Remember the Okta security incident last October? Well, the dust has settled, and the final investigation report is out. But for Cloudflare, the story didn’t end there. A sophisticated attack leveraged a compromised Okta session to gain access to their systems, raising some critical questions about security best practices.
What got you here, won’t get you there. Turns out, that great career advice of pivoting to achieve scale and growth is relevant for anyone, even if you’re a ransomware and extortion actor.
If we had a nickel for every time someone asked us the difference between leaked credentials and compromised accounts… Well, we’d be able to treat the team to a packet of Oreos one of these days. Why does it matter? Well, according to CISA, 54% of cyberattacks involve the use of valid accounts. As a result, understanding the risk of compromised accounts and leaked credentials is critical. This article tackles the terms head-on, and discusses how threat actors get their hands on sensitive account details, diving deep into the different types of vulnerability and what they mean for protecting your organization.
If it looks like a duck, and walks like a duck… you may need to look a little closer. This is an increasingly important lesson, highlighted by the case of threat actors Hunters International, who were wrongly assumed in October 2023 to be a rebrand of Hive ransomware group.
While some cybercriminals are on their holiday vacations (yes, we observed zero new ransomware victims on New Year’s Eve), the lull won’t continue long. Ahead of the new battles of 2024, KELA elaborates on the most expected trends in cybercrime for this year.
Over the last few months, several phishing campaigns were spotted using compromised credentials of hotels and homeowners. Particularly interesting is a widespread operation that employs these credentials to contact guests on Booking.com via their internal messenger (1, 2, 3, 4). In a fraudulent message, the attackers impersonate a hotel and lure victims into visiting a malicious phishing page designed to steal their credit card details.
As we approach the end of 2023, the Hamas-Israel war still rages on, and so do cyberattacks accompanying it. KELA selected 5 questions out of those we’ve been asked by our clients and partners (aside from “how are you?”) in the past 70+ days, and represent the cybersecurity angle of a physical war.
Following a cyberattack on December 12, 2023, Kyivstar, a major Ukrainian mobile network operator, faced a significant digital crisis. The incident has been discussed as one of the most powerful attacks on a telecommunication organization. Confusing claims surfaced from hacktivist groups like Killnet and its successor, Deanon Club, along with Solntsepek. In this blog, KELA dives into the details of the Kyivstar cyberattack, exploring the conflicting stories and the potential involvement of a Russian nation-state actor.
Threat actors engage in active infiltration of corporate assets, extracting valuable information and distributing it on cybercrime forums for trade. Records like contact details, social security numbers, and credit card information are used for financial gain.
On December 6, 2023, the operators of LockBit ransomware claimed to have compromised Aldo, a shoe retailer, on their ransomware blog. The group has given Aldo until December 25, 2023, to pay a ransom, otherwise stolen data will be published.