TOP DATA BREACHES IN 2024

Hotels Not for profit development and research management company MITRE published details of a cyberattack that began in January 2024. Detection of the attack’s evolution didn’t occur until April. This targeted its collaboration platform, Networked Experimentation, Research, and Virtualization Environment (NERVE), which is used for R&D and prototyping. “Suspicious activity” was detected on NERVE, with a foreign-nation state threat actor confirmed as the culprit. MITRE’s initial reaction was to take NERVE offline temporarily, before contracting Digital Forensics Incident Response personnel. No details of the event’s outcome have been shared publicly. However, MITRE has revealed the attack vector. This involved multiple steps, including Ivanti zero-day vulnerabilities, a compromised administrator account, and establishing backdoors to “harvest credentials.” Given the use of backdoors and credential theft, it seems likely a sizable amount of data was acquired by the hacker.

Frontier On April 15 2024, Frontier Communications (known for phone, internet, and TV services) filed a report with the SEC. This covered the details of a recent incident, detected the previous day, which resulted in portions of the company’s systems being taken offline. The report states “Based on the Company’s investigation, it has determined that the third party was likely a cybercrime group, which gained access to, among other information, personally identifiable information.” Details in the report (and since) are scant in regard to the suspected attacker (beyond “cybercrime group”) and the data loss. No information has been offered as to whether employee data was taken, or customer data. Given the initial impact and response, the loss of customer data seems more likely.

US Local Governments Local governments and associations around the world are routinely victims of cyberattacks. Often the fallout impacts taxpayers and the people who use the services provided. So far in 2024, three US county departments have been hit: Robeson County (NC), Hernando County (Fla), and Jackson County (MO). In addition, the city of Wichita, Kansas, has been hit. All appear to be coordinated ransomware attacks, confirmed within days of each other. In Robeson County, a data security breach reported on April 18, 2024, resulted in online services being inaccessible to the public. An official response stated (WPDE) that the county administrators were: “engaging the assistance of the North Carolina Joint Cybersecurity Task Force, the North Carolina National Guard cyber unit, as well as federal and state law enforcement agencies.”

LoanDepot On January 8, 2024, loan and mortgage company LoanDepot announced it was dealing with a cyber incident. This was later confirmed to involve the theft of data pertaining to 16.6 million customers. While the company was coy about the details of the cyberattack, its regulatory post-attack filing revealed more. “LoanDepot […] recently identified a cybersecurity incident affecting certain of the Company’s systems. Upon detecting unauthorized activity, the Company promptly took steps to contain and respond to the incident, including launching an investigation with assistance from leading cybersecurity experts, and began the process of notifying applicable regulators and law enforcement.” It also indicated that the attack was ransomware. “[...]the unauthorized third party activity included access to certain Company systems and the encryption of data.” (Our emphasis.) Though our investigation is ongoing, at this time, the Company has determined that the unauthorized third-party activity included access to certain Company systems and the encryption of data. In response, the Company shut down certain systems and continues to implement measures to secure its business operations, bring systems back online, and respond to the incident.

The Best Ethical Hacking Tools

Nmap An acronym for Network Mapper, Nmap belongs to a host of cross-platform, open-source software systems whose core functionality lies in port scanning to find network vulnerabilities. With a host of scanning techniques like UDP, TCP-SYN, FTP, etc, Nmap provides detailed information on services run by the network, the number and status of firewalls installed, and the operating systems that the network handles. Moreover, it is one of those indispensable ethical hacking tools used to quickly analyze vulnerabilities in massive networks and create a detailed network map. Pros Consumes very less power during network mapping Extreme ease of use in device auto-discovery Robust internal security assessment Deploys different kinds of scans to find open ports Cons The graphical interface is not user-friendly The number of NSE scrips is limited Takes time to understand the technical know-how

Metasploit Project It is a penetration testing computer security project that supports multiple languages and operating systems, giving users a wide palette of exploits to choose from, such as pre-written sets of commands that work on specific system vulnerabilities. Metasploit comprises as many as 1,600 exploits over 25 platforms, making it the go-to security mitigation and testing tool. Equally preferred by security architects across the globe due to its extensive customization, Metasploit has automated cross-platform manual coding as well as decreased the security costs of companies by introducing remote testing. Pros Collaborative pen-testing via workspace creation Wide integration with other security services, such as Nmap Easy-to use, intuitive interface Cons Recent exploit updates haven’t been comprehensive Solely Ruby-based Windows and Linux-based versions widely differ in performance

