Related Posts
Check if you’re in Google Chrome’s third-party cookie phaseout test
Check if you’re in Google Chrome’s third-party cookie phaseout test
Google has started testing the phasing out of third-party cookies on Chrome, affecting about 1% of its users or approximately 30 million people. Learn how to check if you are part of the initial test. […] Read More
BleepingComputer
![LockBit, the world’s worst ransomware, is down](https://www.malwarebytes.com/wp-content/uploads/sites/2/2024/02/lockbit-site-is-down.jpg?w=1024)
LockBit, the world’s worst ransomware, is down
LockBit, the world’s worst ransomware, is down
[[{“value”:”
For the last two years the absolute worst, most prolific, most globally significant “big game” ransomware gang has been LockBit.
This evening its position as ransomware’s biggest beast is suddenly in doubt, following some non-consensual website redecoration at the hands of the UK’s National Crime Agency (NCA).
The LockBit data leak site has a new look
The LockBit dark web site usually hosts the names and data of organisations that refused to pay ransoms. That’s been replaced by a message from the NCA, saying:
This site is now under the control of The National Crime Agency of the UK, working in close cooperation with the FBI and the international law enforcement task force, ‘Operation Cronos’.
Repleat with the flags and badges of the countries and agencies involved, the new look site promises there is more to come. “We can confirm that Lockbit’s services have been disrupted as a result of International Law Enforcement action – this is an ongoing and developing operation. Return here for more information at: 11:30 GMT on Tuesday 20th Feb.
Since the demise of Conti in 2022, LockBit has been unchallenged as the most prolific ransomware group in the world. In the last 12 months it has racked up more than two and half times as many known attacks as ALPHV, its closest rival.
Top 5 ransomware gangs by known attacks, February 2023 – January 2024
At this stage we have no idea how serious the damage to LockBit is, and law enforcement is only claiming that the group has been “disrupted”. However, even if that disruption isn’t fatal, it will doubtless raise serious questions among LockBit’s criminal associates.
LockBit sells ransomware-as-a-service (RaaS) to “affiliates”, criminal gangs who use the service to carry out ransomware attacks. Even if LockBit can rebuild its infrastructure elsewhere those affiliates now have every reason to question its credibility.
The takedown comes just two months after LockBit’s biggest rival, ALPHV, also suffered a serious mauling at the hands of international law enforcement, before staggering back to its feet.
How to avoid ransomware
Block common forms of entry. Create a plan for patching vulnerabilities in internet-facing systems quickly; and disable or harden remote access like RDP and VPNs.
Prevent intrusions. Stop threats early before they can even infiltrate or infect your endpoints. Use endpoint security software that can prevent exploits and malware used to deliver ransomware.
Detect intrusions. Make it harder for intruders to operate inside your organization by segmenting networks and assigning access rights prudently. Use EDR or MDR to detect unusual activity before an attack occurs.
Stop malicious encryption. Deploy Endpoint Detection and Response software like ThreatDown EDR that uses multiple different detection techniques to identify ransomware, and ransomware rollback to restore damaged system files.
Create offsite, offline backups. Keep backups offsite and offline, beyond the reach of attackers. Test them regularly to make sure you can restore essential business functions swiftly.
Don’t get attacked twice. Once you’ve isolated the outbreak and stopped the first attack, you must remove every trace of the attackers, their malware, their tools, and their methods of entry, to avoid being attacked again.
You can learn more about the threat of big game ransomware like LockBit and ALPHV in our 2024 State of Malware report.
“}]] Read More
Malwarebytes
CrowdStrike Debuts New Counter Adversary Operations Team to to Stop Modern Breaches
CrowdStrike Debuts New Counter Adversary Operations Team to to Stop Modern Breaches
On August 8, 2023, Crowdstrike announced its new counter operations, “CrowdStrike Falcon Intelligence” and the CrowdStrike® Falcon OverWatch” to detect and disrupt advanced cyber adversaries.
A new threat intelligence report from the Crowdstrike team shows a comprehensive look at the evolving techniques of today’s adversaries.
Falcon Overwatch is a MANAGED THREAT HUNTING SERVICE, and Falcon® Intelligence is the only solution to integrate threat intelligence into endpoint protection truly.
CrowdStrike is an American cybersecurity technology company. It provides cloud workload and endpoint security, threat intelligence, and cyber attack response services.
CrowdStrike Counter Adversary Operations will have the power to detect and stop modern breaches with the telemetry events from the AI-powered CrowdStrike Falcon platform.
As today’s adversaries are fast and elusive, CrowdStrike Counter Adversary Operations represents a new model for the security industry hence teams can disrupt adversaries faster than ever before.
2023 Threat Intelligence Report
Crowdstrike threat hunters and intelligence analysts identified a huge hit in Identity focused intrusion focused on cloud exploitation.
They observed an increase in Kerberoasting attacks, which adversaries can use to obtain valid credentials for Active Directory service accounts.
Other notable findings are adversaries using remote monitoring and management (RMM) tools to evade detection.
The report shows an increase in interactive intrusions targeting the financial sector.
Counter Adversary Operations’ First New Offering
In response to the evolving tradecraft and identity-based attacks, CrowdStrike Counter Adversary Operations is introducing its first new offering: CrowdStrike® Falcon OverWatch Elite Identity Threat Hunting.
“CrowdStrike® Falcon OverWatch Elite brings the latest intelligence on adversary motives, tactics, techniques, and procedures and combines this data with CrowdStrike Falcon® Identity Threat Protection and the elite Falcon OverWatch threat hunters.
This combination makes it possible to quickly identify and remediate compromised credentials, track lateral movement and stay ahead of adversaries with 24/7 coverage”, Said the Crowdstrike team.
Keep informed about the latest Cyber Security News by following us on GoogleNews, Linkedin, Twitter, and Facebook.
The post CrowdStrike Debuts New Counter Adversary Operations Team to to Stop Modern Breaches appeared first on Cyber Security News.
Cyber Security News