| An emerging ransomware-as-a-service (RaaS) called FunkSec claimed over 80 victims in December alone, making it the most prolific threat actor that month. FunkSec uses recycled datasets from previous hacks and is likely made up of inexperienced hackers seeking recognition. The group typically demanded modest ransoms as low as $10,000 and was observed selling the stolen data to third parties at discounted prices. Victims include a travel company, an energy service provider, and a household appliance retailer, primarily targeting entities in the United States, India, Italy, Brazil, Israel, Spain, and Mongolia. |
| The development of the group’s tools, including the encryptor, was likely assisted by artificial intelligence, which may have facilitated their rapid iteration despite the author’s apparent lack of technical expertise. The group also provides DDOS tools and claims affiliations with hacktivist movements, particularly the “Free Palestine” initiative. Researchers suggest these associations may be strategic attempts to bolster FunkSec’s credibility rather than evidence of collaboration with established hacktivist organizations. |
| Recommendations |
| Implement a defense-in-depth strategy using multiple layers of security controls, including firewalls, intrusion detection systems, anti-virus software, and EDR. Creating redundancy can reduce risk and increase resiliency to cyber threats. Keep systems up to date and apply patches after appropriate testing. Enforce the principles of least privilege, use strong, unique passwords, and enable multi-factor authentication (MFA) for all accounts where available, choosing authentication apps or hardware tokens over SMS text-based codes. Ensure operational technology (OT) environments are segmented from information technology (IT) environments. Perform scheduled backups regularly, keeping an updated copy offline in a separate and secure location and testing it regularly. Conduct continuous monitoring and threat hunting. Ingest indicators of compromise (IOCs) and techniques found in the CheckPoint report into endpoint security solutions and consider leveraging behavior-based detection tools rather than signature-based tools. Report cyber incidents to the FBI’s IC3 and the NJCCIC. |