Greetings!

Stay Secure and Get the Latest Cyber Security Updates with GoAllSecure’s Monthly Bulletin!

LockBit Makes a Return as the Most Prominent Ransomware Actor in May 2024

The latest analysis reveals that the notorious LockBit group reemerged as the leading ransomware actor in May 2024. LockBit 3.0 staged 176 ransomware attacks, accounting for 37% of the total attacks in that month, marking a substantial 665% increase from the previous month. This surge in activity positioned LockBit ahead of other prominent groups such as Play and RansomHub. LockBit’s resurgence follows a period of dormancy after the global law enforcement operation, Operation Cronos, incapacitated key infrastructure used by the group in February 2024. Despite speculation that LockBit 3.0 would dissolve following this operation, the recent surge in activity suggests otherwise. There are also concerns that the group may be inflating their numbers to disguise the true state of their organization. The report also revealed a 32% increase in global ransomware attacks from the previous month. Notably, the industrial sector was the most targeted, accounting for 30% of attacks, followed by the technology sector. Additionally, significant regional trends were observed, with a decline in attacks targeting North America and substantial increases in Europe, South America, and Africa.

Ticketmaster Confirms Breach Potentially Impacting 560 Million Users

Live Nation, the parent company of Ticketmaster, has confirmed that it experienced a cyber-attack last month, resulting in the exposure of internal data. The majority of the compromised data came from its Ticketmaster subsidiary, affecting potentially 560 million customers. The company identified unauthorized activity within a third-party cloud database environment and launched an investigation. A criminal threat actor known as ShinyHunters is allegedly selling 1.3TB of stolen customer data, including names, addresses, emails, phone numbers, and partial payment card information. The breached third-party cloud storage firm, Snowflake, was also reportedly involved in a similar incident with Spanish bank Santander. It was reported that the threat actor targeted a Snowflake employee’s ServiceNow account with stolen credentials to gain access to the Ticketmaster database. However, Snowflake clarified that the recent increase in threat activity is due to industry-wide identity-based attacks, not caused by any vulnerability or misconfiguration within their product. Despite the potentially large impact on customers, Live Nation downplayed the operational and financial impact of the incident in an SEC filing, stating that they do not believe it will have a material impact on their business operations or financial condition. They continue to evaluate the risks, and their remediation efforts are ongoing.

Cybersecurity Burnout Is Real, and It’s Costing Firms $700m+ Annually

A recent study from Hack The Box suggests that British and US businesses may be losing up to $756 million annually due to reduced productivity caused by burnout among cybersecurity staff. The study calculated this figure by considering the average daily wage for cybersecurity professionals and then factoring in the average number of sick days and days lost to poor productivity. According to the research, UK employers could be losing around $130 million annually, while their US counterparts may be facing losses of up to $626 million. The primary reason identified for this burnout is the high stress, fatigue, and pressure experienced by cybersecurity professionals, largely due to the fast-paced nature of technological advancements and increasing threat volumes. The study also found that a significant number of cybersecurity professionals have taken time off due to work-related mental well-being issues. Interestingly, it was highlighted that while 90% of CISOs are concerned about the impact of burnout on their teams, only 47% of CEOs share the same level of concern. The CEO of Hack The Box emphasized the need for business leaders to prioritize the mental well-being of cybersecurity professionals and to collaborate closely with them in order to provide the necessary support and solutions for success.

92% of Organizations Hit by Credential Compromise from Social Engineering Attacks

In 2023, a new report by Barracuda revealed that 92% of organizations encountered an average of six credential compromises due to email-based social engineering attacks. The majority of these attacks (86%) involved scamming and phishing. Some key trends in these attacks included a rise in conversation hijacking by 70% compared to 2022, with attackers monitoring compromised business accounts to craft convincing messages. Business email compromise (BEC) attacks increased to 10.6%, and extortion attacks made up 2.7% of total social engineering attacks. The report also highlighted that cybercriminals often used legitimate services to launch these attacks, with Gmail being the most utilized email domain, accounting for 22% of attacks. Additionally, popular commercial URL-shortening services were leveraged, with bit.ly being the most widely used. An emerging trend was the significant increase in QR code phishing attacks, targeting around 5% of mailboxes in late 2023. These attacks prompt users to scan the code, leading them to fake pages designed to extract sensitive information or distribute malware. This method of attack poses challenges for traditional email filtering and security software, as it directs users to personal devices that are often less protected.

Data Disaster: Los Angeles Public Health Department Suffers Biggest Data Breach

The Los Angeles County Department of Public Health (DPH) experienced a data breach affecting 200,000 individuals. The breach, caused by phishing, exposed personal, medical, and financial information. DPH is notifying affected individuals by mail and offering free identity monitoring for a year. The department has implemented security enhancements and is working with law enforcement and regulatory agencies. In another incident, the US private healthcare provider Ascension was hit by a ransomware attack, leading to compromised patient information and disrupted services.

London Ransomware Attack Led to 1500 Cancelled Appointments and Operations

The Los Angeles County Department of Public Health (DPH) experienced a data breach affecting 200,000 individuals. The breach, caused by phishing, exposed personal, medical, and financial information. DPH is notifying affected individuals by mail and offering free identity monitoring for a year. The department has implemented security enhancements and is working with law enforcement and regulatory agencies. In another incident, the US private healthcare provider Ascension was hit by a ransomware attack, leading to compromised patient information and disrupted services.