One of the most powerful weapons at an attacker’s disposal is the use of specialized tools designed to compromise network security. Mimikatz, BloodHound, and winPEAS are just a few examples of tools that can wreak havoc in your environment if left undetected. In this article, we’ll explore how malicious actors can exploit specialized tools to launch sophisticated attacks.

Ransomware continues to evolve, and the latest escalation in tactics comes from the Embargo ransomware group. Threat actor Storm-0501, known for its previous ties to various ransomware groups, has now shifted its focus towards hybrid cloud environments, targeting both on-premise and cloud-based systems. This strategic shift poses significant risks for organizations relying on cloud infrastructure, particularly those in critical sectors such as healthcare, government, transportation, and law enforcement.

New research by Recorded Future provides insight into how advanced and sophisticated the threat group Marko Polo has become since launching in 2022. Marko Polo is of particular interest due to their rapid progress in advancing their operations.

Read also: the US charges money launderers linked to Rescator and Joker’s Stash, a police op dismantles a cybercrime ring in West Africa, and more.

International law enforcement agencies have scored another victory against the LockBit gang, with a series of arrests and the seizure of servers used within the notorious ransomware group's infrastructure. As Europol has detailed in a press release, international authorities have continued to work on "Operation Cronos", and now arrested four people, seized servers, and implemented sanctions against an affiliate of the ransomware group.

A ransomware attack is underway. The threat actor has gained initial access to an endpoint and executed malicious code on it. As far as the threat actor is concerned, things are going well. However, the next stage is critical to a ransomware attack’s success. Without the ability to spread throughout the entire environment, encrypting or locking up all systems, threat actors are unlikely to be able to extort payment from an organization.

MEOW ransomware is a significant cyber threat known for its disruptive activities. Unlike the infamous Conti ransomware, MEOW is a modified version that retains many of Conti’s core functionalities and encryption techniques.

XWorm is a relatively new versatile tool that was discovered in 2022. It enables attackers to carry out a variety of functions, which include accessing sensitive information, gaining remote access, and deploying additional malware. The multifaceted nature of XWorm is appealing to threat actors, as evidenced by its alleged use earlier this year by threat actors such as NullBulge and TA558. Through Netskope Threat Labs hunting efforts, we uncovered XWorm’s latest version in the wild.

The number of ransomware attacks around the world increased by 73% in 2023, according to a new report by the Institute for Security and Technology’s Ransomware Task Force (RTF). These attacks opportunistically target organizations across all industries, but the hardest-hit sectors over the past two years have been construction, hospitals and health care, government, IT services and consulting, and financial services.

Identity-based cyber attacks continue to prevail and impact organizations. Stealing credentials was the top initial action in breaches, according to Verizon. Plus, 84% of identity stakeholders surveyed said identity-related incidents directly impacted their business, resulting in reputational damages, distraction from core business, and increased recovery costs.