Accountability, Phishing and Ransomware

Feds Charge Five Men in ‘Scattered Spider’ Roundup

Krebs on Security

NOVEMBER 21, 2024

A visual depiction of the attacks by the SMS phishing group known as Scattered Spider, and Oktapus. Some SMS phishing messages told employees their VPN credentials were expiring and needed to be changed; other phishing messages advised employees about changes to their upcoming work schedule. com and ouryahoo-okta[.]com.

Identity Theft

Identity Theft Phishing Cryptocurrency Accountability

U.S. Justice Department Cracks Down on Scattered Spider Phishing Ring

SecureWorld News

NOVEMBER 22, 2024

The United States Department of Justice (DOJ) has unsealed charges against five individuals accused of orchestrating sophisticated phishing campaigns tied to the notorious Scattered Spider cybercrime group. As this case shows, phishing and hacking has become increasingly sophisticated and can result in enormous losses.

Phishing

Phishing Identity Theft Cryptocurrency Cybercrime

LW ROUNDTABLE — How 2024’s cyber threats will transform the security landscape in 2025

The Last Watchdog

DECEMBER 16, 2024

Part two of a four-part series The explosion of AI-driven phishing, insider threats, and business logic abuse has forced a shift toward more proactive, AI-enhanced defenses. Gen AI threats and quantum computing exposures must be accounted for. Attacks targeting identities rose 71% last year, with valid accounts as the top entry point.

Cyber threats

Cyber threats CISO IoT Phishing

Operation Heart Blocker: International Police Disrupt Phishing Network

SecureWorld News

FEBRUARY 3, 2025

and Dutch law enforcement agencies have dismantled 39 domains and their associated servers in an effort to disrupt a Pakistan-based network of online marketplaces selling phishing and fraud-enabling tools. Organizations should enforce least privilege access and enable multi-factor authentication (MFA) on all accounts that have it available.

Phishing

Phishing Cybercrime Scams Authentication

News alert: SpyCloud accelerates supply chain risk analysis with new ‘IDLink’ correlation capability

The Last Watchdog

OCTOBER 10, 2024

SpyCloud Investigations is a powerful cybercrime and identity threat investigation solution used by analysts and investigators to discover and act on threats by navigating the world’s largest repository of recaptured breach, malware, and phishing data.

Risk

Risk Cybercrime Identity Theft Phishing

Ghost Ransomware a Persistent Global Threat to Critical Infrastructure

SecureWorld News

FEBRUARY 20, 2025

The FBI, CISA, and MS-ISAC have issued a joint cybersecurity advisory warning organizations about Ghost (Cring) ransomware, a sophisticated cyber threat that has been compromising critical infrastructure, businesses, and government entities worldwide. All they need is one successful attempt to gain initial access."

Ransomware

Ransomware IoT Encryption Social Engineering

Report Shows Ransomware Has Grown 41% for Construction Industry

Digital Shadows

NOVEMBER 12, 2024

Top MITRE Technique: Spearphishing The construction sector is no stranger to phishing attacks, which topped the list of initial access techniques between October 1, 2023, and September 30, 2024. Phishing is favored by threat actors for its simplicity and effectiveness.

Ransomware

Ransomware Phishing Cyber threats Malware

Columbus Ransomware Attack Exposes 500,000+ Residents’ Data: How to Stay Safe

eSecurity Planet

NOVEMBER 6, 2024

Following a July 18 attack by the Rhysida ransomware group — believed to have Russian affiliations — Columbus is still reeling from the exposure of vast amounts of sensitive resident data. This data reportedly includes everything from names and addresses to Social Security numbers and bank account details. With over 6.5

Ransomware

Ransomware Authentication Identity Theft Penetration Testing

How a successful phishing attack can hurt your organization

Tech Republic Security

FEBRUARY 7, 2021

Data loss is the number one result of a fruitful phishing campaign, but account compromises and ransomware attacks can threaten your organization as well, says Proofpoint.

Phishing

Phishing Ransomware Accountability

Florence, Ala. Hit By Ransomware 12 Days After Being Alerted by KrebsOnSecurity

Krebs on Security

JUNE 9, 2020

that their information technology systems had been infiltrated by hackers who specialize in deploying ransomware. Nevertheless, on Friday, June 5, the intruders sprang their attack, deploying ransomware and demanding nearly $300,000 worth of bitcoin. The average ransomware payment by ransomware strain.

