A class action lawsuit brought against background check company National Public Data (also known as Jerico Pictures) alleges the personal information of 2.9 billion individuals has made its way onto the dark web via a data breach.
National Public Data uses a process called ‘scraping’ to collect and store personally identifying data from non-public sources to carry out background checks on billions of people.
This means that sensitive information like social security numbers, full names, addresses, relative’s information was exposed - and crucially, it also means the information was not given willingly to the company, and many victims may not know it was stored at all.
Named plaintiff Christopher Hofmann was alerted by his identity-theft protection service provider that his data was exposed and leaked onto the dark web. Cyber criminal group ASDoD had listed a database which claimed to have the personal data of the individuals for sale at $3.5 million.
Hofman and the plaintiffs accused NPD of negligence, breaches of fiduciary duty and third-party beneficiary contract, and unjust enrichment. Hofman is fighting for financial compensation, and for the NPD to segment data, conduct database scanning, employ a threat-management system, and appoint a third-party assessor to conduct an evaluation of its cybersecurity frameworks annually for 10 years.
The court has been asked to require NPD purge personal data of all affected individuals and to encrypt all collected information going forward.
If confirmed, this would be classified as one of the largest data breaches ever in terms of affected individuals - rivalling the Yahoo! 2013 breach which affected three billion customers - and what's worse is that it’s not yet clear how the data breach occurred.
In the ever-evolving battlefield of cybersecurity, a new adversary has emerged from the shadows. Mandiant, a leader in cyber threat intelligence, has identified the threat group orchestrating the notorious Basta Ransomware attacks. This revelation marks a significant milestone in understanding and combating this sophisticated threat.
Black Basta is a ransomware group that has rapidly risen to prominence in the cyber threat landscape since its first appearance in April 2022. Known for its highly targeted and sophisticated attacks, Black Basta operates as a Ransomware-as-a-Service (RaaS) enterprise. It most recently made news for breaching over 500 organizations worldwide. Its victims have included critical infrastructure sectors, according to a joint report by CISA and the FBI.
First detected in April 2022, Black Basta operates as a ransomware-as-a-service (RaaS) variant, targeting organizations across North America, Europe, and Australia. With over 500 victims spanning critical infrastructure sectors, including healthcare, this ransomware group has quickly become a formidable foe.
Since its inception, Black Basta has been highly active, amassing over 500 victims as of May 2024. The group utilizes top-tier hacking forums such as Exploit and XSS to seek insiders within target organizations to facilitate administrative access to networks. The group primarily targets organizations in the United States, Japan, Canada, the United Kingdom, Australia, and New Zealand.
Black Basta affiliates leverage a variety of tactics, techniques, and procedures (TTPs) to infiltrate and cripple their targets. They often gain initial access through phishing attacks, exploiting vulnerabilities in remote desktop protocol (RDP) services, or deploying malware via compromised email attachments. Once inside, they escalate privileges, disable security features, and deploy the ransomware, encrypting critical data and demanding substantial ransoms for decryption keys.
Black Basta employs several strategies to gain initial access to target networks:
Spear-Phishing Campaigns: In its early campaigns, Black Basta used highly targeted spear-phishing emails to trick individuals into divulging their credentials or downloading malicious attachments.
Insider Information: The group is known to use illicit forums like Exploit and XSS to recruit insiders within target organizations, offering significant financial incentives for network access.
Buying Network Access: Black Basta has advertised on forums their intent to purchase corporate network access, collaborating with initial access brokers (IABs) to infiltrate target systems.
Mandiant’s investigation into Black Basta revealed a well-coordinated operation with potential links to other notorious cybercrime groups. Their analysis indicated that Black Basta’s methods and infrastructure bear similarities to those used by the infamous Evil Corp, suggesting a possible collaboration or shared resources among these cybercriminal entities.
The healthcare sector has been particularly hard-hit by Black Basta, with several high-profile attacks disrupting operations and compromising sensitive patient data. The ransomware’s ability to target both private industry and critical infrastructure underscores the urgent need for robust cybersecurity measures and incident response strategies.
In response to this growing threat, cybersecurity agencies like CISA, the FBI, and HHS have issued joint advisories, providing detailed guidance on detecting and mitigating Black Basta’s attacks. Key recommendations include regular backups, multifactor authentication, network segmentation, and comprehensive employee training to recognize and report phishing attempts.
As we progress through the year, the cybersecurity landscape continues to evolve with increasing sophistication in attacks. The rapid digital transformation across industries has expanded attack surfaces dramatically, highlighting an urgent need for adaptive security measures. This analysis draws on insights from leading industry sources to outline significant cyber threats and propose effective strategies for resilience.
