Discover and read the best of Twitter Threads about #ransomware

Most recents (24)

NEW: "The greatest long-term threat to out nation's ideas, innovation & economic security, our national security, is that from #China" @FBI Dir Christopher Wray tells House Homeland Security Committee
"The Chinese gvt aspires to equal or surpass the US as a global superpower & influence the world w/a value system shaped by undemocratic authoritarian ideals" per @FBI's Wray "We are confronting that threat head-on"
"The @FBI has scores of investigations open into the #China in all 56 of our field offices" per Wray
Read 17 tweets
Der #Digitalausschuss des Bundestages besucht mit 1 Delegation Japan u Südkorea. heute früh: Besuch Vizeminister im Min. für Inneres u Telekommunikation Takeuchi Yoshiaki. Glasfaser gibts in Japan in 2027 für 99.9% der Haushalte, zZ haben < 170.000 HH keine Glasfaser.
Unsere (demokratischen) Delegationsmitglieder des #btADi aus dem Bundestag sind: @maik_aussendorf @CatarinaDosSa @Hansjoerg_Durz @JensZSPD @max_fksr #btADiJpKor
Anschließend Besuch bei @NTTDocomoNews Tokio, Infos u Austausch zu #5G u #6G. Fotos posten aus dem Lab war leider verboten. 6G erwartet man in Japan kommerziell spätestens 2030, 5G ist hier schon fast überall verfügbar. 6G ist noch 100mal schneller als 5G! #btADiJpKor
Read 33 tweets
NEW: #Russia's war in #Ukraine & #cyber - "We have learned a tremendous amount" @CYBERCOM_DIRNSA Gen. Paul Nakasone tells @CFR_org

Says #Ukraine has hardened its networks & has been a step ahead of the Russians in #cyberspace
"Having 10 folks on the ground that are tied back to our command & our agency, that's power I think is really helpful" per @CYBERCOM_DIRNSA re US #cyber aid to #Ukraine

Says US "surged to well over 30...we flooded the zone" to help #Kyiv in #cyber
#Ukraine's warnings abt looming #cyber attacks by #Russia on energy, financial sectors - "They have gone after energy, certainly" @CISAJen tells @CFR_org

"We've been working very closely w/the energy sector ... we are not at a place where we should be putting our shields down"
Read 15 tweets
📢 📖 C’est avec un immense plaisir que je vous annonce la sortie de mon livre "Cyberattaques, les dessous d’une menace mondiale" ! Tous les détails dans le fil 🧵 /1
Cet ouvrage, c’est plus d’un an de travail visant à décrypter pour le grand public les affrontements entre les attaquants et les défenseurs de notre monde numérique. /2
🖐 Au-delà des classiques listes d’attaques et de bonnes pratiques de sécurisation, j’ai souhaité donner une dimension humaine à ce livre. /3
Read 14 tweets
1/ So, site impersonating @Fortinet downloads signed MSI that uses Powershell to run #BatLoader, if the user is connected to a domain (corporate network) it deploys:

1) #Ursnif (Bot)
2) #Vidar (Stealer)
3) #Syncro RMM (C2)
4) #CobaltStrike
And possibly
5) #Ransomware 💥 ImageImageImageImage
2/ For initial deployment they use NirCmd, NSudo and GnuPG (to encrypt payloads) among other utilities.

* Remove-Item -Path "HKLM:\SOFTWARE\Microsoft\AMSI\Providers\{2781761E-28E0-4109-99FE-B9D127C57AFE}" -Recurse
* Remove-Encryption -FolderPath $env:APPDATA -Password '105b' ImageImageImageImage
3/ The websites are boosted through SEO poisoning and impersonate brands such as @Zoom, @TeamViewer, @anydesk, @LogMeIn, @CCleaner, #FileZilla and #Winrar among others.