Ransomware

Ransomware System Administration Backups Technology

Inside Ireland’s Public Healthcare Ransomware Scare

Krebs on Security

DECEMBER 13, 2021

The consulting firm PricewaterhouseCoopers recently published lessons learned from the disruptive and costly ransomware attack in May 2021 on Ireland’s public health system. The unusually candid post-mortem found that nearly two months elapsed between the initial intrusion and the launching of the ransomware.

Healthcare

Healthcare Ransomware Antivirus Hacking

BayMark Health Services sends breach notifications after ransomware attack

Malwarebytes

JANUARY 10, 2025

The RansomHub ransomware group claims to have exfiltrated an enormous 1.5 Here, the ransomware group lays blame on the company itself. This isn’t rare for a ransomware group, as the tactics and vernacular are often based around shame, guilt, and a pre-teen-like arrogance. 2FA that relies on a FIDO2 device cant be phished.

Ransomware

Ransomware Data breaches Passwords Phishing

iNSYNQ Ransom Attack Began With Phishing Email

Krebs on Security

AUGUST 9, 2019

A ransomware outbreak that hit QuickBooks cloud hosting firm iNSYNQ in mid-July appears to have started with an email phishing attack that snared an employee working in sales for the company, KrebsOnSecurity has learned. “I take full responsibility for this. .”

Phishing

Phishing Backups Ransomware Encryption

UnitedHealth almost doubles victim numbers from massive Change Healthcare data breach

Malwarebytes

JANUARY 27, 2025

In May, UnitedHealth CEO Andrew Witty estimated that the ransomware attack compromised the data of a third of US individuals when he testified before the Senate Finance Committee on Capitol Hill. The ALPHV/BlackCat ransomware group claimed the initial attack. 2FA that relies on a FIDO2 device cant be phished. Take your time.

Data breaches

Data breaches Healthcare Passwords Insurance

Warning over free online file converters that actually install malware

Malwarebytes

MARCH 17, 2025

The FBI warned specifically about that malware leading to ransomware attacks, but we’ve also seen similar sites that install browser hijackers, adware, and potentially unwanted programs (PUPs). Work with them to take the necessary steps to protect your identity and your accounts. com (phishing) convertitoremp3[.]it

Malware

Malware Adware Education Phishing

Report Finds 50% of Scattered Spider Phishing Domains Targeted Finance & Insurance

Digital Shadows

JANUARY 22, 2025

Phishing Remains Top Tactic, Fueled by Teams Abuse Figure 1: Top attack techniques in true-positive customer incidents for finance & insurance sector, H2 2024 vs H2 2023 Phishing dominated cyber attacks in H2 2024, accounting for over 90% of incidents across industries due to its simplicity and effectiveness.

Insurance

Insurance Phishing Social Engineering Engineering

News alert: SpyCloud operationalizes darknet data, pioneers shift to holistic identity threat protection

The Last Watchdog

FEBRUARY 4, 2025

Identity security vendors have focused narrowly on securing corporate accounts, leaving organizations vulnerable to cybercriminals exploiting the broader identity exposures of employees, consumers, and suppliers. A shift to an identity-centric perspective is needed, particularly as the scope of identity exposures continues to grow. .

Cybercrime

Cybercrime Phishing Accountability Malware

Two ransomware groups abuse Microsoft’s Office 365 platform to gain access to target organizations

Security Affairs

JANUARY 22, 2025

Two ransomware groups exploiting Microsoft 365 services and default settings to target internal enterprise users. Sophos researchers started investigating two distinct clusters of activity, tracked as STAC5143 and STAC5777, in response to customer ransomware attacks in November and December 2024.

Ransomware

Ransomware Malware Social Engineering Engineering

City of Columbus breach affects around half a million citizens

Malwarebytes

NOVEMBER 4, 2024

A ransomware attack against the City of Columbus, Ohio—which drew public scrutiny following the city government’s attempt to silence a researcher who told the public about the attack—has received a little more detail from an unexpected source: The Attorney General for the state of Maine. Watch out for fake vendors. Take your time.

Data breaches

Data breaches Passwords Ransomware Phishing

Ransomware access broker steals accounts via Microsoft Teams phishing

Bleeping Computer

SEPTEMBER 12, 2023

Microsoft says an initial access broker known for working with ransomware groups has recently switched to Microsoft Teams phishing attacks to breach corporate networks. [.]

