There’s a saying that nothing can be certain, except death and taxes; in today’s cyber threat landscape, we can add ransomware to that short list. One of the AT&T Managed Threat Detection and Response customers almost had an incident at the crossroads of taxes and ransomware, but thanks to the SentinelOne advanced EDR platform, the attack was quickly detected and stopped automatically.
Most discussions around cybersecurity understandably focus on information technology (IT). Assets like cloud services and data centers are typically what companies spend the most time and effort securing. Recently, though, operational technology (OT) has come under increasing scrutiny from leading security experts in both the private and public sectors. In June, for instance, the Cybersecurity and Infrastructure Security Agency (CISA) released a fact sheet about ransomware attacks on OT.
Ransomeware can be a company’s worst nightmare. It’s not simply “getting a virus” or “clicking on a malicious email.” It is a systematic plan created by hackers to take your private information. Once they have a foothold in your private data, they use their position to blackmail you into submitting a payment. Technology to prevent ransomware has gotten better but attackers have gotten smarter and more methodical.
Criminal gangs are constantly improving their ways of delivering malicious code to victims. The delivery of this code is fundamental in order to subsequently install payloads that maximize the effect of exploitation and allows them to move laterally, and install further crimeware to quickly reap profits such as crypto mining, ransomware, data exfiltration, or even more sophisticated payloads such as banking fraud web injects.
The AEC industry is very familiar with good risk management. Whether it is managing safety risk, financial risk, legal risk, or project risk, AEC firms are adept at identifying, prioritizing and mitigating risk. Today, the risk of ransomware seems high, with a steady stream of news stories about the latest company to fall victim to an attack. But is it high for everyone in every industry?
AT&T Alien Labs™ has recently observed the presence of a new remote access trojan (RAT) malware in its threat analysis systems. The malware, known as FatalRAT, appears to be distributed via forums and Telegram channels, hidden in download links that attempt to lure the user via software or media articles.
The Splunk Threat Research team has researched two of the current payloads involved in these heinous campaigns against healthcare and first responder organizations such as Conti & REvil. In the first blog, we explored the REvil ransomware group and in this blog, we will explore Conti.
Given the spate of recent ransomware attacks, the latest of which occurred shortly before Independence Day, this topic is likely at the top of mind for most organizations. Understanding the fundamentals of security, and the most common ways ransomware gets installed, is a must if a company hopes to truly lay the groundwork required to build and operationalize their security program.
Major sporting events, like the World Cup or the Olympics, are usually targets of cybercriminals that take advantage of the event’s popularity. During the 2018 World Cup, for example, an infected document disguised as a “game prediction” delivered malware that stole sensitive data from its victims, including keystrokes and screenshots.
When it comes to cybercrime, cybercriminals are constantly changing their tactics. Think back to 10 years ago; malware sites — malicious sites that attempt to install malware on a device – were a common attack vector. At the same time, sophisticated ransomware attacks on organizations were rare. Often, ransomware was used to target individuals, sometimes blackmailing them for having been on unsavory sites and asking for a few hundred dollars in ransom.
