Ransomware Attacks Hit A Record High

Uploaded on 2023-11-02 in NEWS-Cybersecurity News, FREE TO VIEW

The number of successful ransomware attacks is increasing, according to the NCC Group who monitor criminal data leak websites,  listing ransom 514 victims in September 2023. This breaks the record set in July this year, when criminal forums on the Dark Web listed 502 victim organisations.

Evidence from these sites is considered reliable, with the US still the most attacked country.

A new ransomware gang Rhysida runs as a ransomware-as-a-service operation, according to research from Kaspersky. Notably, Rhysida has a unique self-deletion mechanism which works on current on older versions of MS Windows.

Several technology companies have confessed to being ransom victims, including Cloudflare and the password management specialist, LastPass. Recently. VMware urged users to patch their software to fix multiple vulnerabilities. The notice was later updated with a warning that threat actors now have exploit code to take advantage of an unpatched server.

Intrusive Data Collection

The increased threat to users is not limited to criminal  ransom exploits. Intrusive collection of personal user data by legitimate apps is also increasing. According to research published by crypto experts at The Money Mongers, Meta's new App Threads, designed as a competitor to TwitterX  is the most invasive of the 100 apps it studied. The other apps reviewed include Instagram, Facebook, Messenger, LinkedIn and Uber Eats.

According to this research, Threads collects as much as 86 per cent of its users’ personal data, a particular concern when around half of all the apps studied share their user data with third parties.

That may be defensible on the basis that in almost every case legitimate apps ask users to consent to their data being used for financial gain, however.  its doubtful that many users read the full terms & conditions before giving their consent.

NCC Group:    Kaspersky:    US Justice Dept:    ITWorld Canada:   Securelist:      MoneyMongers

Image: fernando arcos

You Might Also Read:

Cyber Risk & Ransomware In 2023:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Online Conflict In Gaza & Ukraine
Major Outage: British Library Suffers A Cyber Attack »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Hack Miami

Hack Miami

HackMiami is the premier resource in South Florida for highly skilled hackers that specialize in vulnerability analysis, penetration testing, digital forensics, and all manner of IT security.

Infrascale

Infrascale

Infrascale specialise in providing cloud backup and disaster recovery services.

2Secure

2Secure

2Secure is one of Sweden's largest private security companies. Service inlcude personal security, corporate security, information and cyber security.

MIT Internet Policy Research Initiative (IPRI)

MIT Internet Policy Research Initiative (IPRI)

IPRI's mission is to work with policy makers and technologists to increase the trustworthiness and effectiveness of interconnected digital systems

SailPoint

SailPoint

SailPoint provides identity governance solutions with on-premises and cloud-based identity management software for the most complex challenges.

Teramind

Teramind

Teramind provides a user-centric security approach to monitor employee behavior in order to identify suspicious activity, detect possible threats, monitor efficiency, and ensure industry compliance.

Claranet

Claranet

Claranet are experts in modernising and running critical applications and infrastructure through end-to-end professional services, managed services and training.

AAROH

AAROH

AAROH helps customers in Government, Law Enforcement, and Enterprises to identify, prevent, detect, resolve and protect from threats, crimes, breaches & fraud.

GuardSight

GuardSight

GuardSight is a provider of specialized cybersecurity services to safeguard businesses, government, and remote workers against sophisticated cyber threats.

Motorola Solutions

Motorola Solutions

Motorola Solutions build mission-critical services, software, video and analytics, backed by secure, resilient land mobile radio communications.

Eastern Cyber Resilience Centre (ECRC)

Eastern Cyber Resilience Centre (ECRC)

The Eastern Cyber Resilience Centre is part of the national roll out of Cyber Resilience Centres in the UK which began in 2019.

InfusionPoints

InfusionPoints

InfusionPoints is your independent trusted partner dedicated to assisting you in building your secure and compliant business solutions.

Bluewave

Bluewave

Bluewave are a strategic IT advisory company that offers businesses a simple and comprehensive way to purchase information technology solutions.

Finite State

Finite State

Finite State enables product security teams to protect the devices we rely on every day through market-leading software threat, vulnerability, and risk management.

US Cyber Games

US Cyber Games

US Cyber Games is committed to inform and inspire the broader community on ways to develop tomorrow’s cybersecurity workforce.

Yondu

Yondu

Yondu empowers businesses across various industries through a wide array of innovative technology solutions to help them scale in the new digital economy.