/ ImageImageImageImage
Read 10 tweets
New: #Ukraine bracing for new round of #Russia|n cyber attacks targeting its energy, financial sectors, Deputy Minister of Digital Transformation Georgii Dubynskyi tells reporters
"We saw this scenario before-before the winter they [#Russia] are trying to find a way how to undermine, how to defeat our energy system & how to make circumstances even more severe for Ukrainians" per Dubynskyi
#Russia also trying to employ "precision" #cyberattacks

"Using social engineering & using some it's also possible #hybrid attacks as well" per Dubynskyi
Read 12 tweets
Cet article nous apprend que l'enquête a été confiée à @CyberGEND. C'est un indice, en soit, sur le #ransomware impliqué dans l'attaque, même s'il n'est pas mentionné.
@CyberGEND Car voyez-vous, selon le #ransomware, l'enquête est traitée soit côté Gendarmerie, soit côté Police.… Image
@CyberGEND Les articles de presse donnent des indices. Par exemple, celui-ci suggère que les cas #Hive sont traités côté Police.…
Read 8 tweets
3 attackers, 2 weeks – 1 entry point...

Lockbit, Hive, and BlackCat attack an automotive supplier in this triple #ransomware attack.

After gaining access via RDP, all three threat actors encrypted files, in an investigation complicated by event log clearing and backups.

In May 2022, an automotive supplier was hit with three separate ransomware attacks. All three threat actors abused the same misconfiguration – a firewall rule exposing Remote Desktop Protocol (RDP) on a management server – but used different ransomware strains and tactics. 2/17
The first ransomware group, identified as Lockbit, exfiltrated data to the Mega cloud storage service, used Mimikatz to extract passwords, and distributed their ransomware binary using PsExec. 3/17
Read 17 tweets
NEW: Multiple attackers increase pressure on victims, complicate incident response

Sophos’ latest Active Adversary report explores the issue of organizations being hit multiple times by attackers...

There’s a well-worn industry phrase about the probability of a cyberattack: “It’s not a matter of if, but when.”

Some of the incidents @Sophos recently investigated may force the industry to consider changing this: The question is not if, or when – but how many times? 2/17
In an issue we highlighted in our Active Adversary Playbook 2022, we’re seeing organizations being hit by multiple attackers. 3/17
Read 17 tweets
1/ Interesting toolkit currently used by #Ransomware affiliates 💣

- 1.bat > Disabler (UAC/NLA/IFEOs)
- 1.msi > Anydesk wrapped using exemsi[.]com (persistence/C2)
- aswArPot.sys > Avast Anti-Rootkit driver used to disable AV/EDR (BYOVD)
- terminat.exe > #BURNTCIGAR (?) ImageImageImageImage
2/ The artifacts were available until today on a server with #opendir ( that was active for at least 15 days.

You may want to block/monitor this hash: 4b5229b3250c8c08b98cb710d6c056144271de099a57ae09f5d2097fc41bd4f1 (aswArPot.sys)

[+]… Image
3/ More references regarding these TTPs:

[+] @TrendMicro (2022-05-02):…
[+] @Aon_plc (2022-02-26):…
[+] @Mandiant (2022-02-23):…

Read 5 tweets
@BNPartnership Here we go! Set to begin! @BNPartnership #CyberSecurity seminar
@BNPartnership Today's program is called "Unawareness: The current threat landscape for #Cybersecurity" - threats never stay the same, and now is not the time to let your guard down! @BNPartnership
@BNPartnership Since the pandemic, hybrid, working from home became the norm faster than anyone could have imagined. Moving to the Cloud became a necessity but companies need to identify where data is and the controls set in place to protect it.
Read 17 tweets
Monthly reminder that I study today's global medical PANdemIC through the lens of many past computer virus panics. Click the "panic button" to read more!…
Yesterday was #NickoSilar's birthday. Our industry spouts an #UrbanLegend that she died in a hospital #ransomware attack … yet the truth is a bit complicated for our collective reductionist beliefs.

