Press ESC to close

From $22M in Ransom to +100M Stolen Records: 2025's All-Star SaaS Threat Actors to Watch

Category Details
Threat Actors ShinyHunters, ALPHV (BlackCat), RansomHub, LockBit, Midnight Blizzard (APT29), Hellcat, Scattered Spider.
Campaign Overview Surge in SaaS-targeted cyberattacks in 2024, with password attacks, phishing attempts, and ransomware schemes.
Target Regions (Or Victims) Global organizations across sectors such as healthcare (Change Healthcare), finance (Prudential), telecom (Frontier), remote access (TeamViewer), and fintech (Evolve Bank & Trust).
Methodology Exploitation of misconfigurations, weak authentication, API manipulations, credential theft, and ransomware.
Product Targeted SaaS applications, TeamViewer, financial and telecom systems, and various healthcare databases.
Malware Reference Ransomware-as-a-Service (RaaS), particularly from ALPHV, LockBit, and RansomHub.
Tools Used Phishing, credential theft, RaaS platforms, API manipulations, identity threat detection tools.
Vulnerabilities Exploited Misconfigurations, weak authentication practices (lack of MFA), stolen credentials, Shadow IT.
TTPs Credential theft, exploitation of misconfigurations, supply chain attacks, phishing, ransomware extortion.
Attribution Ransomware groups (ALPHV, LockBit, RansomHub), cybercriminals, state-sponsored group (Midnight Blizzard).
Recommendations Enforce MFA, conduct regular audits, implement identity monitoring, track credential leaks, use RaaS defenses, continuous monitoring of third-party vendors.
Source The Hackers News

Read full article: https://thehackernews.com/2025/01/from-22m-in-ransom-to-100m-stolen.html

The above summary has been generated by an AI language model

Stay Updated with Our Newsletter

  

Source: TheHackersNews

Published on: January 7, 2025

Leave a Reply

Your email address will not be published. Required fields are marked *