New research has identified 13 telecommunications companies as having been compromised by the network dating back to least 2019. The specific companies were not identified. “People leverage their cellphones like they’re magic,” said Adam Meyers, CrowdStrike’s senior vice president of intelligence. “They don’t think about the fact that there’s this whole infrastructure that makes it work … and that infrastructure is not something that you can take for granted.” The report lays out how this group has developed highly customized tools and a precise […]

The post A China-aligned espionage group is targeting global telecoms, sweeping up call data dating back years appeared first on CyberScoop.

Continue reading A China-aligned espionage group is targeting global telecoms, sweeping up call data dating back years→

Fletch releases two security offerings to help organizations stay ahead of cybercriminals

Posted on October 8, 2021 by Industry News

Fletch launched their first two offerings that continuously analyzes trending threats and insider risk, free of charge. For the past two and half years, Fletch has collaborated with top industry experts to create a platform where all it takes is a few … Continue reading Fletch releases two security offerings to help organizations stay ahead of cybercriminals→

Fletch releases two security offerings to help organizations stay ahead of cybercriminals

Posted on October 8, 2021 by Industry News