Thursday, August 8, 2024

Cybersecurity threat grows, NCC issues six alerts

NCC Group: Ransomware attacks jump 73% in February

While NCC Group expected an increase in ransomware attacks from January to February, year-over-year data showed just how persistent the threat is to enterprises.

Arielle Waldman, News Writer
Published: 21 Mar 2024

NCC Group anticipates 2024 ransomware activity will surpass last year's staggering levels based on record-setting numbers for January and February.

The IT services and consulting firm published its "Monthly Threat Pulse Review" for February on Wednesday, which detailed ransomware trends and the most active threat actors. NCC Group tracks ransomware groups through public data leak sites that are used to pressure victim organizations to pay. The first two months of 2024 saw alarming ransomware trends that NCC Group expects will likely continue throughout the year.

In January, NCC Group researchers determined the number of ransomware attacks increased by 73% compared to 2023, and February data followed the same pattern.

"Observed ransomware attacks have, as is to be expected, increased significantly from January 2024 to February 2024 from 285 to 416 cases, marking a 46% increase month on month which is once again the highest figure that we have witnessed in February (73% higher than February 2023)," NCC Group wrote in the report. "If 2024 is to follow the same pattern as 2023, we can expect a further increase going into March as we start to reach the baseline for 2024's ransomware activity, which will likely consistently surpass that of 2023 based on previous trends."

NCC Group added that "February was quite the standout month for ransomware" based on attack volume and a shift in threat actors activity level. While the LockBit 3.0 ransomware group maintained its top spot as NCC Group's most active actor for the seventh consecutive month, activity spiked for two newer groups.

Hunters International emerged onto the threat landscape in 2023, but affiliates used Hive ransomware code during attacks. In January, the Department of Justice announced the FBI disrupted Hive infrastructure and obtained decryption keys to help victim organizations recover. Since emerging in 2022, ransomware as a service (RaaS) group Qilin warranted a warning from cybersecurity vendor Group-IB, as operators targeted organizations in critical sectors.

Breaking down the numbers, NCC Group discovered that LockBit claimed responsibility for 110 attacks in February compared to 64 attacks in January. Though Hunters trailed right behind LockBit in the top 10 list, only 33 attacks were connected to the gang. NCC Group noted that Hunters made the top ten threat actor list previously, but February was the first time it made it to the top three.

NCC Group tracks global ransomware attacks by month.

NCC Group

NCC Group observed a significant spike in ransomware activity year over year for February.

Qilin tied with the infamous BlackCat/Alphv ransomware gang, which claimed responsibility for last month's disruptive attack against UnitedHealth's Change Healthcare, for the third most active threat actor in February with 30 attacks.

"Though BlackCat is accustomed to being included in the most active monthly threat groups, Qilin, like Hunters is relatively new to these levels of activity," the report read.

Josh Callicott-Oelmann, threat intelligence analyst at NCC Group, told TechTarget Editorial the firm first observed Hunters activity in November. However, NCC Group only recorded three attacks compared to 33 in February. He attributed Hunter's rise in activity to operators evolving and improving capabilities.

Callicott-Oelmann also addressed Hunter's connection to Hive.

"Although there has been speculation about the group being an offshoot of Hive, Hunters confirmed that they are an independent group that have acquired Hive's source code and infrastructure. Additionally, what is known is they tend to keep their targeting simple, following the common targeting of the industrials sector," Callicott-Oelmann told TechTarget Editorial.

LockBit down?

Last month's significant increase in ransomware activity occurred despite a joint international law enforcement effort to disrupt the most active group. On Feb. 20, the U.K.'s National Crime Agency announced it seized LockBit's infrastructure as part of a broader international law enforcement effort dubbed Operation Cronos. The takedown proved temporary when LockBit restored its servers within days.

Subsequently, LockBit deployed attacks against vulnerable ConnectWise customers by exploiting a critical ScreenConnect vulnerability that was disclosed in February. Reports, including one by cyber insurer Coalition, cited substantial differences between how the group operated before and after the FBI takedown, even though it was short lived. The change in tactics aligns with NCC Group's observations as well.

"However, once tarred with the brush of law enforcement intervention, it is hard for a cyber threat group to operate as before as they are, naturally, treated with suspicion by other players in the game," the report read.