Phishing

Phishing Ransomware Accountability

Leaked Black Basta Chats Expose Ransomware Secrets & Infighting

eSecurity Planet

FEBRUARY 24, 2025

Over 200,000 internal messages from the notorious ransomware group Black Basta have surfaced online exposing deep divisions, ransom negotiations, and internal dysfunction. Cybersecurity experts are now poring over the data, uncovering a rare inside look at how one of the most feared ransomware groups operates and potentially unravels.

Ransomware

Ransomware Phishing Healthcare Cryptocurrency

Interpol: Operation HAECHI-V led to more than 5,500 suspects arrested

Security Affairs

DECEMBER 2, 2024

Operation HAECHI V (July-Nov 2024) targeted cyber frauds like phishing, romance scams, sextortion, investment fraud, online gambling, BEC, and e-commerce fraud. Korean and Chinese authorities dismantled a voice phishing syndicate that caused $1.1B million to a fake account in Timor Leste, where authorities intercepted USD 39.3

Cryptocurrency

Cryptocurrency Phishing Scams Cybercrime

News alert: SpyCloud study shows Darknet identity exploitation arising to become a primary cyber risk

The Last Watchdog

MARCH 19, 2025

Holistic Identity: The New Cyber Battleground Organizations have traditionally focused on securing individual account credentials, but SpyClouds research indicates that cybercriminals have expanded their tactics beyond conventional account takeover. ” Additional Report Findings: 17.3

Cyber Risk

Cyber Risk Risk Phishing Cybercrime

Deceptive Google Meet Invites Lures Users Into Malware Scams

eSecurity Planet

OCTOBER 22, 2024

One of the most concerning tactics currently on the rise is the ClickFix campaign — a sophisticated phishing scheme targeting unsuspecting Google Meet users. ClickFix campaigns represent a new wave of phishing tactics that emerged in May 2024, aimed at exploiting users of popular software applications. What Are ClickFix Campaigns?

Scams

Scams Malware Phishing Social Engineering

US DoJ charges five alleged members of the Scattered Spider cybercrime gang

Security Affairs

NOVEMBER 21, 2024

Between September 2021 and April 2023, the hackers carried out phishing attacks to steal login credentials from employees of 12 companies and individuals. Victims included gaming, telecom, and cryptocurrency firms, with losses reaching millions in stolen cryptocurrency and data from hundreds of thousands of accounts.

Cybercrime

Cybercrime Identity Theft Cryptocurrency Phishing

GUEST ESSAY: Leveraging ‘zero trust’ and ‘remote access’ strategies to mitigate ransomware risks

The Last Watchdog

MAY 5, 2022

Ransomware? Well, the stats are even scarier with over 50% increase in ransomware attacks in 2021, compared to 2020. The media paid close attention to ransomware attacks last year, as they had a significant impact on Colonial Pipeline, the nation’s largest fuel distributor, and JBS, the nation’s largest meat distributor.

Ransomware

Ransomware Risk Internet Internet

Microsoft Targets Threat Group Behind Fake Accounts

Security Boulevard

DECEMBER 14, 2023

Microsoft seized parts of the infrastructure of a prolific Vietnam-based threat group that the IT giant said was responsible for creating as many as 750 million fraudulent Microsoft accounts that were then sold to other bad actors and used to launch a range of cyberattacks – from ransomware to phishing to identity theft – against.

Accountability

Accountability Identity Theft Phishing Ransomware

100 million US citizens officially impacted by Change Healthcare data breach

Malwarebytes

OCTOBER 25, 2024

The attack on Change Healthcare, which processes about 50% of US medical claims, was one of the worst ransomware attacks against American healthcare and caused widespread disruption in payments to doctors and health facilities. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. Take your time.

Healthcare

Healthcare Data breaches Passwords Identity Theft

The March Madness Cyber Threat

Adam Levin

MARCH 17, 2022

Unfortunately, brackets create opportunities for a wide array of phishing and hacking campaigns, particularly in workplaces where a lot of brackets are distributed. Sensitive information including passwords and financial information can be exfiltrated and ransomware can be deployed to block access to critical data.

Cyber threats

Cyber threats Phishing Passwords Malware

New AI “agents” could hold people for ransom in 2025

Malwarebytes

FEBRUARY 4, 2025

And yet, if artificial intelligence achieves what is called an agentic model in 2025, novel and boundless attacks could be within reach, as AI tools take on the roles of agents that independently discover vulnerabilities, steal logins, and pry into accounts. These are real threats, but they are not novel. That could change in 2025.

