Emerging between late 2022 and the beginning of 2023, Cloak Ransomware is a new ransomware group. Despite its activities, the origins and organizational structure of the group remain unknown. According to data from the group’s DLS (data leak site), Cloak has accessed 23 databases of small-medium businesses, selling 21 of them so far. Out of these, 21 victims paid the ransom and had their data deleted, 1 declined and 1 is still in negotiations, indicating a high payment rate of 91-96%.

Scareware is a type of social engineering cyberattack that uses psychological manipulation to trick victims into downloading malware disguised as antivirus software. Cybercriminals trick users with frightening, urgent messages in pop-ups or emails which claim their computer is infected. Continue reading to learn how scareware attacks work, how to avoid falling victim to them and how to remove scareware from your devices.

The healthcare sector has been under constant threat from cybercriminals due to the sensitive nature of patient data and the valuable information held by healthcare providers. This blog analyzes the ransomware landscape for the healthcare sector for the years 2022-2023. This report uses data compiled for the recently released Trustwave SpiderLabs research: Cybersecurity in the Healthcare Industry: Actionable Intelligence for an Active Threat Landscape report.

Since the fallout of Conti ransomware in mid-2022, Conti-affiliated threat actors have splintered off and developed or joined other ransomware groups to continue extorting victim organizations. Due to Conti’s source code being leaked, attribution back to the Conti ransomware group via code overlap is much more difficult. However, leveraging blockchain analysis, we can begin to discern what ransomware groups Conti-affiliated threat actors have worked with; one such group is Akira.

Ransomware impersonates Sophos, FIN8 group uses modified backdoor to deliver BlackCat ransomware, and Chinese espionage actors continue to evolve.

On June 15, 2023, the residents of Spring Valley, IL woke up to the sobering news that St. Margareth’s Health hospital, one of only a few hospitals in the region, would be closing. The cause of the closure? A devastating cyberattack. After falling prey to cybercriminals, the hospital’s personnel were unable to submit claims to insurers, Medicare or Medicaid for months, which ultimately spelled its financial doom. The St. Margareth’s incident is not an outlier.

The rapid and widespread adoption of artificial intelligence (AI) has ushered in a new era of technological advancement, revolutionizing various industries and becoming immensely popular worldwide. AI-driven applications and solutions have streamlined processes, improved efficiency, and enhanced the overall user experience. However, this surge in AI’s popularity also comes with a dark side.

The Amadey Trojan Stealer, an active and prominent malware, first emerged on the cybersecurity landscape in 2018 and has maintained a persistent botnet infrastructure ever since. Several campaigns have used this malware, like the previous Splunk Threat Research blog related to RedLine loader, the multi-stage attack distribution article from McAfee in May 2023 and the campaign where it uses N-day vulnerabilities to deliver Amadey malware noted in March 2023 by DarkTrace.

A new social engineering campaign tracked as “FakeSG” is distributing the NetSupport remote access Trojan (RAT) via phony browser updates, according to researchers at Malwarebytes. The campaign is similar but distinct from the widespread “SocGholish” campaign, which also uses fake browser updates to deliver NetSupport.

In today’s digital landscape, cyber threats continue to evolve at an alarming pace, with hackers constantly finding new ways to infiltrate systems and compromise sensitive data. One such sophisticated threat is fileless malware, a stealthy form of malicious software that operates entirely in the computer’s memory without leaving any trace on the hard drive.