An analysis of ransomware attacks on healthcare organizations from 2016 through October of 2023 shows the healthcare sector is likely to continue to suffer as a viable ransomware target. In the last seven years, there have been 539 confirmed ransomware attacks on U.S. hospitals, costing a total of around $77 billion. Consumer tech comparison website Comparitech performed an analysis of these attacks to show the trends – with both positive and negative results.

The Allied Pilots Association (APA) is the collective pilot agent for American Airlines; it provides a range of services to 15,000 members, including acting as a bargaining entity. On October 30th, the APA experienced a network disturbance—a ransomware cyberattack potentially exposing members.

In the last several days, a new info stealer known as the “Continental stealer” has gained traction in dark web forums. This stealer has the potential to become one of the more powerful participants in the InfoStealer industry, thanks to its simple and easy-to-use architecture. In this report, we will review the stealer infrastructure, features, and functionality.

LiveAction Incorporated is a software company specializing in analytics, network monitoring, and application management tools. They’ve reported a revenue of over $5 million and provide services to companies in various industries; technical manufacturers, hospitals, biotechnology, and transportation professionals all use LiveAction services. Earlier this year, LiveAction suffered a ransomware attack where hackers took significant consumer information.

Deer Oaks Behavioral Health is a national provider of mental health based in San Antonio, Texas. They offer the nation long-term care focused on psychiatry and psychology. Deer Oaks hosts more than 1,500 facilities nationwide. Their services include medication and medical treatment planning while spearheading new techniques for rural tele-behavioral health.

Read also: Nigeria dismantles cybercrime recruiting and mentoring hub, two Russians charged over JFK taxi dispatch hack, and more.

An often-heard concern in cybersecurity is the amount of tools a single organization has to manage to protect its environment from malicious actors, both internal and external. The environments cybersecurity professionals need to secure have grown a lot more complex over the years, as we have adopted new architectural principles and hybrid and multi-cloud infrastructures in the race for a competitive edge.

Proxy services offer users the ability to rent a set of IP addresses for internet use, granting a level of online anonymity. Essentially, they make your internet traffic appear as if it's coming from a regular IP address while keeping the real origin hidden. Recently, our Threat Research team discovered a new malware sample, distributed by the PrivateLoader and Amadey loaders.

In the past month, the Netskope Threat Labs team observed a considerable increase of SharePoint usage to deliver malware caused by an attack campaign abusing Microsoft Teams and SharePoint to deliver a malware named DarkGate. DarkGate (also known as MehCrypter) is a malware that was first reported by enSilo (now Fortinet) in 2018 and has been used in multiple campaigns in the past months.

NjRAT (also known as Bladabindi) malware is a Remote Access Trojan (RAT) that was first discovered in 2012. This malware strain has persisted in the threat landscape up to the present day, most recently earning notoriety for its active campaigns against agencies and organizations located in the Middle East and North Africa. Upon successful infiltration into a target host or system, NjRAT can allow the attacker to remotely access and exercise control over the compromised system.