1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • The MOVEit breach may well have been the biggest cyberattack of t

    From TechnologyDaily@1337:1/100 to All on Wed Dec 20 12:15:05 2023
    The MOVEit breach may well have been the biggest cyberattack of the year

    Date:
    Wed, 20 Dec 2023 12:01:28 +0000

    Description:
    ESET examines the biggest cyberattacks and trends of 2023, with the MOVEit breach coming out on top.

    FULL STORY ======================================================================

    It seems the breach of the file transfer service MOVEit was one of the
    biggest cyberattacks of 2023 - despite it being a year in which a number of dangerous new trends and tactics emerged.

    A new report from ESET examined the most significant cyber incidents of the second half of 2023, noting that what made the MOVEit breach unique, aside from its widespread impact, was the fact that no ransomware was actually deployed by Cl0p, the gang behind the attack.

    It also leaked stolen data from victim organizations onto public website, another case of a new tactic being employed by cybercriminals. This was emulated by the notorious ALPHV/ BlackCat ransomware gang, who were also prevalent this year. Emerging trends

    In its report, ESET notes that due to the sheer scale of the MOVEit hack, it was likely too much effort for Cl0p to encrypt every victim it captured. ESET cites figures from Emsisoft who estimates the number of affected
    organizations after six months to be over 2,600.

    Victims ranged from government agencies, schools and healthcare, to major firms like Sony and PricewaterhouseCoopers (PwC).

    Another emerging trend for this year has been the rise of attacks involving AI, not surprising given the boom the technology has experienced in the wake of ChatGPT's public release in November 2022.

    Many campaigns have targeted users of AI tools like ChatGPT, as well as creating fake domains resembling 'ChatGPT' in their wording. Such domains include web apps that use the OpenAI API keys in an insecure way, threatening user's data privacy.

    Also taking this year by storm was the Lumma stealer, which was very successful in stealing crypto wallets. It alone was responsible for a 68%
    rise in crypto theft this year, accounting for 80% of detections in this sector. The Lumma malware has also been stealing credentials and other information, with the total number of Lumma detections tripling between H1
    and H2 2023.

    And the ever-present Magecart threat, which has been hassling retailers since 2015, still remains strong - in fact it has actually been growing this year. It injects code into unsecure websites to steal information from users, such as their credit card details. The number of detections between 2021 and 2023 rose by 343%.

    Ji Krop, Director of Threat Detection at ESET, concludes that "these developments show an ever-evolving cybersecurity landscape, with threat
    actors using a wide range of tactics." With the rise of AI and the constantly evolving tactics of threat actors, it looks as if attacks will only worsen going into next year too. MORE FROM TECHRADAR PRO This is the best endpoint protection for your business The US government is officially investigating
    the MOVEit vulnerability Ransomware payments set to hit a new high in 2023 - here's how to stay safe



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/the-moveit-breach-may-well-have-been-th e-biggest-cyberattack-of-the-year


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)