Connect with us

ZDNET

Ransomware as a service: Negotiators are now in high demand

Published

on

The Ransomware-as-a-Service (RaaS) ecosystem is evolving into something akin to a corporate structure, researchers say, with new openings available for “negotiators” — a role focused on extorting victims to pay a ransom. 

On Thursday, KELA threat intelligence analyst Victoria Kivilevich published the results of a study in RaaS trends, saying that one-man-band operations have almost “completely dissolved” due to the lucrative nature of the criminal ransomware business. 

The potential financial gains squeezed from companies desperate to unlock their systems have given rise to specialists in cybercrime and extortion and have also led to a high demand for individuals to take over the negotiation part of an attack chain. 

Ransomware can be devastating not only to a business’s operations but its reputation and its balance sheet. If attackers manage to strike a core service provider used by other businesses, they may also be able to expand their attack surface to other entities quickly. 

In a recent case, zero-day vulnerabilities in VSA software provided by Kaseya were used, over the US holiday weekend, to compromise endpoints and put organizations at risk of ransomware infection. At present, it is estimated that up to 1,500 businesses have been affected, at the least due to the need to shut down VSA deployments until a patch is ready. 

According to KELA, a typical ransomware attack comprises four stages: malware/code acquisition, spread and the infection of targets, the extraction of data and/or maintaining persistence on impacted systems, and monetization. 

There are actors in each ‘area,’ and recently, demand has increased for extraction and monetization specialists in the ransomware supply chain.  

The emergence of so-called negotiators in the monetization arena, in particular, is now a trend in the RaaS space. KELA researchers say that specifically, more threat actors are appearing that manage the negotiation aspect, as well as piling on the pressure — such as though calls, distributed denial-of-service (DDoS) attacks, and making threats including the leak of information stolen during a ransomware attack unless a victim pays up. 

KELA suggests that this role has emerged due to two potential factors: the need for ransomware operators to walk away with a decent profit margin and a need for individuals able to manage conversational English to hold negotiations effectively.

“This part of the attack also seems to be an outsourced activity — at least for some affiliates and/or developers,” Kivilevich says. “The ransomware ecosystem, therefore, more and more resembles a corporation with diversified roles inside the company and multiple outsourcing activities.” 

Initial access brokers, too, are in demand. After observing dark web and forum activity for over a year, the researchers say that privileged access to compromised networks has surged in price. Some listings are now 25% – 115% more than previously recorded, especially when domain admin-level access has been achieved. 

screenshot-2021-07-08-at-13-00-13.png
KELA

These intrusion specialists may be paid between 10% and 30% of a ransom payment. However, it should also be noted that some of these brokers will not work with ransomware deployments at all and will only ‘sign up’ to an attack leveraged against other targets, such as those that will lead to credit card records being obtained. 

“During recent years, ransomware gangs grew into cybercrime corporations with members or “employees” specializing in different parts of ransomware attacks and various accompanying services,” KELA commented. “The recent ban of ransomware on two major Russian-speaking forums does not seem to affect this ecosystem because only the advertisement of affiliate programs was banned on the forums.”

Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0


PlatoAi. Web3 Reimagined. Data Intelligence Amplified.
Click here to access.

Source: https://www.zdnet.com/article/ransomware-as-a-service-negotiators-between-hackers-and-victims-are-now-in-high-demand/#ftag=RSSbaffb68

ZDNET

Nomad Summer Sale kicks off: Get 30% off everything

Published

on

nomad-goods-leather-sleeve-macbook-pro.jpg
Image: Nomad

Nomad Goods produces some of the best high-end and high-quality accessories for Apple products, and for the next week, you can get 30% off of all full-priced items on the site.

One of my favorite Nomad accessories right now is the recently launched leather AirTag Loop. At $24.95 before the discount, the leather loop adds a stylish way to carry your AirTag. Plus, it’s a worthy alternative to Apple’s official AirTag cases. You can even change the battery, when that time comes, without removing the AirTag from the loop. 

Other Nomad products I recommend include charging cables, which have a braided Kevlar on the outside of them to ensure they don’t easily break. Nomad’s iPhone cases and Apple Watch bands are also popular and come in plenty of color options that include MagSafe compatibility.

