NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 17 April 2025

    Cyber Security News
    1
    1
    467
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Energy Sector

      • Cyber Threats Against Energy Sector Surge As Global Tensions Mount
        "Cyberattacks targeting the energy sector are increasing, driven by a host of geopolitical and technological factors. A report published by Sophos in July 2024, and which surveyed 275 cybersecurity and IT leaders from the energy, oil/gas, and utilities sector across 14 countries, found 67% of respondents who said their organizations had suffered a ransomware attack in the last year. While Sophos’ figure remained steady year-over-year, a January 2025 report authored by TrustWave said that ransomware attacks targeting the energy and utilities sectors increased by 80% in 2024 compared to the previous year. Most of these breaches have only managed to compromise IT environments, as opposed to more critical operational technology (OT) networks, but the threat to the latter is rapidly intensifying."
        https://www.resecurity.com/blog/article/cyber-threats-against-energy-sector-surge-global-tensions-mount
        https://securityaffairs.com/176591/hacking/cyber-threats-against-energy-sector-surge-as-global-tensions-mount.html

      Vulnerabilities

      • Over 16,000 Fortinet Devices Compromised With Symlink Backdoor
        "Over 16,000 internet-exposed Fortinet devices have been detected as compromised with a new symlink backdoor that allows read-only access to sensitive files on previously compromised devices. This exposure is being reported by threat monitoring platform The Shadowserver Foundation, which initially reported 14,000 devices were exposed. Today, Shadowserver's Piotr Kijewski told BleepingComputer that the cybersecurity organization now detects 16,620 devices impacted by the recently revealed persistence mechanism."
        https://www.bleepingcomputer.com/news/security/over-16-000-fortinet-devices-compromised-with-symlink-backdoor/
      • Chrome 135, Firefox 137 Updates Patch Severe Vulnerabilities
        "Google and Mozilla on Tuesday announced security updates for Chrome 135 and Firefox 137 that address potentially exploitable critical- and high-severity vulnerabilities. Chrome versions 135.0.7049.95/.96 for Windows and macOS and version 135.0.7049.95 for Linux were rolled out with fixes for two memory safety vulnerabilities reported by external researchers."
        https://www.securityweek.com/chrome-135-firefox-137-updates-patch-severe-vulnerabilities/
      • Oracle Patches 180 Vulnerabilities With April 2025 CPU
        "On April 15, Oracle announced the release of 378 new security patches as part of its second Critical Patch Update (CPU) of 2025, including 255 fixes for vulnerabilities that are remotely exploitable without authentication. SecurityWeek has identified roughly 180 unique CVEs in Oracle’s April 2025 CPU and counted approximately 40 security patches that resolve critical-severity flaws. Oracle Communications received the largest number of security fixes, at 103, including 82 patches for bugs that can be exploited by remote, unauthenticated attackers."
        https://www.securityweek.com/oracle-patches-180-vulnerabilities-with-april-2025-cpu/
      • Cisco Webex App Client-Side Remote Code Execution Vulnerability
        "A vulnerability in the custom URL parser of Cisco Webex App could allow an unauthenticated, remote attacker to persuade a user to download arbitrary files, which could allow the attacker to execute arbitrary commands on the host of the targeted user. This vulnerability is due to insufficient input validation when Cisco Webex App processes a meeting invite link. An attacker could exploit this vulnerability by persuading a user to click a crafted meeting invite link and download arbitrary files. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the targeted user."
        https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-app-client-rce-ufyMMYLC
      • CISA Adds One Known Exploited Vulnerability To Catalog
        "CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
        CVE-2021-20035 SonicWall SMA100 Appliances OS Command Injection Vulnerability"
        https://www.cisa.gov/news-events/alerts/2025/04/16/cisa-adds-one-known-exploited-vulnerability-catalog
      • Apple Fixes Two Zero-Days Exploited In Targeted iPhone Attacks
        "Apple released emergency security updates to patch two zero-day vulnerabilities that were used in an "extremely sophisticated attack" against specific targets' iPhones. The two vulnerabilities are in CoreAudio (CVE-2025-31200) and RPAC (CVE-2025-31201), with both bugs impacting iOS, macOS, tvOS, iPadOS, and visionOS. "Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS," reads an Apple security bulletin released today."
        https://www.bleepingcomputer.com/news/security/apple-fixes-two-zero-days-exploited-in-targeted-iphone-attacks/
        https://support.apple.com/en-us/122282
        https://www.securityweek.com/apple-pushes-ios-macos-patches-to-quash-two-zero-days/
      • Eclipse And STMicroelectronics Vulnerabilities
        "Cisco Talos’ Vulnerability Discovery & Research team recently disclosed three vulnerabilities found in Eclipse ThreadX and four vulnerabilities in STMicroelectronics. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy."
        https://blog.talosintelligence.com/eclipse-and-stmicroelectronics-vulnerabilities/
      • CVE-2025-24054, NTLM Exploit In The Wild
        "NTLM (New Technology LAN Manager) is a suite of authentication protocols developed by Microsoft to verify user identities and protect the integrity and confidentiality of network communications. NTLM operates through a direct client-server exchange known as the NTLM challenge/response mechanism, in which the server challenges the client to prove its identity without sending the user’s actual password over the network."
        https://research.checkpoint.com/2025/cve-2025-24054-ntlm-exploit-in-the-wild/
        https://www.darkreading.com/cyberattacks-data-breaches/multiple-group-exploiting-ntlm-flaw
      • Task Scheduler– New Vulnerabilities For Schtasks.exe
        "The schtasks.exe binary is a core component of the Task Scheduler Service in Windows, enabling users to schedule and manage tasks automatically. As part of the Windows Task Scheduler framework, schtasks.exe provides both system administrators and regular users with the ability to streamline operations by automating tasks, from simple programs to complex system maintenance processes."
        https://cymulate.com/blog/task-scheduler-new-vulnerabilities-for-schtasks-exe/
        https://thehackernews.com/2025/04/experts-uncover-four-new-privilege.html