Let's study the facts surrounding this baby's tragic death, shall we? Image
First, I need to caveat my role in this sad affair. I offer my expertise pro bono to the law firm representing the attending physician who delivered #NickoSilar on that fateful day. My specific goal is to protect Dr. Parnell from Springhill Medical Center's legal team.
Read 19 tweets
Voila, hier beginnt der Thread zu Tag 4 d Delegationsreise des Digitalausschusses (Bundestag) nach Estland u Finnland.
Die bisherigen Threads könnt Ihr hier nachlesen:
Tag 1…
Tag 2:…
Tag 3:… #btADiEstFinn /T4-1
Tag 4 begann bei @FSecure in Helsinki, die in Kürze @WithSecure heißen, ihr Geschäftsfeld ist IT-Sicherheit, insbesondere entwickeln sie vielversprechende Werkzeuge, um #Ransomware Attacken abzuwehren u selbst begonnene Verschlüsselung „rückgängig“ zu machen. #btADiEstFinn /T4-2 Image
„Ransomware-Attacke rückgängig machen“ heißt in d Fall, die Attacke so früh zu identifizieren, dass (wenn ich alles richtig verstanden habe) ein Blitzbackup erstellt wird, das noch während der Verschlüsselung o unmittelbar danach wiederhergestellt wird. #btADiEstFinn /T4-3
Read 33 tweets
Live from #GartnerSEC | #Ransomware Is Changing — Are You Ready? with Paul Furtado, Gartner VP Analyst.

About this session: Ransomware attacks have been morphing. Techniques used by the bad actors are changing. We will provide insight into the new tactics being used by...
... the bad actors not only to access your environment, but what they are doing with your #data once exfiltrated. We'll also provide current data on the financial impact of a #ransomware attack. #GartnerSEC
Follow this thread for key takeaways on #ransomware. 👇🧵 #GartnerSEC
Read 15 tweets
Mandiant’s Nick Bennett & Dave Wong have taken the stage at #RSAC for a discussion on multifaceted extortion. Image
“In 2022 we are seeing #ransomware attackers get very creative,” say Nick Bennett during the #RSAC presentation. “They want to create as much leverage as they can to force the victims to pay the ransom.” Image
One of the lessons we’ve learned in our work with organizations, Dave Wong shares at #RSAC, is “#ransomware detection is about the whole attacker life cycle. Defenders need to focus on both prevention and detection.” Image
Read 4 tweets
Great turn out for today’s #RSAC keynote presentation from Mandiant’s @JumpforJoyce and @DAlperovitch, titled “Global Threat Brief: Hacks and Adversaries Unveiled”
This session will be an unveiling of the most novel attacks in the current global threat landscape, diving into specific, real-time examples of threat actor activity from both nation-states and criminal groups, along with strategic advice for countering them. #RSAC
They’ll begin with a deep dive on the Ukraine cyberwarfare front, covering the top cyber defender takeaways to date. Stay tuned to find out “Resiliency is Key” #RSAC
Read 21 tweets
GAFAM, surveillance, souveraineté numérique dans une Transparence plutôt maigre voire totalement opaque.

