Ghost Ransomware targeting Obsolete IT Systems

A joint report from the FBI and CISA has revealed that the Ghost Ransomware group has been targeting businesses running outdated hardware and software. Since 2021, the gang has victimized multiple organizations in over 70 countries, including China.

According to the report from the Multi-State Information Sharing and Analysis Center (MS-ISAC), the ransomware group frequently alters the file extensions of encrypted files and modifies the content of ransom notes. They also change the email addresses used for ransom communication, making it harder to trace their activities and link them to a particular group.

The group’s tactics evolve constantly. For instance, they may focus on attacking healthcare organizations one month, while targeting businesses in tech, education, and manufacturing sectors the next. Additionally, the Ghost Ransomware continuously rebrands itself, complicating efforts to attribute attacks to a specific malware variant. This shifting strategy also makes it challenging to access free decryption keys available online.

Over a four-year period, Ghost Ransomware has been associated with various other malware names, including Cring, Crypt3r, Phantom, Strike, Hello, Wickrme, HsHarada, and Rapture.

Businesses are urged to adopt a proactive approach to cybersecurity to defend against such threats, regardless of the malware or group responsible. Key recommendations include regular backups, timely patching of operating systems, upgrading firmware and software, implementing network segmentation, and enforcing multi-factor authentication (MFA) to protect against phishing attacks.

IT leaders such as CISOs, CTOs, and CFOs are encouraged to advocate for sufficient IT budgets to ensure their organizations can defend against emerging threats and vulnerabilities effectively.

The post Ghost Ransomware targeting Obsolete IT Systems appeared first on Cybersecurity Insiders.

February 20, 2025 at 10:24AM

Read More

INE Security’s Cybersecurity and IT Training Enhances Career Stability in Tech

Cary, North Carolina, February 19th, 2025, CyberNewsWire

2025 marks a time of unprecedented volatility in the technology job market. On one hand, dependence on technology is soaring. The growth of AI and machine learning is propelling a surge in new technologies, tactics, and ideas.

At the same time, organizations are trying to adapt to the changing dynamic. This has led to more job uncertainty, which the technology sector usually avoids. This year alone, roughly 7,000 jobs have been cut across dozens of tech giants, fueling growing concerns among industry professionals. 

As the technology job market weathers this volatility, INE Security, a global leader in networking and cybersecurity training, is highlighting its commitment to equipping IT professionals with the skills they need to thrive. INE focuses on practical training, certifications, and preparation. This helps networking and cybersecurity professionals succeed in a changing job market.

“Continuous learning and adaptation are more important than ever for individuals hoping to succeed in their networking and cybersecurity career,” said Dara Warn, CEO of INE Security. “It is vital that professionals maintain a continuous cycle of learning. Training gives learners the knowledge and skills they need to succeed. Hands-on practice helps them understand tasks better. Certifications show that they have learned well and prove their skill mastery.”

Key Benefits of INE’s Training and Certification Programs:

• Enhanced Employability: Executives, supervisors, and HR professionals are completely aligned in considering industry or professional certifications the most compelling during the hiring process, according to the Society for Human Resource Management (SHRM). 
• Practical Experience: The human element was involved in 68% of cybersecurity breaches in 2023 (Verizon’s 2024 Data Breach Investigations Report). Practical, hands-on experience and industry-recognized certifications validate the skills needed to minimize this risk. 
• Flexible Learning Paths: From foundational courses to advanced certifications, learners can tailor their education to career goals and market needs.

“With every technological advancement, the skill sets required to manage, secure, and innovate within these systems evolve,” added Warn. “INE Security’s commitment to updating our course materials and labs ensures that our students are always at the forefront of the industry. Our focus is on making them indispensable in their current roles and highly attractive to prospective employers. INE’s training programs are more than just skill-building—they are career lifelines for professionals affected by market disruptions. ”

For more information about how INE can help you stabilize your cybersecurity and networking career goals, users can visit www.ine.com.

For a limited time, access INE Security training and certifications for up to 50% off, including eJPT, eMAPT, eCTHP, eCIR, eCDFP, and ICCA. Bundle certifications with Premium training and save even more. 

About INE Security

INE Security is the premier provider of online networking and cybersecurity training and certification.