      Malware

      • CrazyHunter Campaign Targets Taiwanese Critical Sectors
        "CrazyHunter has quickly emerged as a serious ransomware threat. The group made their introduction in the past month with the opening of their data leak site where they posted ten victims – all located from Taiwan. We have followed some of their operations through internal monitoring since the start of January and have witnessed a clear pattern of specifically targeting organizations in Taiwan. The victims of the group consists mainly of hospitals and medical centers, educational institutions and universities, manufacturing companies, and industrial organizations, which reflects a targeted focus on organizations with valuable data and sensitive operations."
        https://www.trendmicro.com/en_us/research/25/d/crazyhunter-campaign.html
        https://www.darkreading.com/threat-intelligence/ransomware-gang-crazyhunter-critical-taiwanese-orgs
      • “I Sent You An Email From Your Email Account,” Sextortion Scam Claims
        "In a new version of the old “Hello pervert” emails, scammers are relying on classic email spoofing techniques to try and convince victims that they have lost control of their email account and computer systems. Email spoofing basically comes down to sending emails with a false sender address, a method in use in various ways by scammers. Obviously, pretending to be someone else can have its advantages, especially if that someone else holds a position of power or trust with regards to the receiver."
        https://www.malwarebytes.com/blog/news/2025/04/i-sent-you-an-email-from-your-email-account-sextortion-scam-claims
      • Latest Mustang Panda Arsenal: ToneShell And StarProxy | P1
        "The Zscaler ThreatLabz team discovered new activity associated with Mustang Panda, originating from two machines from a targeted organization in Myanmar. This research led to the discovery of new ToneShell variants and several previously undocumented tools. Mustang Panda, a China-sponsored espionage group, traditionally targets government-related entities, military entities, minority groups, and non-governmental organizations (NGOs) primarily in countries located in East Asia, but they have also been known to target entities in Europe."
        https://www.zscaler.com/blogs/security-research/latest-mustang-panda-arsenal-toneshell-and-starproxy-p1
        https://www.zscaler.com/blogs/security-research/latest-mustang-panda-arsenal-paklog-corklog-and-splatcloak-p2
      • Threat Actors Misuse Node.js To Deliver Malware And Other Malicious Payloads
        "Since October 2024, Microsoft Defender Experts (DEX) has observed and helped multiple customers address campaigns leveraging Node.js to deliver malware and other payloads that ultimately lead to information theft and data exfiltration. While traditional scripting languages like Python, PHP, and AutoIT remain widely used in threats, threat actors are now leveraging compiled JavaScript—or even running the scripts directly in the command line using Node.js—to facilitate malicious activity. This shift in threat actor techniques, tactics, and procedures (TTPs) might indicate that while Node.js-related malware aren’t as prevalent, they’re quickly becoming a part of the continuously evolving threat landscape."
        https://www.microsoft.com/en-us/security/blog/2025/04/15/threat-actors-misuse-node-js-to-deliver-malware-and-other-malicious-payloads/
        https://www.securityweek.com/microsoft-warns-of-node-js-abuse-for-malware-delivery/
      • Multi-Stage Phishing Attack Exploits Gamma, An AI-Powered Presentation Tool
        "AI-powered content generation platforms are reshaping how we work—and how threat actors launch attacks. In this newly uncovered campaign, attackers weaponize Gamma, a relatively new AI-based presentation tool, to deliver a link to a fraudulent Microsoft SharePoint login portal. Capitalizing on the fact that employees may not be as familiar with the platform (and thus not aware of its potential for exploitation), threat actors create a phishing flow so polished it feels legitimate at every step."
        https://abnormal.ai/blog/multi-stage-phishing-attack-gamma-presentation
        https://thehackernews.com/2025/04/ai-powered-gamma-used-to-host-microsoft.html
