The report shares statistics and observations from incident response practice in 2023, analyzes trends and gives cybersecurity recommendations. #Cybersecurity #Incident #Internal #LockBit #Ransomware #Security #Statistics #Threats #response #services
From OneNote to RansomNote: An Ice Cold Intrusion - The DFIR Report
In late February 2023, threat actors rode a wave of initial access using Microsoft OneNote files. In this case, we observed a threat actor deliver IcedID using this method. After loading IcedID and establishing persistence, there was no further actions, other than beaconing for over 30 days. The threat actor used Cobalt Strike and AnyDesk to target a file server and a backup server. * The threat actor used FileZilla to exfiltrate data from the network before deploying Nokoyawa ransomware.
Ubisoft says it's investigating reports of a new security breach
Ubisoft is investigating whether it suffered a breach after images of the company's internal software and developer tools were leaked online. Ubisoft is a French video game publisher known for well-known titles, including Assassin's Creed, FarCry, Tom Clancy's Rainbow Six Siege, and the new Avatar: Frontiers of Pandora. Ubisoft told BleepingComputer that they are investigating an alleged data security incident after security research collective VX-Underground shared screenshots of what appears to be the company's internal services.
2022 RTF Global Ransomware Incident Map: Attacks continue worldwide, groups splinter, education sector hit hard
According to ecrime.ch data, confirmed ransomware incidents occurred in 105 countries, originating from 58 ransomware groups. This number is relatively consistent with last year’s data, in which we calculated that incidents impacted organizations in 109 countries and documented at least 60 distinct ransomware families. Though the overall statistics remain relatively consistent from last year to this year, there is more to the story: new trends in the ecosystem include the shifting dynamics of ransomware groups, the rise of the education sector as a key target, and the trends in geographic distribution of attacks.
Tracking Unauthorized Access to Okta's Support System
Okta Security has identified adversarial activity that leveraged access to a stolen credential to access Okta's support case management system. The threat actor was able to view files uploaded by certain Okta customers as part of recent support cases. It should be noted that the Okta support case management system is separate from the production Okta service, which is fully operational and has not been impacted. In addition, the Auth0/CIC case management system is not impacted by this incident.
We detected suspicious activity on our Okta instance that we use to manage our employee-facing apps. We immediately terminated the activity, investigated, and found no compromise of user data or other sensitive systems, either employee-facing or user-facing.
As a result, today we are publishing details of activity by a sophisticated nation-state sponsored threat actor that gained unauthorized access to our systems to target a small and specific set of our customers. Prior to sharing this information, we notified and worked with the impacted customers. We have also been working with our incident response (IR) partners and law enforcement on both our investigation and steps designed to make our systems and our customers’ operations even more secure. The attack vector used by the threat actor has been mitigated.
Learn more about a failed extortion scheme against Dragos in May 2023. No Dragos systems were breached, including anything related to the Dragos Platform.
Charlotte, NC – February 22, 2023– Dole plc (DOLE:NYSE) announced today that the company recently experienced a cybersecurity incident that has been identified as ransomware.
Charlotte, NC – February 22, 2023– Dole plc (DOLE:NYSE) announced today that the company recently experienced a cybersecurity incident that has been identified as ransomware.