Artificial Intelligence

Artificial Intelligence Small Business Malware Technology

US, European Law Enforcement Shut Down Cybercrime-Friendly VPN Services

Adam Levin

DECEMBER 23, 2020

The VPN providers services facilitated cybercrimes including ransomware, e-skimming breaches, spear phishing, and account takeovers “at a high price to the criminal underworld,” according to the announcement.

VPN

VPN Cybercrime Phishing Ransomware

Cisco was hacked by the Yanluowang ransomware gang

Security Affairs

AUGUST 10, 2022

Cisco discloses a security breach, the Yanluowang ransomware group breached its corporate network in late May and stole internal data. Cisco disclosed a security breach, the Yanluowang ransomware group breached its corporate network in late May and stole internal data. yanluowang ransomware has posted #Cisco to its leaksite.

Ransomware

Ransomware Hacking VPN Phishing

Carbanak malware returned in ransomware attacks

Security Affairs

DECEMBER 26, 2023

Researchers at NCC Group reported that in November they observed the return of the infamous banking malware Carbanak in ransomware attacks. The cybersecurity firm NCC Group reported that in November the banking malware Carbanak was observed in ransomware attacks.

Malware

Malware Ransomware Banking Healthcare

The Original APT: Advanced Persistent Teenagers

Krebs on Security

APRIL 6, 2022

Many organizations are already struggling to combat cybersecurity threats from ransomware purveyors and state-sponsored hacking groups, both of which tend to take days or weeks to pivot from an opportunistic malware infection to a full blown data breach. “voice phishing” a.k.a. “vishing”).

Social Engineering

Social Engineering Phishing Engineering Accountability

Microsoft Announces Security Update with Windows Resiliency Initiative

eSecurity Planet

DECEMBER 4, 2024

With cyberattacks on operating systems, applications, and networks becoming more sophisticated, the tech giant formulated a strategy to enhance the protection of Windows systems, focusing strongly on phishing attacks. Users will be given standard user accounts by default.

Encryption

Encryption Phishing Passwords Authentication

BEST PRACTICES: Blunting ‘BEC’ capers that continue to target, devastate SMBs and enterprises

The Last Watchdog

APRIL 14, 2022

This type of targeted phishing or whaling (executive-level) attack tricks email recipients into believing someone they know and trust is asking them to carry out a specific financial task. The CFO commonly carries out such tasks and arranges a wire transfer using the account information provided on the invoice. Scenario 2. Scenario 3.

Phishing

Phishing Accountability Scams Social Engineering

Akira ransomware received $42M in ransom payments from over 250 victims

Security Affairs

APRIL 21, 2024

Government agencies revealed that Akira ransomware has breached over 250 entities worldwide and received over $42 million in ransom payments. Like other ransomware gangs, the group has developed a Linux encryptor to target VMware ESXi servers. In some attacks, threat actors created an administrative account named itadm.

Ransomware

Ransomware Encryption Antivirus VPN

Dodging the Cyber Bullet: Early Signs of a Ransomware Attack

IT Security Guru

AUGUST 19, 2024

Ransomware attacks are a growing menace. By recognising early warning indicators and addressing security gaps proactively, entities can prevent themselves from falling victim to ransomware. Despite awareness campaigns, many still fall prey to malicious links, such as phishing emails masquerading as communications from trusted entities.

Ransomware

Ransomware Backups Social Engineering Manufacturing

Nastiest Malware 2024

Webroot

OCTOBER 31, 2024

This year has seen ransomware groups adapt and innovate, pushing the boundaries of their malicious capabilities and evasiveness from law enforcement. The ransomware sector, in particular, has witnessed the emergence of “business models,” with ransomware-as-a-service (RaaS) dominating the scene.

Malware

Malware Ransomware Passwords Healthcare

LW ROUNDTABLE: Predictive analytics, full-stack visualization to solidify cyber defenses in 2025

The Last Watchdog

DECEMBER 18, 2024

AI-powered cryptocurrency attacks will automate phishing and exploit vulnerabilities. Dulce Sagie Dulce , VP Research, Zero Networks In 2025, AI will empower both defenders and attackersimproving incident response for the former while accelerating exploits and phishing for the latter.

Risk

Risk Threat Detection Technology Phishing

Understanding MFA Fatigue: Why Cybercriminals Are Exploiting Human Behaviour

IT Security Guru

FEBRUARY 25, 2025

Initial Compromise: Malefactors first gain access to the victims credentials through phishing, brute force attacks, or dark web marketplaces. Lateral Movement: Once inside, crooks may escalate privileges, exfiltrate sensitive data, or deploy ransomware and other malicious tools.