Harnessing a powerful hands-on lab platform, cutting-edge technology, a global video distribution network, and world-class instructors, INE Security is the top training choice for Fortune 500 companies worldwide for red-team and blue-team security training in business and for IT professionals looking to advance their careers. INE Security’s suite of learning paths offers an incomparable depth of expertise across cybersecurity and is committed to delivering advanced technical training while also lowering the barriers worldwide for those looking to enter and excel in an IT career.

Contact

Kathryn Brown
INE Security
kbrown@ine.com

The post INE Security’s Cybersecurity and IT Training Enhances Career Stability in Tech appeared first on Cybersecurity Insiders.

February 19, 2025 at 08:02PM

Read More

Ransomware attacks on Food and Agriculture sector could intensify

In the coming weeks, criminals using ransomware may target businesses within the Food & Agriculture sectors, with the severity of these cyberattacks likely to escalate, according to a report from the Food and Agriculture Information Sharing and Analysis Center (ISAC).

The report, titled “Farm to Table Ransomware Realities,” highlights that ransomware attacks surged by 27% in 2024, with 212 incidents reported, compared to 164 in 2023.

These malware attacks have put both customers and partners of affected companies at significant risk, severely impacting the agriculture industry. If the gap between supply and demand continues to widen, the United States could face shortages of consumables, potentially leading to an artificial famine due to the slowdown in supply chains caused by attack-related downtime.

Unpredictable weather patterns across the country are already disrupting the food supply chain, and digital attacks could exacerbate these issues.

Security experts note that a new ransomware group, RansomHub, emerged in 2024 and is targeting the food sector most aggressively. Linked to the notorious LockBit gang, RansomHub could cause serious damage if the IT infrastructure within the Food and Agriculture sectors isn’t properly upgraded.

ISAC also reported that the Akira ransomware group is targeting the nation’s consumable IT assets, exploiting vulnerabilities or flaws in software-based management systems.

Additionally, research from cybersecurity firm Huntress found that ransomware attackers typically take an average of 17 hours to encrypt systems after infiltrating IT networks. Some groups, however, can encrypt databases in just 4-6 hours. The timing of these attacks often depends on the criminals’ primary goal of making money with minimal effort.

With the aid of advanced AI tools, criminals are becoming more sophisticated. Huntress researchers warn that these technologies could reduce the detection and response times of security teams, making it even more challenging to combat ransomware threats effectively.

The post Ransomware attacks on Food and Agriculture sector could intensify appeared first on Cybersecurity Insiders.

February 19, 2025 at 11:11AM

Read More

Is quishing the new phishing? Protecting your business against the next threat vector

Since they first appeared in the 1990s, quick response (QR) codes have rapidly become intertwined in our daily lives. Used today for everything from ordering food to paying for parking or undertaking virtual tours at a museum exhibition, QR codes make it convenient and easy to access digital information using a smartphone camera. However, just as with any other widespread technology, it’s no surprise that cybercriminals have now begun to exploit them.

News stories about members of the public who have been scammed when they scanned a malicious QR code in public spaces are becoming commonplace. However, this type of fraud is relatively small compared to the more targeted types of cyber fraud now being directed at UK businesses.

As cybercriminals hone and evolve their phishing tactics, they have begun sending out emails with phony QR codes designed to trick people into providing sensitive information or downloading malware. With these so-called quishing attacks on the rise, organisations will need to take steps to counter this sophisticated new attack trend.

What is ‘quishing’ and what is it being used for?

QR phishing, or quishing, works like a standard phishing attack except that the malicious link is hidden in a QR code rather than a ‘click through’ email link. When the recipient scans the QR code with their phone or a QR code reader, they are re-directed to a malicious website that may request sensitive information or download malware. The QR code links used in quishing attacks can also initiate actions on a smartphone, including the composition and distribution of phishing emails to the user’s contacts. All of this further compromises the victim and the organisation they work with.

As with phishing attacks, quishing attacks use social engineering tactics to establish a degree of trust while impressing the need for urgent action. An email could feature an urgent message stating that an employee will be unable to access their data or applications unless they scan and confirm their identity. Alternatively, printed leaflets and brochures featuring offers that can be accessed with a quick scan of a QR code can be sent through to an organisation for distribution or collection from the front desk.