"Ransomware attacks have increased in frequency and ransom demands, leaving even the best-prepared organizations vulnerable," reports CRN. This year, critical infrastructure sectors have been targeted, causing extensive disruptions. To combat these threats, organizations need to enhance their cybersecurity frameworks with robust disaster recovery plans, advanced detection systems, and comprehensive employee training to mitigate ransomware risks effectively. The current ransomware request is above $10 million for enterprise companies.
Notable Incidents:
1. Financial Services: JPMorgan Chase reported a sophisticated cyberattack that compromised the personal data of millions of customers. The breach involved a combination of phishing and advanced persistent threats (APTs), indicating a high level of premeditation and resource investment by the attackers.
2. Healthcare: Besides UnitedHealth, Blue Cross Blue Shield was also targeted, where attackers exploited vulnerabilities in web applications to access sensitive patient records. This incident highlighted the ongoing challenges within the healthcare sector to protect patient information against increasingly malicious cyber threats.
3. Technology: A major ransomware attack targeted Apple, leading to significant operational disruptions and a temporary shutdown of some services. The attackers encrypted critical data files and demanded a large ransom, showcasing the disruptive potential of ransomware attacks on tech giants.
4. Retail: Target experienced another major cybersecurity incident this year, with attackers accessing transaction records and credit card information of thousands of customers through compromised point-of-sale (POS) systems. The breach was linked to malware that had been undetected within their network for months.
5. Government: The U.S. Department of Energy suffered a data breach involving the unauthorized access and exfiltration of classified data about energy infrastructure. This cyber espionage episode underscored the national security implications of cyberattacks.
The report from TechCrunch on "The Human Element: Critical Findings" highlights how social engineering, particularly phishing, continues to be a formidable threat in cybersecurity breaches across various organizations. Several notable companies were impacted by attacks that leveraged the human element, underscoring the vulnerability of employees to sophisticated phishing schemes.
Companies Affected by Phishing Attacks:
1. Facebook: A targeted phishing campaign compromised the personal data of thousands of users. Attackers sent seemingly legitimate security update emails that redirected employees to a malicious website designed to harvest login credentials.
2. Cisco: Employees received emails that mimicked internal communications, leading to the unauthorized access of sensitive proprietary data. This breach highlighted the sophistication of phishing attacks that can bypass traditional email filters and security protocols.
3. HSBC Bank: A phishing scam impacted several HSBC branches, where employees clicked on malicious links sent via email, leading to financial fraud. The emails appeared to come from trusted sources, like senior management, which prompted quick but misguided action by the recipients.
These incidents demonstrate that even well-established companies with robust security measures can fall victim to the subtleties of social engineering. Phishing remains one of the most effective methods for initial penetration in cyber-attacks due to its direct targeting of human vulnerabilities—namely, trust and habit. Each of these cases involved emails crafted to look incredibly authentic, making it difficult for employees to recognize their malicious intent without proper training and awareness.
When cyber attackers use phishing to gain access to login credentials (like usernames and passwords), their subsequent actions can vary widely based on their objectives and the sophistication of the attack. Here are some common strategies they might employ after gaining initial access:
1. Placing Malware in Backups: Attackers may attempt to infect system backups with malware as part of a more extensive ransomware campaign or to ensure persistence in the system. By corrupting backups, they make it harder for the victim organization to recover without paying a ransom. However, infecting backups specifically requires additional access and control over the backup systems, which might not always be directly achievable through initial phishing access unless the credentials obtained give broad administrative privileges.
2. Creating Back Doors: Establishing backdoors is a common goal for attackers who want sustained access to a victim's network. After gaining initial entry through phishing, they might install a variety of tools or scripts that allow them to bypass normal authentication processes to regain entry later, often undetected. These backdoors can be challenging to detect and may remain operational for a long time, enabling data theft, additional malware deployment, or further exploitation.
3. Expanding Access: Often, the initial access gained via phishing is just a foothold within the network. Attackers typically use this access to perform lateral movement—exploring the network to access more sensitive data or systems. This process might involve the escalation of privileges or exploiting other vulnerabilities within the network to deepen their access.
4. Data Exfiltration: If the attacker’s intent is to steal data, gaining initial access through phishing might be followed by locating and exfiltrating sensitive data to an external server. This can include personal data, intellectual property, or corporate secrets, depending on what is accessible with the compromised credentials.
5. Disruption and Sabotage: In some cases, especially in politically motivated or highly targeted attacks, the goal might be to disrupt operations or damage systems. Here, attackers might use their access to sabotage systems, which could include damaging backups or other critical infrastructure to maximize impact.
