2024 isn't even over yet, but you should start getting ready for February 3, 2025.
That's when LockBitSupp, the ransomware group LockBit’s alleged leader, warned LockBit 4 will return, and a dark web posting claimed new ransomware attacks will launch.
LockBit’s activity has fluctuated monthly in 2024 following its takedown in February, Matt Hull, global head of threat intelligence at cybersecurity giant NCC Group, told Forbes in a recent article.
"However, LockBit remained the most active ransomware threat actor in May 2024, responsible for 37% of all attacks, according to NCC Group data. 'In July 2024, LockBit 3.0 was also the second most prolific threat actor,' Hull said. That burst of activity appears to have been short-lived, with the group not appearing in the top ten most active threat actors during October and November," according to the Forbes article.
It seems they're gearing up for a resurgence early next year, so be prepared.
Now, here's today's MSSP update. Drop me a line at [email protected] if you have news to share or want to say hi!
Today's MSSP Update
1. SEC cyberattack disclosures spike: Cybersecurity incident reports among public companies have increased by 60% since the Securities and Exchange Commission (SEC) adopted new cyber disclosure rules last year, with over three-quarters of disclosures submitted within eight days of incident discovery, CyberScoop reports. However, growing hesitancy and challenges in conducting the immediate intrusion assessments necessary to avoid penalties led to materiality being detailed in only a tenth of incident disclosures this year, according to a report from M&A and finance-focused law firm Paul Hastings LLP.
2. BeyondTrust remote support SaaS hit by vulnerability: U.S. privileged access management-focused cybersecurity firm BeyondTrust confirmed that some of its Remote Support software-as-a-service (SaaS) instances were compromised in a cyberattack detected December 2, according to BleepingComputer. Threat actors leveraged a Remote Support SaaS API key to conduct local app account password resets, but it's not clear whether the hacked instances had been exploited to perform downstream attacks.
3. Barracuda adds malware detection to BDR solution: Barracuda is adding Malware Detection for Barracuda Cloud-to-Cloud Backup. The new Malware Detection feature automatically scans backed-up data for any malicious files before restoration, the company said, and is free for existing Cloud-to-Cloud Backup users.
4. OneSpan names new CTO: Digital banking cybersecurity firm OneSpan this week named Ashish Jain as its new chief technology officer. Jain will lead OneSpan’s global engineering organization, partner with senior leaders to set and execute the company’s innovation vision and strategy and oversee the development and delivery of OneSpan’s security and digital agreements products and services. Jain has more than 20 years experience in leading product management, engineering, and operations teams at global organizations, including Arkose Labs, eBay and VMware. Congratulations!
5. Mirai botnet targets Juniper routers: Juniper Networks' Session Smart Routers using default passwords were targeted for attacks via the Mirai botnet malware, reports The Hacker News. Hacked SSRs then conducted distributed denial-of-service (DDoS) intrusions against other devices within their network, Juniper Networks said in an alert on Dec. 11. Organizations leveraging SSRs have been urged to implement strong passwords and firewalls while examining access logs and ensuring up-to-date software.
