EXECUTIVE SUMMARY
The month of November has seen some interesting developments in the world of cyber security. The first topic shows the impact of the Hive ransomware group. Also highlighted are the consequences that Facebook has faced due to its huge data breach. Finally, there has been a notable increase in information-stealing malware, especially from Russian cybercrime groups.
HIVE RANSOMWARE
Ransomware attacks have continued to see a rise in 2022 with the notorious Hive ransomware gang being a top threat. Hive has been active since June 2021 operating with a Ransomware-as-a-Service model. The Federal Bureau of Investigation (FBI) has revealed that as of November 2022, the Hive ransomware group has extorted over $100 million from over 1,300 organizations around the world. The FBI as well as the Cybersecurity and Infrastructure Agency (CISA) recommend that victims of ransomware attacks do not pay the ransom, because this will likely entice other threat actors to perform these attacks. Victims are also recommended to report ransomware attacks to their local FBI field office or to CISA to help with investigations.
FACEBOOK FINED FOR DATA BREACH
The Irish Data Protection Commission (DPC) has fined Facebook $275 million for the massive 2021 data breach that exposed information of over 500 million users. Personal information such as full names, phone numbers, email addresses, locations, and dates of birth were exposed in this breach, and the information has been circulated on well-known hacking forums. This breach was caused by threat actors exploiting a vulnerability in Facebook’s Contact Importer, which is a tool used to associate phone numbers with Facebook profiles. After a thorough investigation from the DPC that began on April 14, 2021, it has been found that Facebook has violated two articles of the General Data Protection Regulation (GDPR). This continues the trend of large companies like Uber, Equifax, and T-Mobile facing consequences for their mishandling of user information.
INFORMATION-STEALING MALWARE
There has been a growth in Russian cybercrime groups using information-stealing malware to obtain passwords, cryptocurrency wallets, and payment information. A report from Group-IB shows that in the first half of 2022 there has been 50,352,518 passwords stolen, 113,204 cryptocurrency wallets breached, and 103,150 payment cards exposed by these Russian cybercrime gangs. Compared to 2021, stolen passwords are up 80%, breached cryptocurrency wallets are up 216%, and compromised payment information is up 81%. Group-IB’s report includes information from 34 active cybercrime groups that each have about 200 members. Most of these groups use a malware known as RedLine Stealer while others use malware with the name Raccoon. Overall, information-stealing malware has seen a large increase due to a low barrier of entry where threat actors do not need advanced technical knowledge to carry out these attacks.
.png)
.png)
.png)
