Do you remember the last time you didn’t have water? Reliable water delivery is something many of us take for granted. Our local water treatment plant sits at the edge of our neighborhood, and I pass it every day on my way to take the kids to school. Not a lot seems to go on there, so it never occurred to me that I should be concerned about an attack on this critical infrastructure. What does occur to me is the possibility of a cyberattack on our water system.

Vortax spreads infostealer malware, new malware campaign distributes fake error messages, and Linux malware uses emojis to execute commands.

In this version of the Hacker’s Playbook Threat Coverage round-up, we are highlighting attack coverage for newly discovered or analyzed threats by the SafeBreach Labs team. SafeBreach customers can select and run these attacks and more from the SafeBreach Hacker’s Playbook to ensure coverage against these advanced threats.

Incident Overview In a significant breach of healthcare data security, the Qilin ransomware gang has leaked 400GB of NHS and patient data on Telegram. The group, identified as the Qilin ransomware gang, claimed responsibility for the exfiltration and demanded a $50 million ransom, threatening to release the data if their demands were not met. Following failed negotiations, the gang followed through on their threat and made the entire dataset public.

Properly architecting and designing solutions for clean room recovery is a crucial step for any organization looking to become more resilient to cyber threats. Clean rooms provide organizations with an isolated environment where data integrity and recovery processes are insulated from external threats. By providing a clean room environment, organizations can expedite security investigations and recovery timelines in the event of a cyber attack.

Have you ever wondered what it takes to ensure that the data behind every life-saving surgery, every critical care decision, and every patient record is not only secure but also instantly recoverable in the face of cyber threats? In the world of healthcare, where every second can mean the difference between life and death, this isn't just a technical challenge - it's a mission.

Trustwave SpiderLabs, in its just-released report 2024 Professional Services Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies, has uncovered an increasing number of ransomware, third-party supplier, and technology-based attacks targeting the professional services sector.

Atlas Oil, a major player in the oil and fuel distribution industry, fell victim to a ransomware attack orchestrated by the Black Basta group. This attack not only compromised sensitive company data but also exposed a variety of documents that could potentially harm the company’s operations and reputation. Overall, Black Basta claims to have exfiltrated approximately 730 GB of data.

A new Rust-based information-stealing malware named Fickle Stealer has been identified, using multiple attack vectors to compromise systems and extract sensitive information. According to Fortinet FortiGuard Labs, Fickle Stealer is being distributed through four different methods: VBA dropper, VBA downloader, link downloader, and executable downloader. Some of these methods employ a PowerShell script to bypass User Account Control (UAC) and execute the malware.

Kroll’s Managed Detection and Response (MDR) team responded to an incident in which suspected malware was exhibiting strange download behavior. After successfully containing and resolving the incident, Kroll’s Cyber Threat Intelligence (CTI) team investigated further.