Latest news with #ToyMaker
Forbes
29-04-2025
- Sport
- Forbes
Why Supporting The New York Yankees Makes You Hacking Threat Number 1
These sports team passwords put you at risk of attack. World Password Day is May 1, 2025, but every day is password hacking day. The U.S. sports team you support could make getting hacked even more likely, a new report has revealed. As if the password hackers need any help, what with infostealer malware publishing 1.7 billion stolen credentials on the dark web, automatic password hacking machines being a very real thing and people like the ToyMaker making a healthy living from selling such initial access resources to cybercriminals. Here's why being a New York Yankees fan sucks from the cybersecurity perspective. Weak passwords are the bane of my life as a cybersecurity analyst, although with my hacking hat on, I have to say I quite like them. With research revealing that even the advice for creating strong passwords using the three-random-word method is now useless, as law enforcement can crack 77% of them with the newly published technique, you really need to be aware of the insecurity of certain passwords you choose to use. Yes, sports fans, I'm staring right at you with my best look of consternation. An analysis of 186 sports teams, ranked by how vulnerable the passwords that included their names were, has been compiled by the experts at GlobalDots. They used a total of 23 different password variations for each team and then compared them against how many times they appeared in the Have I Been Pwned data breach database. The resulting report reveals the top ten weakest password links across the NFL, NBA, MLB and NHL, but let's focus on the overall most hackable U.S. sports team passwords, shall we? As you will have already worked out, the New York Yankees are top of the password flops, with the report revealing that passwords associated with the team appeared in 198,870 password leaks. The rest of the top ten is as follows: The moral of this tale, if you must take support of your favorite sports team into your cybersecurity defense, at least be creative and use passwords that are harder to guess by those looking at hacking them. Maybe create a passphrase with the team involved, but one that's not obvious. Or how about throwing a whole load of random characters and digits into the mix? A password manager will help you to make this approach usable and prevent any password reuse from bettering the equation. Better yet, keep your love of sports to the sports field and just use long and random passwords, eh?
Forbes
28-04-2025
- Forbes
Backdoors Installed, Passwords Stolen — Who Is The ToyMaker?
Who is the ToyMaker? getty A lot of effort goes into tracking and reporting on the ransomware threat and those who launch the attacks. Given the sheer number of ransomware attacks and the money that can be made by those with no moral compass, this isn't exactly surprising. No surprise, either, that some are willing to pay good money to those willing to snitch on ransowmare threat groups. What is surprising, however, is that less time and resources seem to go into researching the people who enable ransomware attackers. I'm talking about initial access brokers who, like it says in the tin, are the ones who open the doors to your systems for the ransomware attackers to exploit. Initial access brokers like the ToyMaker. As I have already reported, ransomware attacks have surged by 132% despite a 35% drop in payments in the first quarter of 2025. Social engineering, adversary-in-the-middle attacks and information-stealing malware have all contributed to this ransomware resurgence. Welcome to the world of the initial access broker. Leaks from within the ransomware gangs themselves have shown that initial access brokers play a pivotal role in the success of any attack. The ToyMaker is an initial access broker and, according to a new report from researchers at Cisco Talos, a very dangerous one indeed. In their deep dive into the world of the ToyMaker, Cisco Talos threat intelligence researchers Joey Chen, Asheer Malhotra, Ashley Shen, Vitor Ventura and Brandon White have revealed just how dangerous this mysterious figure is. The ToyMaker isn't motivated by politics or tied to any nation-state espionage groups, but rather is, the threat intelligence experts said with medium confidence, a financially motivated threat actor. The job that they do is simple: exploit vulnerable systems that are exposed to the internet. Well, I say simple, but the methods used and the consequences of success are anything but. The ToyMaker deploys a custom-coded backdoor called lagtoy, which can steal credentials from the target system it is installed upon, as well as create reverse shells and execute commands on infected endpoints. This is not a toy to be played around with lightly. 'A compromise by lagtoy may result in access handover to a secondary threat actor,' Cisco Talos warned, specifically, a double extortion ransomware group known as Cactus. The ToyMaker is also a speedy operator when it comes to deploying these malicious toys. 'ToyMaker performed preliminary reconnaissance, credential extraction and backdoor deployment within the span of a week,' Cisco Talos said. As is the case with initial access brokers, that would then signal the end of the ToyMaker's involvement in the attack. After a three-week pause, the Cactus ransomware group strikes using the credentials stolen by the ToyMaker.