I reviewed the Base Station Pro wireless charging system that allows you to place any Qi-compatible device anywhere on the pad, instead of worrying about precisely lining the charging coil. 

To take advantage of the 30% off promotion, you’ll need to use coupon code SUMMER30 at checkout on Nomad’s website.

If you pick up some new Nomad gear, let us know in the comments what you decided on.

ZDNet Recommends

PlatoAi. Web3 Reimagined. Data Intelligence Amplified.
Click here to access.

Source: https://www.zdnet.com/article/nomad-summer-sale-deals-coupon-promo-code/#ftag=RSSbaffb68

Continue Reading

ZDNET

Verizon to bring RCS to all Android smartphones by 2022

Published

on

Verizon will be working with Google to bring the Rich Communications Service (RCS) standard to Android users in the US starting next year, joining T-Mobile and AT&T which both announced the switch earlier this year. 

Verizon announced the collaboration with Google on Tuesday and said the RCS standard provides “a more interactive and modern messaging experience right from Messages by Google.”

According to a statement from Verizon, Messages by Google will be preloaded onto every Verizon Android device by next year. 

Google and Verizon said the switch will offer consumers “higher-quality photos and videos, chatting over Wi-Fi or data, knowing when your message is read, enjoying more dynamic and engaging group chats, and securely chatting with other Messages users in available one-on-one conversations with end-to-end encryption.”

Ronan Dunne, executive vice president and CEO of Verizon Consumer Group, said that by working with Google, Verizon would be able to offer Android users “a robust messaging experience that allows them to engage with loved ones, brands and businesses in new and innovative ways.”

“Our customers depend on us to provide a reliable, advanced and simple messaging platform to stay in touch with the people that matter the most in their lives,” Dunne said.

Google has spent years pushing the RCS standard as an update to SMS because it offers features similar to those seen in WhatsApp, Apple’s iMessage and Facebook Messenger. Apple has refused to use RCS and messages sent between Android phones and iPhones will continue to be SMS, making them less secure than messages sent between users on either platform. 

Dirk Schrader, vice president of security research at New Net Technologies, noted that using RCS as the underlying standard is interesting because it can be seen as a message to services like Whatsapp by offering the same features without sharing the user’s contacts. 

In a statement, Verizon explained that Messages will “work with Verizon’s network and RCS messaging service” and “Google will work with Verizon to provide a robust business-to-consumer messaging ecosystem using RCS.”

Hiroshi Lockheimer, Google’s senior vice president of Platforms & Ecosystems, said the two companies have been working together on Android for years. 

The GSMA reports that more than 473 million monthly active users in 60 countries are using the RCS standard and Verizon said Android users will have a “more advanced messaging experience as they interact with each other and businesses on networks that support the RCS standard.”

By the end of the year, those using Verizon’s Message+ app will also get full access to RCS capabilities including the ability to embed high-res pictures and videos, get real-time conversation notifications, and send animated GIFs.

The RCS standard will also allow businesses and Verizon Android users to communicate more easily for things like product purchases, reservations and more. 

Setu Kulkarni, vice president of strategy at NTT Application Security, said that by making their end users available to brands and businesses, Verizon has taken on a new level of responsibility to keep its customers’ personal and private data on their phones secure from data breaches. 

“Since the app is backed by Google, there is certainly a greater degree of confidence that security measures are taken but let’s not forget that the state of cyber security is dynamic — and that no app is guaranteed to be breach free forever,” Kulkarni said.

PlatoAi. Web3 Reimagined. Data Intelligence Amplified.
Click here to access.

Source: https://www.zdnet.com/article/verizon-to-bring-rcs-to-all-android-smartphones-by-2022/#ftag=RSSbaffb68

Continue Reading

ZDNET

Adversaries continue to abuse trust in the supply chain

Published

on

We trust so much in our organizations — systems, partners, and vendors — for deploying software, monitoring network performancepatching (both systems and software), procuring software/hardware, and performing so many other tasks. A recent ransomware attack used one such system to successfully target thousands of victim companies.  

In this most recent example, attackers targeted Kaseya VSA IT Management Software, which was designed to allow IT admins to monitor systems, automate mundane tasks, deploy software, and patch systems. Attackers were able to exploit a zero day to access customer instances of the product and use its native functionality to deploy ransomware to those customers endpoints.