What’s prompting scammers and hackers to use quishing?

Cybercriminals have become adept at exploiting everyday tools to convince employees to reveal confidential information or execute fraudulent transactions and this new attack strategy is fast gaining in popularity for a number of reasons.

Interpreted as harmless images, digital QR codes are sometimes capable of bypassing a number of basic email scanners and firewalls. Added to this, users will typically scan QR codes using their own personal devices which will lack the enterprise cyber security tools that can detect potential compromises.

Cybercriminals also don’t really need to write complex code to deliver a QR code link. In some instances, they can simply stick a fake QR code over an existing piece of physical content.

Finally, the general public is so used to using phones on a day to day basis, most will think nothing of using a phone to scan a QR code and then log into services without feeling the need to exercise caution; people seem to see a phone as a safety blanket when it comes to security, one which is somehow immune to traditional attack vectors. 

A versatile attack method

Capable of being delivered via email, texts, WhatsApp messages, social media posts, and websites, as well as printed copy, the sheer versatility of QR codes is making them the attack vector of choice for a growing number of cybercriminals. 

In recent months, attackers have become increasingly inventive and are now perpetrating quishing attacks via video conferencing apps. They are also using attacker-in-the-middle/impersonation token attacks in a bid to outmanoeuvre multi-factor authentication techniques.

Aware that general knowledge or awareness around quishing attacks means that few employees will be on their guard, attackers are keen to leverage people’s inherent trust in QR codes to swerve cyber security defences and perpetrate their malevolent activities.

Key mitigation steps

Personnel across the enterprise need to be alerted to this new threat, and organisations need to deliver education and training on what quishing is and the importance of treating QR codes with the same degree of suspicion and caution as dubious looking email links. They should also be informed of the risks they face outside work, whenever they scan a QR code in a public place. Using a scanning app to preview a QR code link before accessing it is an essential precautionary step that will help prevent malicious QR codes from automatically downloading malware when scanned.

Organisations should also review their email filtering, URL filtering, and endpoint protection to ensure it is up to date and is capable of blocking phishing emails with suspect QR codes before they reach a recipient. Should a user open a malicious link, endpoint protection should ensure that QR codes are prevented from launching a malware attack and virus scanners and checkers can be used to identify and remove active or dormant malware.

To mitigate the risk of physical codes sent in the post, ensure that processes are in place to support anyone responsible for opening mail to report and check any mail received containing QR codes. Digital mailrooms should also have systems in place to spot potentially malicious QR codes.

As cybercriminals adapt their methods, organisations should review and adjust their defence strategies and make sure they deliver security training that ensures everyone stays vigilant. Doing so will enhance the ability of the organisation to withstand quishing attacks and prevent cybercriminals gaining direct access into the company’s systems.

The post Is quishing the new phishing? Protecting your business against the next threat vector appeared first on Cybersecurity Insiders.

February 19, 2025 at 10:53AM

Read More

The Rising Threat of Cybercrime: The Emergence of “Fraud-As-A-Service” (FaaS)

In recent years, cyber crime has evolved into a highly sophisticated and organized business model. One of the most alarming developments in this realm is the commercialization of cyber crime by criminal syndicates, who have coined the term “Fraud-As-A-Service” (FaaS) to describe their operations. This model offers a service-based approach, where cybercriminals provide fraudulent tools and resources to others, allowing a larger group of perpetrators to conduct widespread cyberattacks with relative ease. What makes this new phase of cybercrime even more concerning is the integration of cutting-edge technologies, including artificial intelligence (AI), to maximize the impact of these attacks.

A Growing Business: Cybercrime on a Global Scale

According to AU10TIX, an identity verification and risk management firm, the emergence of FaaS has led to an alarming rise in cybercrime activities. Many of these criminal enterprises are now backed by state-sponsored actors who provide financial support to perpetuate these fraudulent operations at a commercial level. The goal is to carry out cyberattacks on a large scale, with speed and precision. By leveraging commercial strategies and advanced technologies, these criminal gangs aim to disrupt economies, steal sensitive data, and cause widespread damage with unprecedented efficiency.

