Subj : Some major firms are being targeted by this dangerous new cybercr To : All From : TechnologyDaily Date : Mon Aug 19 2024 15:30:05 Some major firms are being targeted by this dangerous new cybercrime campaign Date: Mon, 19 Aug 2024 14:27:00 +0000 Description: Many enterprises are not securing their infrastructure properly, resulting in data extortion attacks. FULL STORY ====================================================================== Poor cybersecurity hygiene, which included exposed environment variable files, long-lived credentials, and the absence of least privilege architecture have resulted in multiple organizations being targeted with ransom attacks, experts have warned. A report from cybersecurity researchers Unit 42 outlined how they observed a successful extortion campaigns cloud operations that leveraged exposed environment variable files (.ENV) that held sensitive data such as login credentials. The unnamed threat actors set up their attack infrastructure within Amazon Web Services (AWS) environments belonging to target organizations, and then used it as a launchpad to scan more than 230 million unique targets for sensitive information. As Unit 42 further explained, the campaign targeted 110,000 domains, and resulted in more than 90,000 unique variables in the ..ENV files being exposed. No encryption Of those variables, 7,000 belonged to organizations cloud services. That, however, does not necessarily mean 7,000 compromised organizations, as one enterprise most likely owns multiple variables. Still, the crooks stole at least 1,500 variables belonging to social media accounts, which might be a good indication of the number of victims. Furthermore, the attackers used multiple source networks to facilitate the operation. While the crooks did steal sensitive data and demanded money for it, they did not encrypt their targets IT infrastructure. This is yet another example of threat actors pivoting away from encryption malware , and into simple data ransom attacks. Some researchers believe building, maintaining, and then deploying encryptors, is too expensive and cumbersome. Simply holding data ransom is, apparently, equally as effective: "The campaign involved attackers successfully ransoming data hosted within cloud storage containers," Unit 42 said. "The event did not include attackers encrypting the data before ransom, but rather they exfiltrated the data and placed the ransom note in the compromised cloud storage container." The attackers did not leverage any system vulnerability or bug, the researchers concluded. This is all the result of human error and recklessness. Via The Hacker News More from TechRadar Pro Hundreds of Google Firebase websites might have leaked data online Here's a list of the best firewall software around today These are the best endpoint security tools right now ====================================================================== Link to news story: https://www.techradar.com/pro/security/some-major-firms-are-being-targeted-by- this-dangerous-new-cybercrime-campaign --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .