Tag: Black Basta
-
The Identity Epidemic: eSentire Reports a 389% Surge in Account Takeovers
To infiltrate a corporate network, adversaries are increasingly eschewing the search for server vulnerabilities or the deployment of intricate exploits. It has proven far more lucrative to adopt a simpler, more clandestine approach: usurping an individual’s digital credentials to merely walk through the front door. According to the eSentire TRU report, digital identity emerged as…
-
Black Basta Strikes 500+ Organizations, Critical Infrastructure Hit Hard
According to a joint report by the FBI and CISA, affiliates of the Black Basta group attacked over 500 organizations from April 2022 to May 2024. The group also encrypted and stole data from at least 12 out of 16 critical infrastructure sectors. Black Basta, which began operating under the Ransomware-as-a-Service (RaaS) model in April…
-
Black Basta & Bl00dy Exploit ScreenConnect Flaw
Cybercriminal groups Black Basta and Bl00dy have joined the mass attacks on vulnerable ScreenConnect servers, targeting all users who have not yet updated their systems. A fix for the critical authentication bypass vulnerability (CVE-2024-1709) is already available. This bug allows attackers to create administrative accounts on open servers, delete all other users, and gain full…
-
Black Basta Cyber Gang Targets UK’s Southern Water, Leaks Sensitive Data
The prominent British firm Southern Water, responsible for water supply and sewage treatment across southern England, including Hampshire, the Isle of Wight, West and East Sussex, as well as parts of Kent, was subjected to a cyberattack. On January 24, 2024, the hacker group Black Basta announced on its website the breach of Southern Water’s…
-
Black Basta: A Cybercriminal Group Raking in $100 Million
Since its emergence in April 2022, the cybercriminal group Black Basta has extorted no less than $100 million in ransoms from its victims, as evidenced by joint research conducted by Corvus Insurance and the analytics firm Elliptic. The hackers orchestrated attacks on over 330 companies worldwide, employing a double extortion scheme. Initially, malicious software, developed…