Continued analysis of ransomware attacks shows an upward trend in the number of attacks, with September resulting in the highest number of assaults so far this year. IT security vendor NCC Group’s Cyber Threat Intelligence Report for September 2023 shows some startling revelations about why ransomware attacks are spiking.

In this version of the Hacker’s Playbook Threat Coverage round-up, we are highlighting newly added coverage for several recently discovered or analyzed ransomware and malware variants, including NoEscape ransomware, AvosLocker ransomware, and Retch ransomware, amongst others. SafeBreach customers can select and run these attacks and more from the SafeBreach Hacker’s Playbook™ to ensure coverage against these advanced threats.

DarkGate Loader is a commodity malware loader with multiple features including the ability to download and execute files to memory, a Hidden Virtual Network Computing (HVNC) module, keylogging, information-stealing capabilities, and privilege escalation. Its distribution mechanism also makes use of legitimate AutoIt files to inject the malicious payload.

Job hunters should be on their guard. Researchers at security firm WithSecure have described how fake job opportunities are being posted on LinkedIn with the intent of spreading malware. A Vietnamese cybercrime gang is being blamed for a malware campaign that has seen bogus adverts posted on LinkedIn, pretending to be related to jobs at computer memory and gaming accessories firm Corsair.

Read also: India busts fake Microsoft and Amazon call centers, Vastaamo hacker charged with over 30,000 counts of computer crimes, and more.

Today, mobile devices are ubiquitous within enterprise environments. But with their proliferation, it provides adversaries with yet another attack surface with which they can target users and cause a breach. From phishing attacks to malicious apps, mobile users tend to let their guard down and potentially click on obfuscated links to malicious sites. Falcon for Mobile protects users by preventing connections to malicious sites on both iOS and Android devices.

In October 2023, Netskope analyzed a malicious Word document and the malware it contained, dubbed “Menorah.” The malware was attributed to an advanced persistent threat group APT34, and was reported to be distributed via spear-phishing. The malicious Office file uses dispersed and obfuscated VBA code to evade detection. The advanced persistent threat group targets users of outdated versions of Microsoft Office, since it does not attempt to bypass the mark of the web security check.

Akumin is a radiology and oncology clinic based in Florida with multiple locations. Last week, three of their South Florida locations shut down their computer systems to hobble a ransomware cyberattack. The downtime significantly impacted the three clinics, as the doctors could not complete patient assessments. Recent patients in the area should consider protective monitoring services to help mitigate potential outcomes from the attack.

Organizations are increasingly relying on virtualization. As critical infrastructure and business systems continue to be virtualized, threat actors have responded in kind by deploying ransomware impacting hypervisor software.

Top tips is a weekly column where we highlight what’s trending in the tech world today and list out ways to explore these trends. This week we’re looking at five ways you can protect your IT infrastructure against ransomware attacks. Every year, the month of October is observed as Cybersecurity Awareness Month. This year, we wanted to dedicate a special entry in our top tips column to one of the fastest-growing digital economies in the world: the Middle East.

As attackers leave little-to-no traces of their attack patterns, more ransomware groups are shifting from automated attacks to manual attacks. According to the newly-released Microsoft Digital Defense Report 2023, about 40% of the ransomware attacks detected were human-driven and tracked back to over 120 ransomware-as-a-service (RWaaS) affiliates. This spike in human-operated ransomware attacks likely goes back to attackers wanting to minimize their footprint within an organization.

A look at the FBI’s recent Qakbot takedown, the return of Bumblebee after a two-month hiatus, and other developing cyberthreats from 2023.

Business leaders today must ask themselves a challenging question: “Who do I trust to face cybersecurity problems head on and consistently stay ahead of attacker trends?” Consider the following challenges of IT: As more and more businesses are turning to Managed Service Providers (MSPs), those MSPs must face the cybersecurity problems head on everyday and stay ahead of modern threats in order to defend themselves and their customers.

As attackers evolve their toolsets and processes, the significant drop in dwell time signifies a much higher risk to organizations that now have less time to detect and respond to initial attacks. This is bad news. Two years ago, the median dwell time – the time between gaining access to a network and executing the ransomware – was 5.5 days. Last year it was 4.5 days.

Kroll has observed an uptick in cases of DARKGATE malware being delivered through Microsoft Teams messages. These campaigns have mainly targeted organizations in the transportation and hospitality sectors. This activity has also been reported throughout open-source reporting, sharing a number of key indicators with Kroll observations, such as common filenames, adversary infrastructure and similar domain name conventions to host the initial download.

Understanding Qakbot Malware Qakbot is a sophisticated banking Trojan that first emerged around 2007 and has continued to evolve over the years. Its primary goal is to steal sensitive financial information, including banking credentials and personal data, from infected systems. Once it infiltrates a system, it can also serve as a delivery mechanism for other malicious payloads, making it a potent tool for cybercriminals.

The Ransomware Defence Assessment (RDA) service offers a comprehensive approach to bolster your organisation against ransomware threats. Our method, leveraging the CIS framework, combines asset identification, vulnerability scanning, policy review, training, and continuous improvement to ensure a holistic defence strategy.

The infostealer malware Rhadamanthys was discovered in the last quarter of 2022. Its capabilities showed a special interest in crypto currency wallets, targeting both wallet clients installed in the victim’s machine and browser extensions. The main distribution methods observed for this threat are fake software websites promoted through Google Ads, and phishing emails, without discriminating by region or vertical.