If your organization uses Microsoft Teams, then you definitely want to hear about a new way bad actors are exploiting this newly discovered cyber attack tool. "TeamsPhisher," a new tool recently discovered on GitHub, gives cybercriminals a new way to deliver malicious files directly to any Teams user. The genesis of this new cyber attack tool was published by the US Navy Red Team due to a recently discovered vulnerability in Microsoft Teams.

Apparently expanding efforts outside of Southeast Asian countries, this threat group’s known malware has shown up in a European healthcare facility, raising concerns for USB-based attacks. You’d think that literally no one uses USB drives anymore, making them a very improbable attack vector. And yet, the Camaro Dragon APT group has been tracked by security researchers at Check Point for well over a year, with them finding instances of attacks throughout all of last year and into this year.

There's good news for any business which has fallen victim to the Akira ransomware. Security researchers at anti-virus company Avast have developed a free decryption tool for files that have been encrypted since the Akira ransomware first emerged in March 2023. The ransomware has been blamed for a number of high profile attacks - including ones against universities, financial institutions, and even a daycare centre for children.

The largest port in Japan, Nagoya, is now the most recent victim of a ransomware attack. The attack impacts the operation of container terminals, as the port handles over two million containers each year. This port is also used by the Toyota Motor Corporation, one of the world’s largest automakers, to export most of its cars.

The InfoStealer and remote-access-tools (RATs) markets constantly provide us with new products. The Cyberint Research Team discovered a new RAT that is claiming to be the next popular threat against organizations and individuals worldwide. With fairly interesting PR and marketing methods, RevolutionRAT seems to be gaining attention with a growing Telegram community after only a few days of operation.

The ransomware industry has been a prominent player this quarter, causing significant impact and affecting numerous organizations globally. With its widespread threat, the industry has successfully claimed 1386 victims. The industry is feeling increasingly impacted by ransomware as many critical vulnerabilities were discovered this quarter. Additionally, the emergence of new groups, both from the end of 2022 and during this quarter, has contributed to the industry’s growth.

In the face of persistent data breaches and escalating cyber threats, organizations are compelled to prioritize cloud defense in depth. These measures are indispensable for protecting critical assets and upholding the integrity of cloud-based systems. By establishing a comprehensive security plan, organizations can effectively convey their commitment to security and lay a solid foundation for a resilient and secure cloud environment.

When KnowBe4 went public in April 2021, I got to know a select group of analysts that served as co-managers on our IPO. These professionals all know our industry very well and we spoke with them quarterly during our earnings conference call where we discussed the past 3 months and expectations for the future. One of these firms was Baird Equity Research and I am still on their mailing list, even though we went private this year as a Vista Equity Partners portfolio company.

In this version of the Hacker’s Playbook Threat Coverage round-up, we are highlighting newly added coverage for several recently discovered or analyzed ransomware and malware variants, including Cactus ransomware and BlackSuit ransomware, amongst others. SafeBreach customers can select and run these attacks and more from the SafeBreach Hacker’s Playbook™ to ensure coverage against these advanced threats.

The Iranian threat actor Charming Kitten is launching sophisticated spear phishing attacks to distribute a new version of its POWERSTAR malware, according to researchers at Volexity. “In the last few years, Volexity has observed threat actors dramatically increase the level of effort they put into compromising credentials or systems of individual targets,” Volexity says.