Latest news with #credentialtheft
Zawya
01-07-2025
- Business
- Zawya
Group-IB sounds the alarm on rising cyber threats in META region
Dubai, UAE: Group-IB, a leading creator of cybersecurity technologies to investigate, prevent, and fight digital crime, has released its latest META Intelligence Insights Report (May 2025) offering a detailed snapshot of the region's evolving threat report highlights an alarming rise in stolen credentials and payment data, with Kenya, Turkey, and Egypt among the most affected countries. As cybercriminal activity grows more aggressive and sophisticated, Group-IB is calling on organisations across the Middle East, Turkey, and Africa (META) to adopt stronger digital hygiene practices to protect against the surge in credential theft, banking fraud, and malware-driven breaches. Key findings from the Group-IB May 2025 Report: Top Malware Families: RedLine (23.4%), LummaC2 (22.9%), and Raccoon (19.4%) were the leading tools behind stolen data. Most Affected Countries: Kenya (23.1%), Turkey (21.7%), and Egypt (12.4%) recorded the highest volumes of compromised accounts. Bank Card Breaches: The GCC region led in compromised card data (47.1%), followed by South Africa and Egypt. With the threat landscape evolving rapidly, Group-IB urges individuals, businesses, and institutions across the META region to take immediate, informed action to secure their digital environments. Proactive education, the right technologies, and timely intelligence are essential tools in staying one step ahead of cybercriminals. Read the full May 2025 META Intelligence Insights Report here. ABOUT GROUP-IB Established in 2003, Group-IB is a leading creator of cybersecurity technologies to investigate, prevent, and fight digital crime globally. Headquartered in Singapore, and with Digital Crime Resistance Centres in the Middle East and Africa, Europe, Central Asia, and the Asia-Pacific, Group-IB analyses and neutralises regional and country-specific cyber threats via its Unified Risk Platform, offering unparalleled defence through its industry-leading Threat Intelligence, Fraud Protection, Digital Risk Protection, Managed Extended Detection and Response (XDR), Business Email Protection, and External Attack Surface Management solutions, catering to government, retail, healthcare, gaming, financial sectors, and beyond. Group-IB collaborates with international law enforcement agencies like INTERPOL, EUROPOL, and AFRIPOL to fortify cybersecurity worldwide, and has been awarded by advisory agencies including Aite-Novarica, Gartner, Forrester, Frost & Sullivan, and KuppingerCole.
Tahawul Tech
20-06-2025
- Tahawul Tech
Cybercriminals gain access as 16 billion credentials exposed in historic data breach
The threat landscape continues to evolve, and the message from cybersecurity experts is clear: digital vigilance and routine cyber hygiene are now non-negotiable. The global cybersecurity community is sounding the alarm following what Cybernews has dubbed the largest data breach in history, revealing a staggering 16 billion login credentials scattered across 30 different databases. While some records are believed to overlap, researchers emphasise that much of the data stems from recent infostealer malware attacks, not just recycled incidents from the past. This latest revelation significantly raises the stakes in the ongoing battle against credential theft. Commenting on the report, Alexandra Fedosimova, Digital Footprint Analyst at Kaspersky, explains: '16 billion records is a figure nearly double the Earth's population, and it's hard to believe such a vast amount of information could be exposed. This 'leak' refers to a compilation of 30 user data breaches from various sources. These data sets ('logs') are primarily obtained by cybercriminals through infostealers — malicious applications that steal information — and such incidents occur daily. Cybernews researchers collected this data over six months from the start of the year. Their dataset likely contains duplicates due to the persistent issue of password reuse among users. Therefore, although it was noted that none of the databases they found had been previously reported, this doesn't mean these credentials hadn't previously leaked from other services or been collected by other infostealers.' Kaspersky telemetry further supports the scale of the threat, reporting a 21% global increase in password stealer detections from 2023 to 2024. Infostealer malware has emerged as one of the most pervasive cyber threats, compromising millions of devices and extracting credentials, cookies, and sensitive data — all of which are then aggregated and circulated on the dark web. Dmitry Galov, Head of Kaspersky's Global Research and Analysis Team (GReAT) for Russia and CIS, added: 'Cybernews research speaks of an aggregation of several data leaks over a long period – since the start of the year. This is a reflection of a thriving cybercrime economy that has industrialised credential theft. 'Credentials are harvested, enriched, and resold — often multiple times — via combo lists that are constantly updated and even made available on public platforms.' 'What's notable here is that the datasets were reportedly temporarily exposed via unsecured channels, making them accessible to anyone who stumbled upon them.' Anna Larkina, Web Content Analysis Expert at Kaspersky, advises users to take urgent action and said, 'This news is a good reminder to focus on digital hygiene. Regularly update your passwords, enable two-factor authentication, and use a reliable password manager, such as Kaspersky Password Manager, to store your credentials securely. If you suspect your accounts may have been compromised, contact support services immediately to regain access and limit further damage. Users should also stay alert to social engineering scams that exploit leaked data.' Adding to the expert views, Peter Mackenzie, Director of Incident Response and Readiness at Sophos, said, 'While you'd be right to be startled at the huge volume of data exposed in this leak, it's important to note there is no new threat here — this data will most likely already have been in circulation. These datasets are amalgamated from multiple breaches. What this tells us is the sheer depth of information now available to cybercriminals. It's a powerful reminder to everyone to take proactive steps — update passwords, use a password manager, and implement multifactor authentication. If concerned, check your email at to see if your data has been compromised.'
Forbes
08-06-2025
- Forbes
New Apple Passwords Attack Confirmed — What You Need To Know
New macOS password attack hits Apples users. Although it is far more commonplace to read about password attacks against users of the Windows operating system, or targeting services such as Gmail, the truth of the matter is that nobody is safe from the credential-theft threat as this newly confirmed Apple password-stealing attack illustrates. Here's what you need to know about the AMOS campaign targeting macOS users. The latest adversary intelligence report from Koushik Pal, a threat researcher at CloudSEK, has warned users that a newly identified Atomic macOS stealer campaign utilizing a previously unknown variant has been observed targeting the Apple operating system. Although this latest and ongoing threat leverages well-known existing tactics and techniques, such as the Clickfix fake CAPTCHA screen and multi-platform social engineering, the danger it poses to macOS users remains high nonetheless. Better known as AMOS, this latest variant of the Atomic macOS Stealer has been observed using Clickfix attack sites that impersonate a U.S. support services company within the cable TV, internet provision, mobile phone, and managed services sectors. The brand impersonation in this case is made possible by way of typo-squatting domains that appear similar to the genuine article. 'The macOS users are served a malicious shell script designed to steal system passwords and download an AMOS variant for further exploitation,' Pal warned. This script then uses native macOS commands to 'harvest credentials, bypass security mechanisms, and execute malicious binaries.' This is, to be fair, as significant a threat to your Apple passwords as you are going to get. Targeting both consumer and corporate users, and highlighting a trend in such multi-platform social engineering attacks, Pal said that source code comments suggested that Russian-speaking cybercriminals are behind the new AMOS threat campaign. The AMOS malware utilises legitimate utilities to circumvent endpoint security controls and extract macOS user passwords, which can then be used for lateral movement or sold to initial access brokers for use in other cybercriminal campaigns, including ransomware attacks. Users should be educated about the tactics used by such Apple passwords-stealing campaigns, Pal recommended by way of mitigation, 'especially those disguised as system verification prompts.'