Further compounding the problem, managed service providers (MSPs) use Kaseya software to manage their customer environments. When the attackers compromised Kaseya, the MSPs inadvertently and unknowingly spread the ransomware to their customers.  

This is only one example of how attackers continue to abuse trust in unique ways that leaves many security and IT practitioners to wonder, “Why didn’t something like this happen sooner?” 

Attackers Are Getting Bolder  

Ransomware group REvil continues to get even bolder. Make no mistake, an attack like we saw against Kaseya was prescriptive and purposeful to inflict the maximum amount of damage to the most amount of targets. Immediately after the attack, they bragged about infecting more than a million devices and set a ransom demand of $70 million. If one organization paid, they promised that the decryptor would work across all organizations that were affected.  

This shines a light on a troubling trend we’re seeing, where attack targets are shifting from individual organizations to exploiting platforms, like Kaseya or SolarWinds, that allow for multiple organizations to be affected. Attackers continue to research the tools we all rely on to find ways to abuse the native functionality to effectively execute an attack. This latest attack abused an old copy of Microsoft Defender that allowed sideloading of other files.  

Software Is Vulnerable All The Way Down The Chain  

All the tools that organizations rely on — such as tax software, oil pipeline sensors, collaboration platforms, and even security agents — are built on top of the same vulnerable code, platforms, and software libraries that your vulnerability management team is screaming from the hills to patch or update immediately.  

Organizations need to both hold their supply chain partners, vendors, and others accountable for addressing the vulnerabilities in the software that they’ve built on top of this house of cards as well as understand the exposure they have by deploying said software within their environments. 

Run Faster Than The Next Guy; Take Defensive Steps Now  

Forrester blog, Ransomware: Survive By Outrunning The Guy Next To You, discusses protecting against ransomware by hardening systems to make your organization a hard target. Supply chain attacks bypass defenses by exploiting your trust in systems. To protect against them, you have to scrutinize the inherent trust you’ve placed on your supply chain.  

To start, organizations should take an inventory of the critical partners that have a large foothold within their environment, such as the vendors used for collaboration/email, MSPs that manage and monitor infrastructure, or security providers that may have an agent deployed to every system. After compiling your list, you should:  

  • Ask those partners what they’re doing to prevent you from being the next victim of a destructive attack. Ask about the gating process for pushing updates to your environment. How do they QA updates before they’re pushed? Ask solution providers how they secure their code and assess that code for vulnerabilities. 
  • Find out if they have the appropriate processes and architecture in place to prevent the type of lateral movement we saw with the latest attack. Ask how they secure their own environments, especially their update servers. Ask to see audit or assessment results from third-party assessors.  
  • Review your service agreements to find out what contractual responsibility those partners have to keep you safe from ransomware and malware. Understand what rights you have to demand compensation, if you are the victim of an attack due to a service provider’s systems being used as a delivery vehicle.  

Organizations should take aggressive steps to implement prescriptive ransomware advice as well as take a look at additional ransomware resources to limit the blast radius of an attack.  

This post was written by Analyst Steve Turner, and it originally appeared here

PlatoAi. Web3 Reimagined. Data Intelligence Amplified.
Click here to access.

Source: https://www.zdnet.com/article/adversaries-continue-to-abuse-trust-in-the-supply-chain/#ftag=RSSbaffb68

Continue Reading

ZDNET

Qualtrics Q2 surprise profit blows away expectations, forecast higher as well

Published

on

In its second quarter as a public company, Qualtrics, the subsidiary of SAP AG that brands itself as the customer experience management platform, reported Q2 revenue that topped expectations by 3%, and a surprise profit where analysts had expected a loss. The company’s forecast for this quarter, and the full year, is higher as well.

The report sent Qualtrics stock up about 2% in late trading.

“It was an outstanding quarter for us,” said CEO Zig Serafin in an interview with ZDNet via telephone. “What you’re seeing is that the technology that we provide has never been more relevant, more impactful.”

Serafin pointed to evidence of that relevance in the company’s 38% rate of revenue growth, year over year, and the company’s 48% rate of subscription revenue growth. “This is building on strong growth in the first quarter,” he said. “You’re seeing an acceleration in demand.”

