Articles about cyberattack

Fintech firm Revolut has been hit by a cyberattack that resulted in personal data of tens of thousands of users being exposed.

Described as a "highly targeted" attack -- although it is not clear who was targeted or why -- the security incident took place on the night of September 11. The attack gave an unauthorized third-party access to a range of data including postal and email addresses, account information, and phone numbers.

Continue reading →

Last month, LastPass suffered a cyberattack and the company shared some details about what had happened shortly afterwards. Now, having conducted further investigations, more information has been revealed including the fact that the attacker had access to the LastPass development environment for four days.

The company concedes that it is not clear how the attacker was able to gain access but says: "the threat actor utilized their persistent access to impersonate the developer once the developer had successfully authenticated using multi-factor authentication". LastPass has also revealed the impact of the four-day security incident in the name of providing "transparency and peace-of-mind to [its] consumer and business communities".

Continue reading →

DDoS attacks made up 25 percent of the cyber incidents submitted to the UK's Financial Conduct Authority in the first half of 2022, compared to just four percent in 2021.

Analysis by attack simulation specialist Picus Security of information obtained from the FCA under a freedom of information request shows the rise also coincides with a reported increase in DDoS for hire websites and ransomware operators using DDoS as a tactic to pressure and extort money from targets.

Continue reading →

A new study reveals that 47 percent of educational institutions have suffered a cyberattack on their cloud infrastructure within the last 12 months.

The research from Netwrix shows that for 27 percent of these incidents in the cloud were associated with unplanned expenses being incurred to fix security gaps.

Continue reading →

New data unveiled by the Atlas VPN team shows that cloud servers are now the number one way in for cyberattacks on businesses, with 41 percent of companies reporting them as the first point of entry.

The data, based on the Cyber Readiness Report 2022 by insurer Hiscox, also shows a 10 percent increase in cloud server attacks over the year before.

Continue reading →

Over the past couple of years, there have been a growing number of cyber attacks on critical infrastructure around the world. Most recently, Estonia was subjected to its most extensive cyberattack since 2007, apparently in retaliation to the country removing Soviet-era monuments from public places. Earlier this year, Costa Rica had to declare a state of emergency after a Russian-speaking ransomware gang threatened to overthrow the government in the wake of two cyberattacks. In July last year, South Africa’s ports were almost totally shut down after a ransomware attack.

While these attacks are of varying severity -- Estonia experienced minimal disruptions to critical websites while Costa Rican health officials were unable to access critical healthcare records and tax systems were frozen for weeks -- they show that cybercrime is no longer just about obtaining data. Instead, cybercrime is being used against real-world infrastructure and with very real consequences.

Continue reading →

A new report from Barracuda finds the volume of ransomware threats detected spiked between January and June of this year to more than 1.2 million per month.

Researchers have also seen a spike in the number of service providers that have been hit with a ransomware attack. The main targets, however, are still five key industries: education, municipalities, healthcare, infrastructure, and financial.

Continue reading →

New research from Venafi into the rise of nation-state cyberattacks and their links to geopolitics has revealed that two-thirds (64 percent) of security decision-makers suspect that their organization has been directly targeted or impacted by a nation state attack.

In addition, 77 percent believe we're in a perpetual state of cyberwar, while 66 percent of companies say they have changed their security strategy as a direct response to the war in Ukraine.

Continue reading →

While large healthcare providers have lots of juicy data to tempt cybercriminals, they are also likely to have strong defenses.

It's not too surprising then that a new report from managed detection and response provider Critical Insight shows that in the first half of this year attackers have shifted their attentions to smaller hospital systems and specialty clinics that lack the same level of security preparedness, staff size, or budget.

Continue reading →

A successful cyberattack can have significant costs for a business, in terms of both reputation and finances. But what's the actual cost of an attack? And if you're looking at insurance how much should you be covered for?

To help answer those questions Safe Security is announcing two industry-first assessment tools to empower organizations to make financial decisions based on their actual cyber risk.

Continue reading →

On Monday, hacker group ClOp claimed to have gained access to 5TB of data from UK water supplier Thames Water and said it could change the chemical composition of the company's water supply.

Thames Water denied the reports and said it hadn't faced a cyber attack. Today it emerges that an attack has taken place but on a different company, South Staffordshire plc, the parent company of South Staffs Water and Cambridge Water.

Continue reading →

There has been a 90 percent increase in the number of healthcare organizations targeted by cyber-attacks, in comparison with the first quarter of 2022.

The latest cyber threat Landscape report from Kroll finds that while phishing continues to be the vector used for initial access, there has been a vast increase in external remote services (such as VPNs and RDP environments) being compromised, up 700 percent.

Continue reading →

New research from Accenture shows that data stolen in ransomware and other cyberattacks is being weaponized in order to carry out business email compromise (BEC) attacks.

Underground forums have sets of credentials for sale for as little as $10 that provide access to genuine corporate email accounts, making malicious emails seem genuine.

Continue reading →

Phishing is one of the most common forms of cyberattack, fooling people into thinking they're dealing with a trusted organization in order to get them to part with credentials.

But what are the hallmarks of a phishing attack? Atlas VPN has collected some phishy statistics to find out.

Continue reading →

Governments, utilities and other key industries are prime targets for attack including from nation state actors and cybercriminals seeking to extract a ransom.

But David Anteliz, technical director at Skybox, believes that given the increase in tensions across the world threat actors will evolve their tactics with the use of a 'three-headed dragon approach' that goes beyond the probing we have seen so far.

Continue reading →