Social Engineering

Social Engineering Authentication Risk Accountability

Spam and phishing in 2022

SecureList

FEBRUARY 16, 2023

Short-lived phishing sites often offered to see the premieres before the eagerly awaited movie or television show was scheduled to hit the screen. At the beginning of that year, we still observed phishing attacks that used the themes of infection and prevention as the bait. Others offered the coveted Green Pass without vaccination.

Phishing

Phishing Scams Accountability Energy and Utilities

A firsthand perspective on the recent LinkedIn account takeover campaign

Malwarebytes

SEPTEMBER 1, 2023

Not long ago I wrote about a recent campaign to hold LinkedIn users' accounts to ransom. Since he doesn’t use the LinkedIn app on his mobile he checked his account on his laptop first thing in the morning. A reset of the account’s password worked, but failed to remove the unwanted active session.

Accountability

Accountability Passwords Mobile Authentication

Arrest in ‘Ransom Your Employer’ Email Scheme

Krebs on Security

NOVEMBER 22, 2021

In August, KrebsOnSecurity warned that scammers were contacting people and asking them to unleash ransomware inside their employer’s network, in exchange for a percentage of any ransom amount paid by the victim company. According to the FBI’s Internet Crime Complaint Center ( IC3 ), consumers and businesses reported more than $4.2

Scams

Scams Cybercrime Banking Identity Theft

Feds Charge Five Men in ‘Scattered Spider’ Roundup

U.S. Justice Department Cracks Down on Scattered Spider Phishing Ring

Trending Sources

LW ROUNDTABLE — How 2024’s cyber threats will transform the security landscape in 2025

Operation Heart Blocker: International Police Disrupt Phishing Network

News alert: SpyCloud accelerates supply chain risk analysis with new ‘IDLink’ correlation capability

Ghost Ransomware a Persistent Global Threat to Critical Infrastructure

Report Shows Ransomware Has Grown 41% for Construction Industry

Columbus Ransomware Attack Exposes 500,000+ Residents’ Data: How to Stay Safe

How a successful phishing attack can hurt your organization

Florence, Ala. Hit By Ransomware 12 Days After Being Alerted by KrebsOnSecurity

Inside Ireland’s Public Healthcare Ransomware Scare

BayMark Health Services sends breach notifications after ransomware attack

iNSYNQ Ransom Attack Began With Phishing Email

UnitedHealth almost doubles victim numbers from massive Change Healthcare data breach

Warning over free online file converters that actually install malware

Report Finds 50% of Scattered Spider Phishing Domains Targeted Finance & Insurance

News alert: SpyCloud operationalizes darknet data, pioneers shift to holistic identity threat protection

Two ransomware groups abuse Microsoft’s Office 365 platform to gain access to target organizations

City of Columbus breach affects around half a million citizens

Ransomware access broker steals accounts via Microsoft Teams phishing

Leaked Black Basta Chats Expose Ransomware Secrets & Infighting

Interpol: Operation HAECHI-V led to more than 5,500 suspects arrested

News alert: SpyCloud study shows Darknet identity exploitation arising to become a primary cyber risk

Deceptive Google Meet Invites Lures Users Into Malware Scams

US DoJ charges five alleged members of the Scattered Spider cybercrime gang

GUEST ESSAY: Leveraging ‘zero trust’ and ‘remote access’ strategies to mitigate ransomware risks

Microsoft Targets Threat Group Behind Fake Accounts

100 million US citizens officially impacted by Change Healthcare data breach

The March Madness Cyber Threat

New AI “agents” could hold people for ransom in 2025

US, European Law Enforcement Shut Down Cybercrime-Friendly VPN Services

Cisco was hacked by the Yanluowang ransomware gang

Carbanak malware returned in ransomware attacks

The Original APT: Advanced Persistent Teenagers

Microsoft Announces Security Update with Windows Resiliency Initiative

BEST PRACTICES: Blunting ‘BEC’ capers that continue to target, devastate SMBs and enterprises

Akira ransomware received $42M in ransom payments from over 250 victims

Dodging the Cyber Bullet: Early Signs of a Ransomware Attack

Nastiest Malware 2024

LW ROUNDTABLE: Predictive analytics, full-stack visualization to solidify cyber defenses in 2025

Understanding MFA Fatigue: Why Cybercriminals Are Exploiting Human Behaviour

Spam and phishing in 2022

A firsthand perspective on the recent LinkedIn account takeover campaign

Arrest in ‘Ransom Your Employer’ Email Scheme

Stay Connected