Qualtrics’s net dollar retention rate, how much it makes from customers, on average, versus the prior-year period, was 122%. That was up from 120% in the prior quarter. 

Qualtrics is known as a program for managing the interaction with customers, from first attracting customers to maintaining the relationship.

However, Serafin said the software is increasingly helping companies to attract new employees as well.

Customers are using Qualtrics’s program to “tune in better into the needs of their existing employees, but also attract new candidates and employees that could be coming into their company,” said Serafin.

“Our research is showing that about 50% of people will be out there looking for a new job in the next twelve months,” said Serafin. “How people leverage the employee experience management product portfolio on top of our platform, helping  companies to listen and take action on the changing nature of work.”

Also: Qualtrics Q1 report, forecast top Wall Street expectations: The C-suite is buying in, says CEO

That includes companies using the software to “design the physical work space and the digital space,” he said.

Revenue in the three months ended in June rose to $249.3 million, yielding a net profit of 4 cents a share, excluding some costs.

Analysts had been modeling $241.7 million and a 2-cent net loss per share.

Profit was helped in part by reduced expenses such as travel and entertainment, but “the majority of the outperformance is due to the outperformance on the revenue,” CFO Rob Bachman told ZDNet in the same phone call.

For the current quarter, the company sees revenue of $257 million to $259 million, and net loss in a range of 1  cents to 3 cents, again, excluding some costs. That compares to consensus for $246.6 million and a 5-cent loss per share.

For the full year, the company sees revenue in a range of $1.007 billion to $1.011 billion, and EPS in a range from breakeven to negative 2 cents per share. That compares to consensus of $984 million and an 11-cent net loss per share.

Regarding the forecast, Serafin told ZDNet that “what is most exciting to me is that our guidance is putting us on track to surpass one billion dollars in revenue in 2021, which puts us in a very different league of SaaS companies,” said Serafin.

The company plans to continue to invest in the business, said both Bachman and Serafin. Qualtrics hired 400 people in the quarter, and plans to keep spending.  

“We will continue invest deeply in the business,” said Bachman. “We have a unique opportunity to invest, we will  continue to do so.”

Tech Earnings

PlatoAi. Web3 Reimagined. Data Intelligence Amplified.
Click here to access.

Source: https://www.zdnet.com/article/qualtrics-q2-surprise-profit-blows-away-expectations-profit-higher-as-well/#ftag=RSSbaffb68

Continue Reading
Esports3 days ago

How to reduce lag and increase FPS in Pokémon Unite

Esports4 days ago

Coven skins for Ashe, Evelynn, Ahri, Malphite, Warwick, Cassiopeia revealed for League of Legends

Esports4 days ago

Will New World closed beta progress carry over to the game’s full release?

Aviation5 days ago

And Here’s Yet Another Image Of Russia’s New Fighter Concept That Will Be Officially Unveiled Tomorrow

Esports4 days ago

Can you sprint in New World?

Esports3 days ago

How to add friends and party up in New World

Esports4 days ago

How to claim New World Twitch drops

Esports5 days ago

How to complete FUTTIES Alessandrini’s objectives in FIFA 21 Ultimate Team

AR/VR4 days ago

Moth+Flame partners with US Air Force to launch Virtual Reality sexual assault prevention and response training

Esports4 days ago

Twitch streamer gets banned in New World after milking cow

Esports5 days ago

Everything we know about Seer in Apex Legends

Esports5 days ago

Evil Geniuses top laner Impact breaks all-time LCS early-game gold record in win over Dignitas

Aerospace5 days ago

Boeing crew capsule mounted on Atlas 5 rocket for unpiloted test flight

Esports5 days ago

What Time Does League of Legends Patch 11.15 Go Live?

Blockchain4 days ago

Rothschild Investment Purchases Grayscale Bitcoin and Ethereum Trusts Shares

Blockchain4 days ago

Uniswap (UNI) and AAVE Technical Analysis: What to Expect?

Esports4 days ago

Konami unveils Yu-Gi-Oh! Master Duel, a digital version of the Yu-Gi-Oh! TCG and OCG formats

Esports3 days ago

How to change or join a new world in New World

Esports4 days ago

Team BDS adds GatsH to VALORANT roster as sixth man before EU Stage 3 Challengers 2

Esports4 days ago

Best Akshan builds in League of Legends

Trending