The report emphasized that since LockBit is such a big player, any action around the group will influence the landscape. Moving forward, NCC Group said it's possible that LockBit affiliates might switch to other RaaS gangs to distance themselves in anticipation of law enforcement's next move against the group.

For example, when the Conti ransomware group disbanded in 2022, cybersecurity vendors confirmed that operators rebranded as other gangs, such as the Black Basta ransomware group.

Callicott-Oelmann confirmed LockBit has resumed operations after Operation Cronos with new infrastructure, encryptors and websites.

"They also managed to maintain access to their victims' stolen data and even included the FBI on their data leak site, according to our data. Since their resurgence, we have seen ransomware attacks continue from the group, with 20 observed so far in March," Callicott-Olemann said.

Arielle Waldman is a news writer for TechTarget Editorial covering enterprise security

Source https://www.techtarget.com/searchsecurity/news/366574878/NCC-Group-Ransomware-attacks-jump-73-in-February

on No comments:
Labels: ,

Wednesday, June 19, 2024

HP PCs - Creating a Wireless Home Network (Windows 10, 8)

 

HP PCs - Creating a Wireless Home Network (Windows 10, 8)

Set up a local network and file sharing

Access shared files and directories on a local network

This document is for HP and Compaq computers with Windows 10 and Windows 8.

Windows allows you to connect multiple computers in a home network. This is a convenient way to share files in the home. This document provides instructions for setting up and sharing folders and files on a wireless home network.

Set up a local network and file sharing

Set up a home network using wireless hardware.

NOTE: 

To perform some of the steps in this document you must be logged into Windows using the main administrative account. Normally this is the first account that was created when the computer was first turned on.

Step 1: Before you begin

Before you start setting up a local network, make sure you have the following hardware:

·         Wireless network interface card (NIC) or an on-the-motherboard wireless network port for each computer.

·         Confirm the computer has a wireless network antenna. The antenna might be a part of internal networking hardware, or the antenna might be external and should be connected to the back of the computer.

·         Wireless router or access point. If you need a network hub, consult with a network specialist at your local computer store to determine a hub that meets your needs.

Follow these steps before you continue with setting up and connecting your network hardware:

·         Disconnect from the Internet. If you have a DSL or cable modem, disconnect it.

·         Disable any firewall software. Firewall software might interfere with network setup. You can enable the firewall after network setup is complete.

Step 2: Set up and connect the network hardware for a local network

Set up and turn on the power for the wireless network router or other networking device. Follow the instructions provided by the manufacturer to connect a broadband cable or DSL modem to the router and set up security for the wireless network.

NOTE: 

In some cases, the modem and router are combined into one device, and might be referred to as a wireless access point.

Configure the wireless router

The router is the communication center of your home network. To configure the wireless router for your local network, connect the router to the modem (if the router and modem are separate), and temporarily connect a network cable from the computer to the wireless router. Follow the specific installation instructions that came with your router. The router and the computer must use the same communication protocols (802.11a, 802.11b, 802.11g, or 802.11n).

1.     Connect a network cable from a network port on the computer to one on the wireless router.

2.     Turn the computer on and wait for Windows to open and connect to the router.

3.     Open a web browser and type the router IP address to connect to the router. See the following table for common router IP addresses, user names, and passwords.

NOTE: 

The information listed in the table is commonly used by popular router manufacturers. If the information is not correct for your router, check with the manufacturer.

Common Router Settings

Router Brand Name

Router IP Address

User Name

Password

3Com

http://192.168.1.1

admin

D-Link

http://192.168.0.1

admin

Linksys

http://192.168.1.1

admin

Netgear

http://192.168.0.1

admin

password

4.     If prompted, enter the default router user name and password.

5.     Follow the prompts to configure the router security settings.

·         Name for the router (SSID): This might be the name of your network. Type in a new name. Do not use the default name.

·         Type of security: For example, WPA, WPA2, or WEP. You should set up wireless security when you configure the router.

·         Password or passphrase: Never use blank password. For better security, use a password or passphrase that is more than 8 characters and contains letters and numbers.

·         Administrator name and password: This is the name of a user account that is allowed to change the router settings. If you want to leave the default user name (admin), be sure to change the password.

Test the network connection while the network cable is still connected, disconnect the network cable, and then continue to the next step to run the wireless network setup wizard.

Step 3: Run the Windows wireless network setup wizard to add devices to the network

Use the Windows network setup wizard to add computers and devices to the network.