Intérêt, interrogation, demande d'explication ?
TAGUE toi-même les concernés à la fin du 🧵
A cette heure, on tente de
- sauver ce qu'il reste de #souveraineténumérique.
- protéger entreprises, jeunes, citoyens
- gérer le transfert de données par les RS, les conf-call, le télétravail et l'école
- subir le vol de données
- rattraper le retard
- respecter la RGPD
D'un côté, on demande au CF de sauver les données dans un cloud suisse sécurisé et décentralisé ou centralisé mais le CF à peine à comprendre lequel :
Microsoft, Alibaba, entreprises privées ou cloud d'Etat.
Read 26 tweets
"The gvt of #Russia views the US as its primary adversary..." Kurtis Ronnow, deputy asst dir for of the @FBI's Counterintelligence Division, tells @USChamber during virtual briefing on #cyber
"#Russia's malign influence efforts are ongoing" & involve #cyber, other means, per @FBI's Ronnow
US officials "remain concerned" #Russian cyber criminals will target US businesses, critical infrastructure in support of #Russia's ops in #Ukraine, Mike Herrington, section chief of the @FBI's Cyber Division tells @USChamber
Read 13 tweets
Bir çoğunuzun haberi yoktur fakat geçtiğimiz hafta büyük bir kaç #ransomware vakası yaşandı. VmCenter açığından faydalanarak gerçekleştirilen bu saldırıdan 2 #datacenter etkilendi. Acilen olay yerine müdahale etmemiz istendi.
Saldırının analizini yapmak, zafiyete sebebiyet veren açığı tespit etmek, olası güvenlik tedbirleri vb çalışmaları yapmaya zaman yoktu. Yüzlerce sunucudan oluşan bir veri kaybının olduğu bir yerde önceliğin bu olması mantıklı da olmazdı zaten.
Birinci önceliğimiz tüm sistemi yeniden ayağa kaldırmak ve mağduriyeti gidermek olduğu için kolları sıvadık ve çalışmalara başladık. Öncesinde #hacker ile bazı iletişimler kurulduğunu ve bir miktar fidye ödendiğini olay yerine ulaştıktan sonra öğrendik.
Read 20 tweets
Tras realizar una encuesta el martes, en la que más de la mitad ha reconocido que en la empresa en la que trabaja hay un margen de mejora a la hora de proteger una empresa frente a #ciberataques, compartimos algunos de los datos de los últimos informes en materia de #seguridad. Image
Recuerda, en @irontec podemos ayudarte con el diseño de un #PlandeSeguridad adecuado a las necesidades y las posibles vulnerabilidades de tu empresa. Escríbenos, estamos deseando ayudarte: #Ciberseguridad #Ciberataque #Irontec Image
El 45% de las empresas reconoce que son más vulnerables a los ataques desde el comienzo de la pandemia. #ciberseguridad Image
Read 7 tweets
Vaya, vaya, vaya. Parece que Elon Musk está en todos lados y me envían una invitación para vete a saber que... 😏
Un corto hilo sobre análisis de PDF.
El primer punto es analizar los datos del remitente y mirar las cabeceras. No voy a profundizar, pero con las direcciones de email que aparezcan ya tenemos unos cuantos indicadores que nos pueden servir más adelante. También vemos que hay un archivo PDF adjunto.
Todo usuario debería sospechar que cualquier PDF adjunto, sobre todo si viene de un desconocido, o el nombre del PDF ya incita a que sea abierto.
Por supuesto, el usuario "de a pie" no es experto en esto, y se le debe de guiar en ciertas buenas prácticas.
Read 12 tweets
"...gezielten und langanhaltenden Ausfall der #Strom- oder #Wasserversorgung zu bewirken ist...eine hochkomplexe Aufgabe. Das geht nicht so einfach wie in Hollywood, dass man nur ein bisschen auf der Tastatur klimpern muss"

Mein Interview mit @LANline_DE…
"Die hohe Kunst des langanhaltenden, dauerhaften Ausfalls ist sehr komplex. Das hat man auch bei #StuxNet gesehen"
"In der #Ukraine wiederum gab es 2015 und 2016 Angriffe auf die #Stromversorgung. Hier war offenbar geplant, die Stromversorgung langanhaltend und großflächig lahmzulegen, das hat aber nicht funktioniert."
Read 23 tweets
Thread on #APT grps, #hacktivists, #Ransomware gangs with their ‘likely’ associations (as per TTPs and reports) that are playing a significant role in impending #Ukraine #Russian conflict. Correct me if i am wrong or missing any one. 1/
Firstly on Russian 🇷🇺side there are #GhostWriter (#Belarus Govt Backed) #CozyBear (Russian Foreign Intel aka #SVR) #UNC1151 (Minsk based) #FancyBears & #SandWorm (Russian Military Intel aka #GRU) #Turla and #Gamaredon (Russian Internal Intel #FSB Former KGB) 2/
Read 7 tweets
"„Es besteht eine erhöhte Bedrohungslage, ja klar. Aber das ist aktuell keine fatale Lage“, kommentierte @HonkHase, Sprecher der @AG_KRITIS, einer Arbeitsgemeinschaft unabhängiger Security-Fachleute, gegenüber @LANline_DE"

#KRITIS #Cyberangriffe #Krieg…
"@HonkHase's Einschätzung der aktuellen Situation: „Das Risiko für erfolgreiche Angriffe auf kritische Infrastruktur ist definitiv gegeben und durch die #Kriegslage höher als sonst, aber die Eintrittswahrscheinlichkeit ist sehr überschaubar..."

"Zum Vergleich: Auch beim #Hochwasser im #Ahrtal wurde kritische Infrastruktur zerstört, und #Klimakatastrophen werden in den nächsten Jahren, so wie auch #Ransomware-Angriffe, deutlich zunehmen.“

Read 7 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!