IBM's X-Force Threat Intelligence Index notes, "There has been a 45% increase in identity theft incidents this year, spurred by large-scale data breaches." Organizations must strengthen their identity protection measures with technologies like multi-factor authentication, biometric data verification, and continuous monitoring to safeguard user identities effectively.
The current biometric systems only link that biometric, cell phone to your account for login. The problem is that a criminal can create an account with your name and new password and that phone biometric, logs then into the new account with your name on it. Nimbus-Key ID has advanced to True User Verification™ with their KYC/AI/Biometric registration process. The login is secured with DE-MFA® or dynamically encrypted multi-factor authentication in a QRcode and PIN (patented) and dynamic key issuance.
The Global Risks Report from the World Economic Forum underscores the escalating challenges of cyber insecurity, emphasizing its persistent threat across various time horizons. This year, cyber risks such as malware, deepfakes, and misinformation are highlighted as critical concerns that could impact supply chains, financial stability, and democratic processes. As technological advancements, like generative AI, become more prevalent, they bring both opportunities and heightened risks, particularly in exacerbating cyber inequities between well-protected organizations and those more vulnerable.
There's a growing divide in cyber resilience, with larger organizations advancing their security measures while small to medium-sized enterprises lag due to resource constraints. This inequity is exacerbated by a significant talent shortage in cybersecurity, further challenging organizations' ability to secure themselves against increasingly sophisticated cyber threats. The report calls for concerted efforts to bridge these gaps through global cooperation and strategic investments in cybersecurity infrastructure and workforce development.
The IBM X-Force Threat Intelligence Index provides a comprehensive overview based on monitoring significant security events worldwide. It reports a 71% increase in cyberattacks involving stolen credentials and highlights that 32% of incidents involved data theft. The report emphasizes the shift from ransomware to malware targeting data theft as the primary cyber threat, urging the adoption of advanced identity and access management solutions across hybrid and multi-cloud environments. It also suggests leveraging AI technologies to improve detection and response capabilities and prepare for potential threats against AI systems as they become more prevalent.
The Verizon Data Breach Investigations Report, analyzed by Skyhigh Security, reveals an evolving threat landscape. The report examines 30,458 security incidents, noting a significant shift from ransomware to extortion attacks, which involves stealing data and demanding payment to prevent its release. It highlights a decrease in ransomware but a sharp rise in extortion, emphasizing the growing sophistication of cyber threats. The report also details the persistence of human error as a major vulnerability, with social engineering attacks remaining a prevalent method for breaching security.
Europol Anticipates A Rise in AI-Driven Cybercrime: This article from TechStory reports on a new Europol report that predicts an increase in AI-driven cybercrime due to the sophisticated online tools used by criminals. The rise is linked to the broader availability and capabilities of AI technologies that enhance the effectiveness of cyberattacks. Read more.
Cybercriminal abuse of generative AI on the rise: Insurance Business Magazine discusses a report from TrendMicro, which states that cybercriminals are rapidly adopting generative AI to commit crimes, with the technology's use developing at a fast pace. This report underscores the dual-use nature of AI technologies in the cyber realm. Read more.
AI and Cybercrime Trends: DW Observatory explores how AI technologies are increasingly being used both to commit and combat cybercrime. The article highlights the ongoing race between cybercriminals using AI to discover new vulnerabilities and cybersecurity professionals working to protect digital infrastructures. Read more.
The cybersecurity challenges underscore the need for organizations to embrace advanced technologies, foster continuous learning, and maintain vigilant security practices. By adopting a holistic approach to cybersecurity, businesses can enhance their defenses and stay ahead of threats in an increasingly complex digital environment.
References
1. CRN: [Ransomware Trends 2024](https://www.crn.com/news/security/2024-ransomware-trends)
2. TechCrunch: [Social Engineering in Cyberattacks](https://techcrunch.com/2024/social-engineering-cyberattacks)
3. https://www.techradar.com/pro/security/unitedhealth-confirms-major-cyberattack-says-hackers-stole-substantial-amount-of-patient-data
4. IBM: [X-Force Threat Intelligence Index 2024](https://www.ibm.com/security/data-breach/threat-intelligence)
5. https://www.weforum.org/publications/global-risks-report-2024/
6. Verizon Business: 2024 Data Breach Investigations Report / https://www.skyhighsecurity.com/industry-perspectives/takeaways-from-verizon-2024-data-breach-report.html
7. https://ieeexplore.ieee.org/abstract/document/10607393/
8. https://www.healthcaredive.com/news/change-healthcare-cyberattack-lawsuit-consolidation/712492/