      • Malicious PyPI Package Hijacks MEXC Orders, Steals Crypto Tokens
        "The JFrog Security Research team regularly monitors open source software repositories using advanced automated tools, in order to detect malicious packages. In cases of potential supply chain security threats, our research team reports any malicious packages that were discovered to the repository’s maintainers in order to have them removed. This blog provides an analysis of the ccxt-mexc-futures malicious package which aims to leak crypto currency trading credentials."
        https://jfrog.com/blog/malicious-pypi-package-hijacks-mexc-orders-steals-crypto-tokens/
        https://thehackernews.com/2025/04/malicious-pypi-package-targets-mexc.html
      • A Long Shadow: The Expansion And Export Of China’s Digital Repression Model In Tibet
        "Recent procurement documents reveal that Meiya Pico, a Chinese state-owned digital forensics firm, will provide an offensive cyber operations training environment and digital forensic laboratory to the Tibet Police College in Lhasa. This development underscores the Chinese government's strategic investment in advanced Public Security Bureau (PSB) training infrastructure in Tibet and highlights Meiya Pico's integral role in meeting these specialized requirements."
        https://turquoiseroof.org/a-long-shadow-the-expansion-and-export-of-chinas-digital-repression-model-in-tibet/
        https://therecord.media/chinese-firm-tied-to-uyghur-abuses-training-police-hacking-tibet
      • JUICYJAM: How Thai Authorities Use Online Doxxing To Suppress Dissent
        "A sustained, coordinated social media harassment and doxxing campaign – which we codenamed JUICYJAM – targeting the pro-democracy movement in Thailand has run uninterrupted, and unchallenged, since at least August 2020. We define doxxing as the search for and the publication of an individual’s personal data on the Internet with malicious intent, in this instance, to suppress and harass the Thai pro-democracy movement. The operation utilized an inauthentic persona over multiple social media platforms (primarily X and Facebook) to target pro-democracy protesters by doxxing individuals, continuously harassing them, and instructing followers to report them to the police."
        https://citizenlab.ca/2025/04/how-thai-authorities-use-online-doxxing-to-suppress-dissent/
        https://therecord.media/researchers-uncover-social-media-harassment-campaign-thai-activists
      • Cascading Shadows: An Attack Chain Approach To Avoid Detection And Complicate Analysis
        "In December 2024, we uncovered an attack chain that employs distinct, multi-layered stages to deliver malware like Agent Tesla variants, Remcos RAT or XLoader. Attackers increasingly rely on such complex delivery mechanisms to evade detection, bypass traditional sandboxes, and ensure successful payload delivery and execution. The phishing campaign we analyzed used deceptive emails posing as an order release request to deliver a malicious attachment. This multi-layered attack chain leverages multiple execution paths to evade detection and complicate analysis. Figure 1 below illustrates the attack chain used by this campaign."
        https://unit42.paloaltonetworks.com/phishing-campaign-with-complex-attack-chain/
      • Waiting Thread Hijacking: A Stealthier Version Of Thread Execution Hijacking
        "In our previous blog on process injections we explained the foundations of this topic and basic ideas behind detection and prevention. We also proposed a new technique dubbed Thread Name-Calling – abusing the Thread Name API that was originally intended to assign names to running threads. The technique allowed writing to a process using a handle without write access. Remote execution was achieved through the new API for Asynchronous Procedure Calls (APC), requesting a Special User APC. With the help of those building blocks, we were able to inject a payload and run it without being noticed by most tested EDRs (Endpoint Detection & Response systems). While remote write was implemented using an unexpected API, execution wasn’t completely novel since it was a variant of APC injection."
        https://research.checkpoint.com/2025/waiting-thread-hijacking/

