Scam warning from top cybersecurity CTO over ransomware criminal tactics | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

Criminals are opting for the personal approach as they use the guise of executives’ children to gain big payouts in ransomware attacks.

This newest tactic is the latest in extortion attempts, but this time they’re making you believe your child needs you.

At the RSA conference held this week in San Francisco, Charles Carmakal who is the CTO of Google-owned cybersecurity firm Mandiant explained how this is happening.

“We saw situations where threat actors essentially SIM swap the phones of children of executives, and start making phone calls to executives, from the phone numbers of their children.”

“Think about the psychological dilemma that the executive goes through – seeking a phone call from the children, picking up the phone and hearing that it’s somebody else’s voice? Sometimes, it’s caller ID spoofing. Other times, we see demonstrated SIM swapping family members.”

This then makes the decision around paying the extortion demand a whole lot harder as the concern for family members becomes a whole lot more prominent.

United States has seen numerous ransomware attacks

This newest variant and extortion technique is just one of many that is hitting the States, with critical services even being affected.

On February 22, the IT provider Change Healthcare had to shut down some of its systems after a cyberattack. This then disrupted prescription orders and other pharmacy services across the U.S.

On another occasion, in November 2023, a cyberattack resulted in ambulances being diverted in East Texas, New Jersey, New Mexico, and Oklahoma. This resulted in some emergency room patients having to be taken to other hospitals in the area until the systems were able to go back online.

Cancer patients were victims of another ransomware attack in January 2024 as intruders broke into the Fred Hutchinson Cancer Center’s IT network in Seattle. This meant medical records, Social Security numbers, diagnoses, and lab results were all stolen.

Another health network in Oklahoma, Integris Health, saw the same scare when criminals were able to access personal data records.

Featured Image: Via Ideogram


Click Here For The Original Source.


National Cyber Security