Ransomware attacks up 153% on last year and 16% on last month πŸ“ˆ

Aug 24 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that shows cybercriminals about the same amount of respect that Tucker and Trump showed the other Republican candidates last night πŸ˜³πŸ˜¬πŸ˜‚

Today’s hottest cybersecurity news stories:

  • πŸ’° Ransomware attacks up 153% on last year and 16% on last month πŸ“ˆ

  • 🎯 It’s open season on 1000s of STILL unpatched Open(dumpster)fire XMPP servers πŸ”₯

  • πŸ’― NoFilter attack: Bypass Windows security with new stealth privilege escalation tactic πŸ’€

You win some, you ransom πŸ™ƒ

πŸ” Cybersecurity Alert: Ransomware on the Rise! 🚨

Recent reports from top cybersecurity firms reveal alarming trends in ransomware attacks πŸ“ˆ. These attacks are not only increasing in number but also becoming more sophisticated. πŸ’»πŸ’°

FYI: Ransomware attacks are a type of malware designed to deny a user or organisation access to files on their computer and demanding a ransom payment for the decryption key.

According to NCC Group's July 2023 report, attacks surged by 153% compared to last year, with industrials as the prime target 🏭. Europe witnessed a 59% jump in attacks! 🌍

The notorious Cl0p group is a major player, impacting 730 orgs and 47M people via the MOVEit hack πŸ•΅οΈβ€β™€οΈ. But excluding them, the victim count dropped πŸ“‰. New players like 8Base are emerging.

BlackFog's data highlights a shocking 4-year high in July 2023 attacksΒ πŸ“Š. Surprisingly, only 38 out of 428 attacks were disclosed publicly 😱.

Education took a hit too! Sophos reveals rising attacks, with many paying ransoms for data recovery πŸŽ“πŸ’΅. Barracuda warns of doubled attacks in sectors like healthcare πŸ₯.

The level of sophistication is soaring too! Ransomware gangs focus on data theft and exploiting vulnerabilities πŸ”“. Lumu's report lists top precursors like Qbot and Dridex.

Hold onto your hats for the costs πŸ’Έ! Manufacturing firms lost $46.2B due to ransomware between 2018-2023 😡.

Stay vigilant and protect your systems. Backup your data, update software, and educate your teams about phishing threats. Together, we can beat the cyber crooks! πŸ’ͺπŸ›‘οΈ

I came across ZZZ money club during the crypto market bull run when everyone’s a winner, even during the bear market this discord group has been amazing at giving information on projects and ways to make passive income in various ways.

The group is very active and everyone in this private discord group is very chatty and helpful.

Its run by Yourfriendandy and Decadeinvestor, you can find them here on YouTube, both top guys with great content.

If you are interested in joining the group you can through the link below.

Openfire: open fire

Hackers: ok, whatever you say 🀷

πŸ”’ Urgent Security Alert: Openfire XMPP Servers at Risk! 🚨

A concerning report from VulnCheck has revealed that thousands of Openfire XMPP servers are vulnerable to a high-severity flaw πŸ›‘. Tracked as CVE-2023-32315 (CVSS score: 7.5), this flaw could allow unauthorised access to restricted admin console pages πŸ•΅οΈβ€β™‚οΈ.

This vulnerability affects all Openfire versions since April 2015. While protections were in place, they didn't cover a certain type of URL encoding.

Threat actors are actively exploiting this, with links to the Kinsing crypto botnet malware 🦠.

Cybersecurity scans found that around 50% of 6,300 accessible Openfire servers are running affected versions 😱.

Attackers can bypass authentication by creating an admin account and uploading a plugin for code execution. However, VulnCheck discovered a stealthier approachβ€”extracting credentials and uploading a plugin without creating an admin account πŸ‘Ύ.

This method cleverly avoids detection in security logs πŸ•΅οΈ.

Top Tip:

The best defence is to update to the latest Openfire versions immediately to prevent potential threats.

Stay secure and spread the word to protect your systems and data! πŸ›‘οΈπŸ”

#NoFilter πŸ˜‚

πŸ›‘οΈ New Attack Alert: NoFilter Exploits Windows Flaw! πŸ•΅οΈβ€β™‚οΈ

Hold tight, folks! A sneaky attack method named NoFilter πŸ•ΆοΈ has been uncovered, exploiting the Windows Filtering Platform (WFP) for privilege escalation in Windows OS 😱.

This method, discovered by Deep Instinct, helps attackers go from admin to "NT AUTHORITYSYSTEM," a major escalation πŸ‘Ύ. It was revealed at the DEF CON security conference.

Here's the scoop: NoFilter takes advantage of WFP, which manages network traffic. By digging into an RPC method called "BfeRpcOpenToken," attackers can manipulate access tokens. These tokens are like keys to unlock privileged tasks.

The hacky part? Malware can use tokens from other processes to gain SYSTEM privileges, even in the kernel, staying stealthy πŸ‘€.

In a nutshell, NoFilter can launch as "NT AUTHORITYSYSTEM" or another logged-on user. It shows that built-in components like WFP can harbour new attack routes, avoiding monitored WinAPI and security products.

Remember, hackers are getting craftier, so keep your systems updated and stay vigilant! πŸ›‘οΈπŸš«

So long and thanks for reading all the phish!

Recent articles