Massive Surge In Ransomware Attacks—AI And 2FA Bypass To Blame
Ransomware attacks up, ransoms paid down.
If you need proof that the ransomware threat is not dead in the security threat water, look no further than the latest FBI warning about the Medusa ransomware-as-a-service attacks. Ransomware is not only alive and well but also rapidly evolving. I have reported how one criminal group, Black Basta, was found to be using sophisticated tools to brute-force VPN and firewall passwords, and stolen passwords are increasingly driving attacks. The good news is that enterprise defenses are improving, and the amount being paid in ransom demands to these criminal gangs is falling fast. The bad news is that the same threat intel report also revealed that the fast-evolving ransomware landscape has led to a massive surge in attacks. Here's what you need to know.
What if I were to tell you that social engineering using AI deception, commonly known as deepfake phishing or in some quarters as vishing, has increased by an incredible 1,633% in quarter one of 2025 compared to the last quarter of 2024? What's that got to do with ransomware? Apart from the fact that it is used as one of the most common methods of gaining initial access to your networks, nothing. Can you taste the sarcasm from my keyboard?
Ransomware attacks surged 132% despite a 35% drop in payments. With less ransom being paid out, cybercriminals are shifting their strategies to compensate for the growing number of organizations that have strengthened their security posture to avoid having to pay ransom. OK, let's change tack. What if I were to tell you that adversary-in-the-middle attacks are also increasing with alarming velocity? You know, those clever hacking tactics used to steal session cookies and, by so doing, enable ransomware attackers to access your accounts at leisure without having to worry about annoying 2FA codes. Maybe if I mentioned the exploitation of operational technology environments, I would be speaking your language. Ransomware attackers are targeting OT devices with greater frequency. Now, what if it wasn't me telling you this but the threat intelligence experts at Ontinue?
The March 25 threat intelligence report from Ontinue revealed all these things and more. 'The cyber threat landscape isn't just evolving,' it said, 'it's becoming more aggressive.' With attackers leveraging AI, trusted platforms and legitimate software tools to breach defenses and exploit vulnerabilities, this is not time to be sitting back and thinking the threat is over.
One of the interesting trends to come out of the Ontinue report was the fact that the amount of money being made by attackers through ransom payments is down a little over a third. Casey Ellis, founder at Bugcrowd, thinks this is fascinating but not surprising. 'The combination of increased law enforcement pressure, better international collaboration, and organizations refusing to pay are clearly making a dent,' Ellis said. It's also a testament to the pay or don't pay debate evolving into 'a broader conversation about resilience and deterrence,' Ellis continued. The real question, though, is will the downward dip continue. Ellis isn't convinced. 'The, ransomware business model is an arms race, and threat actors are nothing if not adaptable,' Ellis concluded. 'We've already seen a shift toward exfiltration-based extortion, stealing data and threatening to leak it if the ransom isn't paid.'
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
an hour ago
- Yahoo
FBI Boss Kash Patel Is Suing to Prove He's Not Nightclub Hopping
Kash Patel has sued MSNBC columnist Frank Figliuzzi over his unverified claim last month that the FBI director had been at 'nightclubs' more than he'd been in his office. Patel filed a lawsuit on June 2 in Texas against Figliuzzi, a former assistant director for counterintelligence at the FBI who now serves as a senior national security and intelligence analyst for MSNBC and NBC News. The complaint accuses Figliuzzi of 'fabricating a specific lie' about Patel over his nightclub allegation, and claimed there was 'no basis for [the] Defendant's fabrication, and Defendant's use of the weasel word, 'reportedly,' is itself a fabrication,' according to the New York Post. The suit called Figliuzzi's claim a 'maliciously false and defamatory statement' and accused the columnist of making up the story to 'discredit Director Patel because of Defendant's clear animus toward Director Patel.' It noted that the commentator has previously been critical of the FBI head's qualifications. Patel has not spent 'a single minute inside of a nightclub' since becoming FBI director, the lawsuit states. The FBI and an attorney for Patel did not immediately return The Daily Beast's request for comment. Figliuzzi has been approached for comment via his website. Figliuzzi, a 25-year veteran of the FBI, made the remark during a May 2 broadcast of Morning Joe. He claimed Donald Trump's pick to lead the bureau was not often present at its headquarters, the J. Edgar Hoover Building in Washington, D.C. 'Reportedly, he's been visible at nightclubs far more than he has been on the seventh floor of the Hoover building,' Figliuzzi said to Morning Joe co-host Jonathan Lemire. 'And there are reports that daily briefings to him have been changed from every day to maybe twice weekly.' 'The one word that keeps coming back at me from inside that building is 'chaos,'' he added. 'People don't know what's happening from day to day.' On the next Morning Joe broadcast the following Monday, Lemire told viewers Figliuzzi had made a 'misstatement.' 'Figliuzzi said that FBI director Kash Patel has reportedly been more visible at nightclubs than at his office at FBI headquarters. This was a misstatement. We have not verified that claim,' Lemire said. MSNBC declined to comment on the lawsuit. FBI spokesperson Ben Williamson wrote on X at the time that Figliuzzi's claims were 'bogus,' writing, 'I see him here at HQ every day.' Patel's appointment was and has been the subject of significant backlash, given his limited senior law enforcement experience and concerns over his past promotion of pro-Trump conspiracy theories.