South East Asia: The Epicenter of Cybercrime Operations

Geographically, South East Asia has become a central hub for these cybercriminal activities. Among the countries in this region, Vietnam stands out as a leader in hosting and exporting cybercriminal operations. Following closely behind are Malaysia, the Philippines, and Indonesia, all of which have become key players in the world of cybercrime. This concentration of criminal gangs in South East Asia is largely attributed to the region’s thriving digital infrastructure and relatively low law enforcement resources when compared to more developed countries.

The Impact on Western Economies: The United States and the United Kingdom

While South East Asia serves as the operational epicenter, the countries most heavily impacted by these fraud syndicates are the United States and the United Kingdom. The primary reason for this is financial: cybercriminal gangs target these nations because of the lucrative international currencies they use. These currencies—such as the US dollar and the British pound—allow criminals to convert their ill-gotten gains into resources that further fuel their illegal operations. The sophistication of these attacks often involves stealing sensitive personal and financial information, making it a high-reward venture for the criminals involved.

The Role of Advanced Technology: AI, Bots, and Deepfakes

What sets modern cybercrime apart from previous forms of fraud is the use of advanced technology to enhance the effectiveness of these attacks. In recent months, AU10TIX has reported that cybercriminal groups have started employing AI-driven tools, including bots and deepfake technology, to increase the success rate of their fraudulent campaigns. Bots enable the automation of malicious tasks, such as phishing, data harvesting, and account takeovers, while deepfakes are being used to create highly realistic, fabricated content that deceives victims into believing they are interacting with legitimate sources. This technological advancement makes cybercrime operations more efficient and harder to detect, raising significant concerns for individuals and organizations alike.

The Dangers of Social Media: A Platform for Cybercrime Promotion

One of the most disturbing aspects of this new wave of cybercrime is how criminals are using social media platforms to advertise their fraudulent services and recruit new members. Platforms like Facebook, Twitter, and LinkedIn are increasingly being exploited by cybercriminals, who use these channels to reach large audiences and promote their scams. In some cases, they hack into the accounts of celebrities or high-profile individuals, using their names and faces to promote fraudulent schemes such as cryptocurrency scams. These scams often lure victims with promises of high returns, only to leave them with significant financial losses.

Additionally, cybercriminals are creating fake profiles and fabricated job offers to deceive innocent individuals. These job scams typically promise lucrative career opportunities, only to later involve the victim in illegal activities or coercing them into assisting with cybercrimes, all while keeping them unaware of the true nature of the operation. This tactic is particularly dangerous as it preys on vulnerable job seekers, leading them into the world of cybercrime without their knowledge.

Staying Vigilant: The Importance of Cybersecurity Awareness

Given the rapidly evolving landscape of cybercrime, it is more important than ever for individuals and organizations to stay vigilant and proactive in safeguarding their personal and professional information. Cybercrime syndicates are growing more sophisticated, and their ability to use AI, bots, and deepfake technology is making it increasingly difficult to detect fraud. The integration of these advanced technologies allows cybercriminals to carry out attacks on a mass scale with unprecedented accuracy, which means that everyone—from individuals to multinational corporations—must remain aware of the threat and take appropriate measures to protect themselves.

In light of these developments, it is crucial to adopt robust cybersecurity practices. This includes using strong, unique passwords, enabling two-factor authentication, and being cautious about the personal information shared on social media platforms. Regularly updating security software and being aware of common phishing tactics are also vital steps in preventing falling victim to these increasingly sophisticated scams.

As the threat of cybercrime continues to grow, the best defense is an informed and proactive approach. By understanding the methods and motivations behind these criminal activities, individuals and businesses can better prepare themselves to detect and prevent fraud before it occurs.

The post The Rising Threat of Cybercrime: The Emergence of “Fraud-As-A-Service” (FaaS) appeared first on Cybersecurity Insiders.

February 18, 2025 at 08:43PM

Read More

Intruder Enhances Free Vulnerability Intelligence Platform ‘Intel’ with AI-Generated CVE Descriptions

Intel by Intruder now uses AI to contextualize NVD descriptions, helping security teams assess risk faster.

