Summary: Ransomware attacks, the use of AI, and the rise of cybercrime-as-a-service were prominent trends in the cybersecurity space in the first half of 2023, with LockBit ransomware being the most used and AI tools being misused by threat actors to launch cyberattacks.
Ransomware attacks are becoming increasingly common and sophisticated, with the average ransom payment rising to $1.5 million in the past year, according to a survey by Sophos, while attacks on city governments and police forces often go unnoticed; researchers are now focusing on the next generation of ransomware that may exploit vulnerabilities in cryptocurrencies, such as the proof-of-stake consensus mechanism used in Ethereum, which could be targeted for extortion.
Affiliate of the BlackCat ransomware group, Scattered Spider, claims responsibility for breaching MGM Resorts' infrastructure, stealing data, and deploying ransomware, demanding a $30 million ransom.
A new gang on the dark web called Ransomed.vc claims to have breached all of Sony's systems in a ransomware attack and is selling the stolen data.
Sony is investigating a potential breach after a ransomware group claimed to have compromised the company's systems and threatened to sell stolen data.
A new hacking group claims to have compromised Sony's systems and is selling the data after the company refused to pay, while another threat actor leaks the data and accuses the first group of being scammers.
Progress Software has released security patches for its file-handling product, WS_FTP, after eight vulnerabilities were discovered, including a severe .NET deserialization attack that could allow an attacker to execute commands on the host system, potentially leading to system hijacking and infiltration of IT networks at a large scale. Other tech companies, including Exim, Cisco, Apple, Google, and Mozilla, have also issued urgent updates to address critical vulnerabilities in their systems, while Johnson Controls has experienced a ransomware attack that may pose a national security risk. Additionally, a group claiming responsibility for the Sony attack has allegedly targeted Japanese cell carrier NTT Docomo, raising concerns about a potential new supply chain attack.
More than half of organizations are paying over $100,000 in ransomware attacks, with 83% admitting to paying the ransom directly to the hackers, according to a Splunk study, which also revealed concerns about the potential for generative AI to facilitate attacks.