2 hours ago
Pulse massacre survivors are set to revisit the nightclub before it's razed
ORLANDO, Fla. -- Survivors and family members of the 49 victims killed in the Pulse nightclub massacre nine years ago are getting their first chance Wednesday to walk through the long-shuttered, LGBTQ+-friendly Florida venue before it's razed and replaced with a permanent memorial to what was once the worst U.S. mass shooting in modern times. In small groups over four days, survivors and family members of those killed planned to spend a half hour inside the space where Omar Mateen opened fire during a Latin night celebration on June 12, 2016, leaving 49 dead and 53 wounded. Mateen, who had pledged allegiance to the Islamic State group, was killed after a three-hour standoff with police. At the time, it was the worst mass shooting in modern U.S. history. The Pulse shooting's death toll was surpassed the following year when 58 people were killed and more than 850 injured among a crowd of 22,000 at a country music festival in Las Vegas. The city of Orlando purchased the Pulse property in 2023 for $2 million and plans to build a $12 million permanent memorial which will open in 2027. Those efforts follow a multiyear, botched attempt by a private foundation run by the club's former owner. The existing structure will be razed later this year. 'None of us thought that it would take nine years to get to this point and we can't go back and relitigate all of the failures along the way that have happened, but what we can do is control how we move forward together," Orange County Mayor Jerry Demings said two weeks ago when county commissioners pledged $5 million to support the city of Orlando's plan. The opportunity to go inside the nightclub comes on the ninth anniversary of the mass shooting. Outside, over-sized photos of the victims, rainbow-colored flags and flowers have hung on fences in a makeshift memorial, and the site has attracted visitors from around the globe. But very few people other than investigators have been inside the structure. Around 250 survivors and family members of those killed have responded to the city's invitation to walk through the nightclub this week. Families of the 49 people who were killed can visit the site with up to six people in their group, and survivors can bring one person with them. The people invited to visit are being given the chance to ask FBI agents who investigated the massacre about what happened. They won't be allowed to take photos or video inside. Brandon Wolf, who hid in a bathroom as the gunman opened fire, said he wasn't going to visit, primarily because he now lives in Washington. He said he wanted to remember Pulse as it was before. 'I will say that the site of the tragedy is where I feel closest to the people who were stolen from me,' said Wolf, who now is national press secretary for the Human Rights Campaign, a LGBTQ+ advocacy group. 'For survivors, the last time they were in that space was the worst night possible. It will be really hard to be in that space again.' Mental health counselors planned to be on hand to talk to those who walk through the building. Survivors and family members had hoped to have a permanent memorial in place by now. But an earlier effort by a private foundation to build one floundered, and the organization disbanded in 2023. Barbara and Rosario Poma and businessman Michael Panaggio previously owned the property, and Barbara Poma was the executive director of the onePulse Foundation — the nonprofit that had been leading efforts to build a memorial and museum. She stepped down as executive director in 2022 and then left the organization entirely in 2023 amid criticism that she wanted to sell instead of donate the property. There were also complaints about the lack of progress despite millions of dollars being raised. The original project, unveiled in 2019 by the onePulse Foundation, called for a museum and permanent memorial costing $45 million. That estimate eventually soared to $100 million. The city of Orlando has since outlined a more modest proposal and scrapped plans for a museum. 'The building may come down, and we may finally get, a permanent memorial, but that doesn't change the fact that this community has been scarred for life,' Wolf said. 'There are people inside the community who still need and will continue to need support and resources.'
News24
3 hours ago
- News24
Cape Town couple arrested on child porn charges allegedly abused their own children
A Bloubergstrand couple has been arrested for the alleged sexual abuse of their two daughters, aged 3 and 8. They have been accused of producing child pornography and other sexual offences. According to police spokesperson Lieutenant Colonel Amanda van Wyk, a multidisciplinary team comprising members of the national and Western Cape Serial and Electronic Crime Investigations (SECI) Units, and officials from the Department of Social Development (DSD), supported by the FBI and Homeland Security Investigations (HSI), arrested the 47-year-old woman and 48-year-old man in Bloubergstrand on Tuesday. They were found at a house identified through joint investigative efforts. They face multiple charges, including the production of CSAM (commonly referred to as child pornography), rape, sexual assault, and sexual grooming. The two children were rescued during the operation and have since been put in a place of safety. Several electronic devices were seized. Last month, the Asset Forfeiture Unit (AFU) seized assets, including a luxury vehicle and R647 300 in cash belonging to Darryn Wilken and his girlfriend, Tiona Megan Moodley. Investigations by various law enforcement agencies, including the US Secret Service and Federal Bureau of Investigation (FBI), led to their arrests. The couple faces charges for allegedly running a child pornography website, offering material for sale internationally. National Prosecuting Authority (NPA) spokesperson Phindi Mjonondwane said along with the cash and vehicle, the unit also seized high-end electronic equipment. 'It (Wilken's luxury vehicle) brazenly reflected a registration number 'KIDZ NA GP'. The luxury vehicle, high-end electronic equipment and R647 300 in cash were the subjects of the search and seizure warrant,' she said.
