Extortion Trojans in the form of ransomware have become a serious and permanent threat. At the end of October 2022, for example, the hacker group Black Basta gained access to around 1,500 employee records after a successful ransomware attack on the IT service provider of the Deutsche Presse-Agentur (DPA), 20% of which were published on the darknet. The reason for the successful access to sensitive data, such as social security numbers or bank details: poorly protected FTP servers for storing documents. Ransomware attacks thus remain a relatively easy and extremely lucrative attack method, especially if the attacked systems are poorly protected. In this article, you will learn how to detect ransomware attacks on your company at an early stage and successfully fend them off.
Read more … How to detect a ransomware attack early - and successfully fend it off
6 Questions and 6 Answers about Active Cyber Defense, the Managed Detection and Response Service (MDR).
by Tina Siering
Companies are confronted with increasingly complex cyber threats. Relying solely on preventive and pattern-based IT security measures (such as AV solutions and firewalling) is no longer sufficient today. Companies that want to be informed in time about a successful cyber attack have recognized the importance of early attack detection with the help of a "Managed Detection and Response solution" (MDR). The problem here is that most medium-sized companies do not have the necessary budget and do not have enough specialists, time and know-how to independently set up a Security Operations Center (SOC) required for this purpose. With Active Cyber Defense (ACD), Allgeier secion offers a 24/7 managed security service that relieves the IT security teams in this regard and can be booked cost-effectively at a flat monthly service fee. In this article, you can read how exactly the security analysts in the ACD team detect cyber attacks at an early stage and get answers to frequently asked questions.
Researchers warning: ARCrypter ransomware is spreading worldwide
by Tina Siering
At the beginning of August 2022, a new ransomware emerged that could not be assigned to any known malware family so far: the ARCrypter ransomware. The cybercriminals behind the extortion software have already attacked major Latin American organizations - including the Chilean government. Meanwhile, they are expanding their activities around the world, targeting German targets as well. Researchers have now figured out how ARCrypter works and what the characteristics of an ARCrypter attack are. The good news up front: with the right security tools, you can effectively protect yourself from the new threat.
Read more … Researchers warning: ARCrypter ransomware is spreading worldwide
Hacking to listen to: The 5 most popular IT security podcasts from our IT security consultants
by Tina Siering
The cybersecurity industry is more dynamic and rapidly changing than any other sector. Today's insights may already be outdated tomorrow. Because at the same pace as IT security develops new measures to protect IT infrastructure, networks, and endpoints, cyber criminals bring new tools to the market, refine attack methods, or use unknown techniques to successfully carry out cyber attacks. Anyone who wants to stay as well informed as possible in the multi-layered environment is dependent on regular updates. This applies equally to technically interested users and IT staff. One popular source of information in Germany is the podcast. More than 40% of all Germans regularly listen to podcasts - one fifth of them daily. We asked our IT security consultants for recommendations on ethical hacking and present our top 5 most popular cybersecurity podcasts here.
Black Basta: New findings on the notorious ransomware
by Tina Siering
In early October, the ransomware group Black Basta attacked an IT service provider of the Deutsche Presse-Agentur (dpa), stealing the data records of 1,500 dpa employees as well as pension recipients of the dpa support fund. Two weeks later, the cybercriminals published the first sensitive data of the victims on the darknet. This incident is just one of many attacks associated with the notorious Black Basta ransomware - and there will be many more to come. That's because, as new research shows, the cybercriminals act very similarly to other aggressive hacker groups.
Read more … Black Basta: New findings on the notorious ransomware
"There is no comparable product on the market." - SPIE Switzerland Ltd. implements Active Cyber Defense (ACD) service
by Tina Siering
SPIE Switzerland Ltd. was looking for a reliable service for early attack detection that could also protect non-agent-based security solutions - and found "an effective and innovative solution with an excellent price/performance ratio" in the Active Cyber Defense (ACD) service.
Caution, Quishing: Criminals use QR codes for phishing attacks
by Tina Siering
QR codes have been around for almost 30 years. Today, we scan the square codes with our smartphone as a matter of course to release bank orders, create a digital vaccination certificate or retrieve coupons. However, since QR codes are also used by cybercriminals for fraudulent purposes, you should not trust the little squares without limits. You should be especially careful if you receive a QR code via email: A sophisticated phishing attack could be hiding behind it. We show you how to recognize quishing attacks and protect yourself from them.
Read more … Caution, Quishing: Criminals use QR codes for phishing attacks
8 criteria to recognize a secure website
by Tina Siering
As practical, useful and indispensable as the Internet is, countless dangers lurk there. Cybercriminals mercilessly exploit any vulnerability, no matter how small, to infiltrate networks, compromise computers, steal identities or leak data. As more and more effective and multi-layered defenses against cybercrime are being deployed in the IT security arena with extreme reliability, humans remain the greatest vulnerability. Hackers usually choose the easiest way to get to their target - and that way is far too often through users. In this article, we highlight the risks that can arise from surfing the Internet and list eight criteria that can be used to identify a reputable and trustworthy website. Also learn how to best secure networks against cyberattacks.
Three tools hackers use to attack your Active Directory
by Tina Siering
If you understand what makes people tick, you can manipulate them. Psychological influence through sophisticated interpersonal interaction is known as social engineering - and is responsible for around 98% of all cyberattacks! The classic is the fake email that lures unsuspecting victims to fraudulent websites. Or criminals use false identities on social networks to obtain confidential information. Through targeted manipulation, social engineers get people to do things they wouldn't normally do. Nowadays, networks can be secured more and more reliably by versatile IT security solutions, but "human hacking" still remains the biggest vulnerability in cybersecurity. In this article, you will learn which social engineering tactics cybercriminals use and which tools attackers use to take over compromised systems.
Read more … Three tools hackers use to attack your Active Directory
QakBot malware: Warning of increasing attacks
by Tina Siering
For several days now, there has been a strong accumulation of successful compromises by the "QakBot" malware (also known as "QBot" and "QuackBot") worldwide. We have also already identified successful attacks as part of our ACD monitoring. After infection, criminals can gain access to online banking accounts, leak user data, and reload further malware. As one measure to mitigate the risk, we urgently recommend adjustments to the Group Policy Objects (GPO).