      Breaches/Hacks/Leaks

      • BidenCash Market Dumps 1 Million Stolen Credit Cards On Russian Forum
        "BidenCash, a dark web carding marketplace known for its aggressive tactics, has leaked a fresh batch of 910,380 stolen credit card records on the Russian-language cybercrime forum XSS. The leak, published on April 14 at 6:37 PM (UTC), includes card numbers, CVV codes, and expiration dates but lacks names or other personally identifying information. Despite the limited data set, the dump poses a clear risk for online fraud, particularly in card-not-present transactions."l
        https://hackread.com/bidencash-market-leak-credit-cards-russian-forum/

      General News

      • CISA Releases Guidance On Credential Risks Associated With Potential Legacy Oracle Cloud Compromise
        "CISA is aware of public reporting regarding potential unauthorized access to a legacy Oracle cloud environment. While the scope and impact remains unconfirmed, the nature of the reported activity presents potential risk to organizations and individuals, particularly where credential material may be exposed, reused across separate, unaffiliated systems, or embedded (i.e., hardcoded into scripts, applications, infrastructure templates, or automation tools). When credential material is embedded, it is difficult to discover and can enable long-term unauthorized access if exposed."
        https://www.cisa.gov/news-events/alerts/2025/04/16/cisa-releases-guidance-credential-risks-associated-potential-legacy-oracle-cloud-compromise
        https://therecord.media/cisa-warns-of-potential-data-breaches-tied-to-oracle-issue
      • CISA Extends Funding To Ensure 'no Lapse In Critical CVE Services'
        "CISA says the U.S. government has extended MITRE's funding to ensure no continuity issues with the critical Common Vulnerabilities and Exposures (CVE) program. "The CVE Program is invaluable to cyber community and a priority of CISA," the U.S. cybersecurity agency told BleepingComputer. "Last night, CISA executed the option period on the contract to ensure there will be no lapse in critical CVE services. We appreciate our partners' and stakeholders' patience." BleepingComputer has learned that the extension of the contract is for 11 months."
        https://www.bleepingcomputer.com/news/security/cisa-extends-funding-to-ensure-no-lapse-in-critical-cve-services/
        https://therecord.media/cisa-extends-cve-program-contract-with-mitre
        https://www.securityweek.com/mitre-cve-program-gets-last-hour-funding-reprieve/
        https://cyberscoop.com/cisa-reverses-course-extends-mitre-cve-contract/
        https://hackread.com/cve-program-online-cisa-temporary-mitre-extension/
        https://securityaffairs.com/176608/security/cisas-11-month-extension-ensures-continuity-of-mitres-cve-program.html
        https://www.theregister.com/2025/04/16/cve_program_funding_save/
      • APT Rogues’ Gallery: The World’s Most Dangerous Cyber Adversaries
        "Advanced Persistent Threat (APT) groups are not a new scourge. These sophisticated, state-sponsored cyber adversaries, with deep pockets and highly advanced technical skills, conduct prolonged and targeted attacks to infiltrate networks, exfiltrate sensitive data, and disrupt critical infrastructure. The stakes have never been higher, so in this blog, we’ll look at some of the most notorious APT actors, their unique Tactics, Techniques, and Procedures (TTPs), and attacks attributed to them, and offer a few tips on how to defend against them."
        https://www.tripwire.com/state-of-security/apt-rogues-gallery-worlds-most-dangerous-cyber-adversaries
      • Q1 2025 Global Cyber Attack Report From Check Point Software: An Almost 50% Surge In Cyber Threats Worldwide, With a Rise Of 126% In Ransomware Attacks
        "The first quarter of 2025 saw cyber attacks around the global up sharply, with businesses experiencing more frequent – and more sophisticated – attacks. The average number of cyber attacks per organization reached 1,925 per week, marking a 47% rise compared to the same period in 2024. As cyber criminals adapt and evolve their tactics, sectors such as education, government, and telecommunications found themselves most frequently in the cross hairs of these attacks. The following are the most important attack trends Check Point Research has documented for the first three months of 2025."