1.     In Windows, right-click the network connection icon in the system tray.

2.     Click Open Network and Internet Settings.

3.     In the network status page, scroll down and click Network and Sharing Center.

4.     Click Set up a new connection or network.

5.     Click Set up a new network.

6.     Click Next, and then follow the on-screen instructions to set up a wireless network. When the network setup is complete, continue to the next step to connect to the network.

Step 4: Connect to a local network

Connect to the local network.

NOTE: 

On notebook computers, make sure the wireless device is enabled. For most notebook computers, there is an LED light or a light on a keyboard key with this symbol https://support.hp.com/wcc-assets/document/images/115/c02228162.jpg that glows blue when the wireless device is turned on and enabled, and glows orange when off or disabled. Some notebook computer models might use a different color scheme.

1.     In Windows, click the network connection icon in the system tray.

2.     In the network list, select the wireless network you want to connect to, and then click Connect.

3.     Enter the network pass phrase (or security key) for the selected wireless network, and then click Next.

The computer connects to the network.

4.     Click OK.

Repeat these steps for each computer in the network.

Step 5: Share drives, folders, and files on a local network

You must turn on network discovery to access the computers on the network. You can also set files and printers to be shared and customize sharing options for specific files or folders.

Turn on network discovery and file and printer sharing on a local network

Follow these steps to open advanced sharing settings and turn on network discovery and file and printer sharing.

1.     In Windows, right-click the Network connection icon in the system tray.

2.     Click Open Network and Internet Settings.

3.     On the network status page, scroll down and click Network and Sharing Center

                 

4.     In the left pane, click Change advanced sharing settings.

5.     Select both Turn on network discovery and Turn on file and printer sharing in the sharing profile you want to change.

NOTE: 

There are sharing settings for your Private profile, Guest or Public profile, and All networks.

6.     Click Save changes.

Set sharing options and permissions for specific files or folders on a local network

Set sharing options of files and non-public folders from the computer whose content you want to share. To share non-public folders, do the following:

NOTE: 

Microsoft retired the Homegroup feature in Windows 10 April 2018 Update.

1.     In Windows, search for and open File Explorer.

2.     Browse to the folder you want to share.

3.     Right-click the folder, select Give access to, and then click Remove access (to remove sharing options) or Specific people (to add new sharing permissions).

NOTE: 

Homegroup might display in the menu, however the Homegroup options are no longer available. For more information, see HomeGroup Removed from Windows 10 (Version 1803) (in English) from Microsoft support.

4.     If you choose Specific people, the File Sharing window displays.

5.     Click the down arrow and select the user you want to share with. If the user is not listed, type the user name or email address, and then click Add.

6.     Click the down arrow under Permission Level to set the permission level for each user or group.

7.     Click Share.

Step 6: Test the local network

Open the Windows network window and browse shared folders on each computer or device on the network to make sure sharing is set up correctly.

1.     In the Windows search box, search for and open View network computers and devices.

The Network window opens and displays computers and devices detected on the network.

2.     Double-click the name of the computer or device you want to access. If prompted, enter the user name and password to connect to the computer or device.

·         If the computer can read and access files from a remote computer, the remote computer or device is set up correctly. Browse to every available computer or device from each computer on the network. If there are any issues, repeat these steps and confirm that the settings are correct.

·         If you are not sure how to browse shared folders or are experiencing difficulties, go to the section Accessing shared files and directories.

When all computers can read and access files from the other computers on the network, continue to the next step to enable Internet access on the local network.

Step 7: Enable Internet access and firewall on a local network

After you confirm that your home network is capable of transferring files, connect and enable Internet connections for computers with Internet access.

   CAUTION: 

Make sure each computer with Internet access is well protected from security threats. At the minimum, each computer should have its Internet connection protected with a firewall and Windows should be updated with the latest critical updates from Microsoft Windows Update. If malicious activity comes though one computer, the activity can quickly spread through the entire network.

Access shared files and directories on a local network

Access shared folders and files from computers or devices on the network.

1.     Make sure that network discovery and file sharing is turned on.

2.     In the Windows search box, search for and open View network computers and devices.

The Network window opens and displays computers and devices detected on the network.

3.     Double-click the name of the computer or device you want to access. If prompted, enter the username and password to access that computer.

4.     Navigate to the folder or file you want to access.

 

on No comments:
Subscribe to: Posts (Atom)