Intruder, a leader in attack surface management, has launched AI-generated descriptions for Common Vulnerabilities and Exposures (CVEs) within its free vulnerability intelligence platform, Intel. This new feature enhances cybersecurity professionals’ ability to quickly understand and assess vulnerabilities, addressing a common pain point: the often vague and technical descriptions provided by the National Vulnerability Database (NVD).

With thousands of vulnerabilities published every year, security teams rely on NVD as a key resource for researching CVEs. However, NVD descriptions frequently lack clarity or context, making it difficult to determine potential impact at a glance. Intel’s AI summaries transform NVD descriptions into clear, concise, and actionable insights, helping teams assess and respond to risks faster.

“Vulnerability management is challenging enough without the added complexity of deciphering cryptic CVE descriptions,” said Chris Wallis, CEO & Founder of Intruder. “With Intel’s AI Overviews, we’re making it easier for security professionals to quickly gauge what a vulnerability is and decide what action to take.”

Additionally, Intruder’s in-house security experts manually review the AI descriptions of the most critical vulnerabilities. These expert-reviewed CVEs are clearly marked in Intel with a “Verified by Intruder” label.

Intel, which is completely free to use, already provides powerful features such as a real-time feed of trending CVEs, a unique hype score rated out of 100, and in-depth analysis from Intruder’s security team. The addition of AI-generated CVE descriptions further strengthens Intel’s value as a go-to resource for cybersecurity professionals.

Availability

The AI-generated CVE descriptions are available now within Intel at intel.intruder.io. Cybersecurity professionals can access Intel for free today.

For more information, users visit www.intruder.io or follow Intruder on LinkedIn and Twitter.

About Intruder

Intruder was founded in 2015 to solve the information overload crisis in vulnerability management. Its mission from day one has been to help divide the needles from the haystack, focusing on what matters, while ignoring the rest. Effective cyber security is about getting the basics right. Intruder helps do that, saving time on the easy stuff, so users can focus on the rest. It has been awarded multiple accolades, was selected for GCHQ’s Cyber Accelerator, and is now proud to have over 3,000 happy customers all over the world.

The post Intruder Enhances Free Vulnerability Intelligence Platform ‘Intel’ with AI-Generated CVE Descriptions appeared first on Cybersecurity Insiders.

February 18, 2025 at 07:00PM

Read More

AI Data Breach will surge by 2027 because of misuse of GenAI

Elon Musk, the CEO of Tesla and owner of Twitter (now X), has long expressed concerns about the potential dangers of Generative AI, even suggesting it could lead to a global “doomsday” scenario. His warnings are now gaining attention, as a recent report from Gartner highlights the growing risks associated with the rise of this technology.

The Gartner study predicts that by 2027, data breaches linked to AI usage will significantly increase. In fact, it anticipates that nearly 40% of all data breaches will be directly influenced by the rise of Generative AI. This alarming statistic signals a serious concern for both businesses and consumers, as data is an invaluable asset for nearly every organization today. All thanks to the advent of digitization and the idea that safeguarding this information will become exponentially harder due to AI-driven threats is troubling.

One of the key issues stems from the lack of regulation surrounding Generative AI technologies. Without proper oversight, AI applications will continue to operate in ways that are difficult to monitor and control, especially when it comes to data transfers. And countries like China, North Korea, Iran and Russia not only are a step ahead in using AI for cyber crime, but do not follow any norms when launching campaigns against adversaries.

In an effort to make business operations more transparent and efficient, companies may inadvertently leave their systems vulnerable to cyberattacks. Hackers could exploit these gaps, infiltrating AI tools and APIs that are often hosted in remote or unsecured locations. This could expose sensitive data and make it challenging for cybersecurity experts to protect valuable assets.

To combat these risks, experts are calling for the establishment of a universal set of standards to regulate the use of AI and data. Governments must act swiftly to introduce comprehensive laws that set clear guidelines for how AI technologies should be used, ensuring that they are deployed safely and responsibly.

Without such regulations, the potential for widespread data breaches resulting from AI will only continue to grow, with devastating consequences for businesses and individuals alike.

The post AI Data Breach will surge by 2027 because of misuse of GenAI appeared first on Cybersecurity Insiders.

February 18, 2025 at 11:00AM

Read More