Global Cyber Pulse: 5th September 2024

September 5, 2024 | Cybersecurity
By Ashwani Mishra, Editor-Technology, 63SATS

The ransomware crisis has surged in Q2 2024 with new threats from groups like PLAY and Medusa, Planned Parenthood targeted by RansomHub, rising sextortion scams with personal threats, and a phishing alert from Swan Bitcoin CEO Cory Klippsten.

Keep up with the latest developments and emerging trends from around the world to stay ahead in today’s rapidly evolving landscape.

Ransomware

Ransomware Surge: New Groups Drive Record High Demands and Payouts

The ransomware crisis has intensified in the second quarter of 2024, with new groups like PLAY, Medusa, and RansomHub pushing attack numbers up by 16% from Q1 and 8% from the previous year.

Ransomware demands and payments have surged, with average demands hitting $1,571,667—an increase of 102%—and average payments reaching a record $626,415. Corvus Insurance reports that companies lacking strong backup strategies face higher ransom payouts, with those having effective backups seeing costs 72% lower than their less-prepared counterparts.

Email Scam

Sextortion Scams Escalate with Personal Threats and Home Photos

A new wave of sextortion scams is now including personal information and photos of victims’ homes to pressure them into paying ransom. Scammers send emails featuring the recipient’s name, address, and a threatening message, often with a PDF attachment that personalizes the threat.  

As per reports, these emails demand Bitcoin payments, ranging between $2,000-$2,200, and threaten to release compromising video footage if the ransom is not paid. Experts advise against responding and recommend reporting such emails as spam or phishing.

Data Breach

Planned Parenthood Hit by Cyberattack as RansomHub Claims Responsibility

Synopsis: Planned Parenthood has confirmed a cyberattack impacting its IT infrastructure, forcing it to take parts of its systems offline. The organization is investigating the extent of the breach that occurred in late August. RansomHub, a known ransomware group, has claimed responsibility and threatened to leak 93GB of stolen data if their demands are not met within six days.

Crypto

Swan Bitcoin Alerts Users to Phishing Scam Amid Klaviyo and HubSpot Data Breaches

Swan Bitcoin CEO Cory Klippsten has warned users about a new phishing scam targeting the platform. The scam involves fraudulent “Data Breach Notice” emails, exploiting past breaches from Klaviyo and HubSpot. Klippsten emphasized that Swan Bitcoin has not experienced a data breach and cautioned users against transferring Bitcoin based on these fake communications.

Cyberattack

Targeted Cyberattack in Malaysia: Babylon RAT Deployed Against Officials

A targeted cyberattack campaign in Malaysia is using malicious ISO files to deploy the Babylon RAT, a sophisticated remote access Trojan. The attack, active since July, targets political figures and government officials, with ISO files designed to appear legitimate but containing hidden scripts and malicious executables. This campaign is part of a broader trend of advanced cyberattacks on high-profile targets.

Malware Threat

MacroPack Tool Misused for Malware Deployment, Cisco Talos Reports

Cisco Talos has uncovered that MacroPack, a tool designed for red team exercises, is being misused to deploy malware. Research indicates that various Microsoft documents created with MacroPack were uploaded to VirusTotal from different countries, including China, Pakistan, Russia, and the US. This misuse of a legitimate tool highlights the evolving tactics of cybercriminals.