        https://blog.checkpoint.com/research/q1-2025-global-cyber-attack-report-from-check-point-software-an-almost-50-surge-in-cyber-threats-worldwide-with-a-rise-of-126-in-ransomware-attacks/
      • Your Apps Are Leaking: The Hidden Data Risks On Your Phone
        "Personally identifiable information (PII), financial data, medical information, account credentials, intellectual property - What all these types of sensitive data have in common is that you need tight control over who can access them, regardless of whether they belong to you or your organization. And sure, you might be following the best practices, but what about the apps that you or your employees use? With the ever-growing dependence upon mobile devices in everyday business and personal activities, and especially with many companies opting for a BYOD policy, it is of particular importance to know how those apps might compromise your privacy and sensitive corporate data."
        https://zimperium.com/blog/your-apps-are-leaking-the-hidden-data-risks-on-your-phone
        https://www.darkreading.com/endpoint-security/cloud-cryptography-flaws-mobile-apps-expose-enterprise-data
        https://www.infosecurity-magazine.com/news/92-mobile-apps-insecure/
        https://www.securityweek.com/many-mobile-apps-fail-basic-security-posing-serious-risks-to-enterprises/
      • Active Directory Recovery Can't Be An Afterthought
        "Although it's decades old and used in legacy IT systems, Microsoft's Active Directory remains foundational to many large enterprises — and likely will be for the foreseeable future. Yet, despite Active Directory's role in determining who has access to which parts of on-premises enterprise networks, many businesses fail to adequately safeguard this vital piece of infrastructure from intruders. That leaves companies far too vulnerable to financial and reputational damage."
        https://www.darkreading.com/vulnerabilities-threats/active-directory-recovery-afterthought
      • Accounting Firms Can't Skimp On Cybersecurity
        "Early in 2024, an employee at UK engineering firm Arup joined a video call with the company's senior management. The call seemed routine — but it wasn’t. What the employee didn't realize was that the entire interaction was using deepfake technology. The faces and voices of the individuals on the call were fake, and by the time the call had ended, the criminals had $25 million. The only real part about the incident was the trust in thinking the people were who they claimed to be."
        https://www.darkreading.com/cloud-security/accounting-firms-cannot-skimp-cybersecurity
      • Typical Dark Web Fraud: Where Scammers Operate And What They Look Like
        "In the dark corners of the internet, countless individuals claim to be cybercriminals responsible for massive breaches and sensitive data leaks. These self-proclaimed threat actors often boast about hacking major corporations resulting in compromising internal resources (accesses, documents, source codes, databases, personal data and much more)—actions that inevitably attract the attention of the media, researchers, analysts and cybersecurity experts. In reality, many of these claims are completely false. A significant number of “threat actors” are not hackers at all—but scammers who never conducted an attack, provided fabricated evidence or old data, and misled the public, capitalizing on public fear and the cybersecurity community’s eagerness to uncover the next big breach."
        https://www.group-ib.com/blog/dark-web-fraud/
      • When Companies Merge, So Do Their Cyber Threats
        "For CISOs, mergers and acquisitions (M&A) bring both potential and risk. These deals can drive growth, but they also open the door to serious cybersecurity threats that may derail the transaction. Strong due diligence, smart risk planning, and a shared security mindset can help keep deals on track and protect the business."
        https://www.helpnetsecurity.com/2025/04/16/mergers-and-acquisitions-cybersecurity/
      • Strategic AI Readiness For Cybersecurity: From Hype To Reality
        "AI readiness in cybersecurity involves more than just possessing the latest tools and technologies; it is a strategic necessity. Many companies could encounter serious repercussions, such as increased volumes of advanced cyber threats, if they fail to exploit AI due to a lack of clear objectives, inadequate data readiness or misalignment with business priorities. Foundational concepts are vital for constructing a robust AI-readiness framework for cybersecurity. These concepts encompass the organization’s technology, data, security, governance and operational processes."
