Ransomware Attacks Hit A Record High

Uploaded on 2023-11-02 in NEWS-Cybersecurity News, FREE TO VIEW

The number of successful ransomware attacks is increasing, according to the NCC Group who monitor criminal data leak websites,  listing ransom 514 victims in September 2023. This breaks the record set in July this year, when criminal forums on the Dark Web listed 502 victim organisations.

Evidence from these sites is considered reliable, with the US still the most attacked country.

A new ransomware gang Rhysida runs as a ransomware-as-a-service operation, according to research from Kaspersky. Notably, Rhysida has a unique self-deletion mechanism which works on current on older versions of MS Windows.

Several technology companies have confessed to being ransom victims, including Cloudflare and the password management specialist, LastPass. Recently. VMware urged users to patch their software to fix multiple vulnerabilities. The notice was later updated with a warning that threat actors now have exploit code to take advantage of an unpatched server.

Intrusive Data Collection

The increased threat to users is not limited to criminal  ransom exploits. Intrusive collection of personal user data by legitimate apps is also increasing. According to research published by crypto experts at The Money Mongers, Meta's new App Threads, designed as a competitor to TwitterX  is the most invasive of the 100 apps it studied. The other apps reviewed include Instagram, Facebook, Messenger, LinkedIn and Uber Eats.

According to this research, Threads collects as much as 86 per cent of its users’ personal data, a particular concern when around half of all the apps studied share their user data with third parties.

That may be defensible on the basis that in almost every case legitimate apps ask users to consent to their data being used for financial gain, however.  its doubtful that many users read the full terms & conditions before giving their consent.

NCC Group:    Kaspersky:    US Justice Dept:    ITWorld Canada:   Securelist:      MoneyMongers

Image: fernando arcos

You Might Also Read:

Cyber Risk & Ransomware In 2023:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Online Conflict In Gaza & Ukraine
Major Outage: British Library Suffers A Cyber Attack »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Metasploit

Metasploit

Metasploit penetration testing software helps find security issues, verify vulnerabilities and manage security assessments.

Emerson Electric Co

Emerson Electric Co

Emerson provides industrial automation systems and associated cybersecurity solutions to protect critical process control systems from cyber attack.

Cyber, Space, & Intelligence Association (CSIA)

Cyber, Space, & Intelligence Association (CSIA)

CSIA focuses on issues critical to Cyber Security, Military Space and Intelligence.

Dionach

Dionach

Dionach are a certified information security specialists who provide Penetration Testing, IT Security Auditing and Information Security Consultancy.

Austrian Institute of Technology (AIT)

Austrian Institute of Technology (AIT)

AIT is Austria's largest research and technology organisation and a specialist in the key infrastructure issues of the future including data science and cybersecurity.

Datplan

Datplan

Datplan offers a software solution that gives an overview of 8 key cyber risk areas, their threats, and risk management steps.

Zero Networks

Zero Networks

With Zero Network, you can achieve affordable, airtight network access security at scale.

Thomsen Trampedach

Thomsen Trampedach

Thomsen Trampedach offers a tailored-made brand protection solution to each customer using a proprietary enforcement automation and reporting tool and a multilingual enforcement team.

In Fidem

In Fidem

In Fidem specializes in information security management, with a bold approach that views cybersecurity as a springboard to organizational transformation rather than a barrier to innovation.

Datenschutz Schmidt

Datenschutz Schmidt

Datenschutz Schmidt is a service provider with many years of experience, we support you in complying with numerous data protection guidelines, requirements and laws.

Swiss Cyber Institute (SCI)

Swiss Cyber Institute (SCI)

The Swiss Cyber Institute is a registered cyber security education provider by the State Secretariat for Education, Research, and Innovation SERI.

Team Secure

Team Secure

Team Secure provide Enterprise-grade Cyber Security consultancy, managed security services and cyber security staffing services.

Identity Digital

Identity Digital

Identity Digital simplifies and connects a fragmented online world with domain names and related technologies that allow people and businesses to build, market and own their digital identities.

Zigrin Security

Zigrin Security

Zigrin Security offer comprehensive, hands-on security testing of internal networks, applications, cloud-based solutions, e-commerce applications and mobile devices.

Gem Security

Gem Security

Gem is on a mission to help security operations evolve into the cloud era, and stop cloud threats before they become incidents.

rThreat

rThreat

rThreat is a cloud-based SaaS solution that challenges your cyber defenses using real-world and custom threats in a secure environment, ensuring your readiness for attacks.