Maltego Maltego belongs to the family of digital forensics software systems whose end goal is to visually represent the complexity and severity of threats in your cyber infrastructure. Its data mining and graphical link analysis tools make it very easy to mine scattered data sources in a single graph, and automatically merge information in a seamless format. Additionally, Maltego’s top-notch data representation via different views, such as main view, bubble view, entity view, etc enables forensic investigators to find hidden relational patterns among entities easily. Pros Collaboration and importing features streamline investigation Comprehensive data visualization Strong contextualization capabilities Easily handles large volumes of data with multiple clusters Cons Limited customization options Slows down while analyzing extensive datasets No recovery method for sudden software crashes

John the Ripper When you are a pen-tester, you will be cracking passwords like eating cookies! This makes John the Ripper (JtR) one of the most precious ethical hacking tools that break or discover passwords of cyber systems. Moreover, the software supports a host of encryption technologies for Windows and Unix. Its genius lies in auto-detecting the hash formats (the encrypted format of conversion for any string of characters) suitable to crack a system’s security. In addition, JtR, with its dictionary-based tool, is also a directory of common passwords and functions with three kinds of password-breaking modes—single crack mode, wordlist mode, and incremental mode. Pros Password hash detection is top-notch Easily customizable cross-platform password cracker Enables multiple brute-force attacks via a host of encryption techniques Cons Not highly effective for more sophisticated passwords Not highly effective against the latest SHA (Secure Hash Algorithm) hashes

Nessus Nessus acts as a worthy remote security scanning tool that is always on the lookout for system vulnerabilities. Some distinguished qualities make Nessus testing a mandatory inclusion in the White Hat toolkit. These include: It does not have preloaded assumptions about server configurations, which is why it never misses system vulnerabilities It has its own scripting language that enables you to write codes for specific tests Its host of plug-ins equips cybersecurity experts with specific virus-detecting capabilities Pros Vulnerability scanning is accurate and streamlined Easy classification of vulnerabilities into risk categories Multiple policies and best practices for different kinds of scans Presents recommendations and reports in easily accessible formats Cons Slow and time-consuming analysis for large datasets High power consumption during deep scans Doesn’t perform pen-testing

Best hacking team

1.

ANONYMOUS
Anonymous, a hacktivist collective, is widely acknowledged as one of the most prominent groups in this domain. Operating in a decentralized manner, it has asserted accountability for a multitude of cyber-attacks targeting governmental, religious, and business online platforms.

Lapsus$
Lapsus$ (aka DEV-0537) is an international hacker group with a focus on extortion. The group uses Telegram for public communication with its 50,000+ subscribers, including recruitment and posting sensitive data from their victims. In 2021, the group attacked the Brazilian Health Ministry, took down the website, and deleted sensitive data. More brazen attacks took place in 2022, first against large tech companies like Microsoft, Nvidia, and Samsung in March, and then again in September against Uber and Rockstar Games. Lapsus$ used social engineering to hack into access management company Okta, gain unauthorized access to Nvidia's systems, and access user data from the Mercado Libre online marketplace. They've also employed multi-factor authentication (MFA) fatigue as a tactic in their attack on Uber.

DARKSIDE
DarkSide DarkSide is believed to be operating in Eastern Europe, specifically Russia. Their tools are ransomware attacks and extortion. In fact, this group operates using a "ransomware as a service" model, where they provide affiliates with access to their ransomware in return for a percentage of the ransom payments. These have been reported to be around 25% for amounts under $500,000 and 10% for larger sums above $5 million. DarkSide claims to be apolitical, and they avoid targeting certain geographic locations to exclude former Soviet countries. They also refrain from attacking healthcare centers, schools, and non-profit organizations.

BIANLIAN
BianLian Bian Lian’s adaptability makes them unpredictable, as they constantly evolve tactics, tools, and targets. The criminal group has targeted organisations in the critical infrastructure sectors of the US and Australia. BianLian has been able to exploit security vulnerabilities and place encryptions on sensitive data within breached networks by using an open-source ransomware variant. They utilize multi-pronged extortion, combining data encryption with the threat of leaks, and have a global reach. BianLian has been able access to victim systems through valid Remote Desktop Protocol (RDP) credentials and then extort money by threatening to release the stolen data if a payment is not made. Victims have been reported across sectors with a typical focus on media and entertainment, as well as examples in healthcare, manufacturing and education. Their technical proficiency, including leveraging legitimate tools for malicious purposes, and shifting from ransomware to data extortion, highlights their evolving tactics.

LOCKBIT3
Lockbit3 Of all the active ransomware groups, between January and June of 2023, Lockbit3 proved the most prolific. Lockbit3’s maneuvers gave rise to 24% of all reported victims. The group attempted to disrupt and publicly extort organizations across more than 500 different instances, which represents a 20% increase in victims as compared to H1 2022. LockBit leverages a Ransomware-as-a-Service model and typically targets large enterprises and government entities. LockBit goes after organizations worldwide, except for those in Russia or other Commonwealth of Independent States.