        https://www.helpnetsecurity.com/2025/04/16/ai-readiness-framework/
      • The Future Of Authentication: Why Passwordless Is The Way Forward
        "By now, most CISOs agree: passwords are the weakest link in the authentication chain. They’re easy to guess, hard to manage, and constantly reused. Even the most complex password policies don’t stop phishing or credential stuffing. That’s why passwordless authentication is gaining serious ground. Adopting passwordless authentication comes with challenges, including resistance to change, integration with legacy systems, and initial costs. Organizations may also have concerns about security, user experience, accessibility, compliance, and data privacy."
        https://www.helpnetsecurity.com/2025/04/16/passwordless-authentication-security/
      • Streamlining Detection Engineering In Security Operation Centers
        "Security operations centers (SOCs) exist to protect organizations from cyberthreats by detecting and responding to attacks in real time. They play a crucial role in preventing security breaches by detecting adversary activity at every stage of an attack, working to minimize damage and enabling an effective response. To accomplish this mission, SOC operations can be broken down into four operating phases:"
        https://securelist.com/streamlining-detection-engineering/116186/
      • Our 2024 Ads Safety Report Shows How We Use AI To Safeguard Consumers.
        "Our latest Ads Safety Report highlights a key trend from 2024: how AI is improving our ability to prevent fraudsters from ever showing ads to people. For years, we've deployed our most advanced technologies to safeguard our ads platforms from bad actors. In 2024, we launched over 50 enhancements to our LLMs, which enabled more efficient and precise enforcement at scale. These updates sped up complex investigations, helping us identify bad actors and fraud signals — like illegitimate payment information — during account setup. This kept billions of policy-violating ads from ever showing to a consumer, while ensuring legitimate businesses can show ads to customers faster."
        https://blog.google/products/ads-commerce/google-ads-safety-report-2024/
        https://services.google.com/fh/files/misc/ads_safety_report_2024.pdf
        https://thehackernews.com/2025/04/google-blocked-51b-harmful-ads-and.html
        https://www.bleepingcomputer.com/news/google/google-blocked-over-5-billion-ads-in-2024-amid-rise-in-ai-powered-scams/
      • From Third-Party Vendors To U.S. Tariffs: The New Cyber Risks Facing Supply Chains
        "Cyber threats targeting supply chains have become a growing concern for businesses across industries. As companies continue to expand their reliance on third-party vendors, cloud-based services, and global logistics networks, cybercriminals are exploiting vulnerabilities within these interconnected systems to launch attacks. By first infiltrating a third-party vendor with undetected security gaps, attackers can establish a foothold, leveraging these weaknesses to penetrate the primary business partners' network. From there, they move laterally through critical systems, ultimately gaining access to sensitive data, financial assets, intellectual property, or even operational controls."
        https://thehackernews.com/2025/04/from-third-party-vendors-to-us-tariffs.html
      • Guess What Happens When Ransomware Fiends Find 'insurance' 'policy' In Your Files
        "Ransomware operators jack up their ransom demands by a factor of 2.8x if they detect a victim has cyber-insurance, a study highlighted by the Netherlands government has confirmed. For his PhD thesis [PDF], defended in January, Dutch cop Tom Meurs looked at 453 ransomware attacks between 2019 and 2021. He found one of the first actions intruders take is to search for documents with the keywords "insurance" and "policy." If the crooks find evidence that the target has a relevant policy, the ransom more than doubles on average."
        https://www.theregister.com/2025/04/16/dutch_ransomware_study/

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) 21d07996-76a7-46e6-bd52-c85a097a0e63-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post