In this version of the Hacker’s Playbook Threat Coverage round-up, we are highlighting newly added coverage for several recently discovered or analyzed ransomware and malware variants, including NoEscape ransomware, AvosLocker ransomware, and Retch ransomware, amongst others. SafeBreach customers can select and run these attacks and more from the SafeBreach Hacker’s Playbook™ to ensure coverage against these advanced threats.

Rubrik Zero Labs’ recent study accentuated several hard truths we think are important and warrant a response from Rubrik’s CISO Advisory Board. First, let’s confirm what many of us have already discussed: It’s not fun to be a CISO right now. There’s an overwhelming amount of expectation—from the board to business unit owners—to figure out how to grow and use data, but also keep it secure, and figure out what happens when it’s not.

Arctic Wolf Labs has observed a new Cactus ransomware campaign which exploits publicly-exposed installations of Qlik Sense, a cloud analytics and business intelligence platform.[1] Based on available evidence, we assess that all vulnerabilities exploited were previously identified by researchers from Praetorian [2,3]. For more information on these vulnerabilities, see the advisories published by Qlik (CVE-2023-41266, CVE-2023-41265, and CVE-2023-48365) as well as our Security Bulletin.

If you’re the victim of a ransomware attack, there are no guarantees that you can recover your stolen data. The best you can do is mitigate the effects of the attack and remove the ransomware from your device. The steps to recover from a ransomware attack include isolating your device, removing the ransomware, restoring your backed-up data and changing any compromised login credentials.

“The evolving threat landscape” sounds like an overused clichè; however, marked shifts in threat actor tactics in the past year are evidence of widespread and brazen growth in confidence among threat actors. Evident in recent incidents, such as ALPHV, AKA Black Cat’s exploitation of legal avenues, and the emergence of “The Five Families” alliance, cybercriminals are stretching their levels of coordination and reach.

It goes without saying that organizations must back up their critical data to ensure business continuity in the event of cyber attacks, disasters, operational failures, or insider threats. But are passive backups enough in today’s environment of sophisticated cyber threats? Despite having backups and various security tools to monitor infrastructure, organizations remain vulnerable to attackers who are still managing to penetrate defenses.

Clark County School District in Nevada, the fifth-largest school district in the United States, recently experienced a massive data breach. Threat actors gained access to the school district’s email servers, which exposed the sensitive data of over 200,000 students. The district is now facing a class-action lawsuit from parents, alleging it failed to protect sensitive personal information and take steps to prevent the cybersecurity attack.

The information stealers ecosystem continues to expand as we witness the ongoing maintenance and new capabilities in the latest stealers versions. 2023 was a good year for InfoStealers as they keep evolving along with exploiting the popular vulnerabilities from the last years to infiltrate targeted devices. InfoStealer malware has become increasingly widespread, new business models are being introduced and new detection evasion capabilities are being implemented.

The Malware-as-a-Service (MaaS) model, and its readily available scheme, remains to be the preferred method for emerging threat actors to carry out complex and lucrative cyberattacks. Information theft is a significant focus within the realm of MaaS, with a specialization in the acquisition and exfiltration of sensitive information from compromised devices, including login credentials, credit card details, and other valuable information.

There’s a massive elephant in the room: unstructured data. It’s valuable, and it needs to be protected. Let’s talk about why.