Following on from part 1 of our Royal Mail blog, our consultants take a more technical approach to the Royal Mail Ransomware attack and dive deeper into what happened.

If one topic has been on the minds of CISOs and CIOs alike over the last three years of Covid and post-Covid hybrid enterprise work environments, it’s ransomware. A distributed tech workforce — using distributed software services — proved to be no match for highly automated ransomware bots and malware executing encryption attacks. But this year, like the end of War of the Worlds, the attacking bots may suddenly fall silent.

Rubrik is on a mission to secure the world’s data. And our customers are at the very heart of that mission. Research from Rubrik Zero Labs’ State of Data Security report found 98% of global IT and cybersecurity leaders dealt with a cyberattack in the last year, exposing just how critical it is for businesses to have a solid data security strategy in place and a platform they can trust to protect against these ever-growing cyber threats.

Wow! We made it to the last post in our Malicious Packages series. While parting is such sweet sorrow, we hope blogs one, two, and three provide insights into the havoc malicious packages cause throughout your DevOps and DevSecOps pipelines. In the prior posts: Now let’s get to know attackers’ other, more discreet interests when creating a malicious package: hiding malicious code, and finally showing how malicious packages can be detected and prevented.

Post-exploitation tools are used by threat actors to move laterally inside a network and escalate their privileges in order to steal data, unleash malware, create backdoors and more. Red teams and ethical hackers also use these tools; indeed, simulating the efforts of adversaries plays a key role in implementing effective controls to secure systems, applications and files.

Read also: PayPal, Riot Games compromised, FBI links $100M Harmony hack to North Korea, and more.

The Kasya ransomware attack occurred through the exploitation of CVE 2021-30116, an authentication bypass vulnerability within Kaseya VSA servers. This allowed the hackers to circumvent authentication controls and executive commands via SQL injection, giving them all the control they needed to deploy their ransomware payload and encrypt a segment of Kaseya's internal data.

Reporting revealed declining ransomware profits in 2022, a new backdoor based on the CIA’s Hive malware is discovered, and a new wave of BackdoorDiplomacy attacks are targeting Iranian government entities.

In our new threat briefing report, Forescout’s Vedere Labs analyzes the Royal ransomware threat actor group and encryptor payload, presents threat hunt opportunities for network defenders and shares details of the group’s tactics, techniques, and procedures (TTPs).

With the release of Rubrik Security Cloud (RSC), our global customers can now consolidate management of their Rubrik estate to a single control plane. This significant improvement in management capabilities also allows customers to leverage the power of RSC’s GraphQL (GQL) APIs for their automation and management needs.

In recent months, news outlets have reported a surge in double extortion ransomware attacks by Black Basta, a notorious ransomware-as-a-service (RaaS) threat group first identified in early 2022. The actor is sophisticated, often utilizing a unique set of tactics, techniques and procedures (TTPs) to gain a foothold, spread laterally, exfiltrate data and drop ransomware. However, Kroll has observed Black Basta sometimes utilizing similar TTPs across multiple incidents.

This week, UK’s Postal Service, Royal Mail has been hit with a Ransomware attack, which put the countries sensitive data at risk. In this blog post, we’ll take a look at what ransomware is, how it can affect businesses and individuals, and what we’ve learnt from this huge scale attack. Stay tuned for more updates on this developing story.

This blog post will provide an analysis of the malicious Redline Infostealer payloads which have been taken from a real life malware incident, responded to and triaged by the ThreatSpike SOC team. This analysis will be broken down to demonstrate, describe and explain the various stages of the attack chain.

Our most recent Cloud and Threat Report highlighted how threat actors abuse cloud services (with a special focus on cloud storage apps) to deliver malicious content (and yes, OneDrive leads the chart of the most exploited apps). To confirm that this trend will likely continue in 2023, researchers at Trend Micro have discovered an active campaign, launched by a threat actor named Earth Bogle.

It's no surprise if you have heard about LockBit. It is the world's most active ransomware group - responsible for an estimated 40% of all ransomware infections worldwide. I guess LockBit does the usual bad stuff - encrypt your data, steal your files, dump a ransom note on your PC... Yes.

PyPI packages use Cloudflare tunnels to bypass firewalls, new Raspberry Robin malware variant targets financial institutions in Portugal and Spain, and IcedID malware strikes again.

Recovery Time Objectives (RTOs) are on everyone’s mind. It bears repeating, one of the most fundamental ways to reduce recovery time from a ransomware or cybersecurity attack is being well prepared and ready to take actions quickly and effectively. This is one of the many variables firmly within a customer’s control and key to a faster and more efficient recovery process. A ransomware attack can be one of the most stressful events an organization and its employees will encounter.

It's incredibly important that you learn the latest cybersecurity threats that can threaten a business in 2023. Learn them here.

Malware is short for "malicious software" and refers to any software program that is designed to harm or exploit a computer or device. And unfortunately, malware is all over the internet, with 560,000 new pieces of malicious software detected every day. It can come from many potential sources, including: It’s vital for organizations to understand the risks malware poses and take effective measures to stop potential threats.

Our research team here at Mend has identified a new kind of malicious code that attackers can use to exploit genuine concerns about security and licenses. The code in the case below is used to prevent people from using unlicensed software, specifically by removing the code if it detects that the software is not licensed during the deployment stage. The code is tricky to understand and uses a web request to check if the software is being used legally.

Ransomware is an alarming cyberthreat that’s been evolving over the decades. According to Statista, there were a total of 236.1 million ransomware attacks worldwide during the first half of 2022. When organizations do not pay attention to their company’s cybersecurity structure, attackers instigate ransomware attacks by encrypting confidential files and folders, and ultimately demanding ransom. The ransom varies according to the type of ransomware variants.

The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. With the explosive growth of technology, businesses are more vulnerable than ever to malicious cyber attacks. And as cybercriminals become more sophisticated, new methods of attack are popping up left and right.

This blog summarizes the Splunk Threat Research Team’s (STRT) recent review of the CISA Top 10 Malware strains for the year 2021 report. While many of these payloads have been covered in our past and present research (available at research.splunk.com), these malware families are still active in the wild. Notably, five malware families we analyzed in this article can still be seen in the ANY.RUN Malware Trends Tracker.

Has your organization suddenly been attacked by a ransomware virus? Take a deep breath and try to remain composed. It can be easy to panic or become overwhelmed in the face of an attack, but it is vital to remain calm and focused in order to make the best decisions for your organization.

Do ransomware gangs actually have a heart? Perhaps... Just days before Christmas, on the night of Sunday 18 December 2022, Canada's Hospital for Sick Children (better known as SickKids) was hit by a ransomware attack. The Toronto-based teaching and research hospital reported that the attack had impacted its internal systems, phone lines, and website.

With 2022 having just ended, let's take a look back at the year in ransomware. With the average cost of an attack ranging from $570,00 to $812,360 for just the ransom, according to Cloudally, it should be no surprise that it continued to be one of the most prominent attacks utilized by malicious groups. We'll be doing a quick overview of a few of the most active groups within the space over the past year, and any developments that those groups have made in the past 12 months.

Read also: Meta fined €390M over online privacy violations, CircleCI discloses a security breach, and more.

The file has a virus or not! Though it is a four worded sentence, it is sure to scare you off. This concern is real as there is no scarcity of malware or viruses lurking in all corners of the world. Given the challenging technological scenario, detecting legitimate download sites is getting tougher every day. Fortunately, cybersecurity experts are saving us. Thus, detecting a virus corrupted file has become a convenient process.