If you still rely on legacy antivirus software to stop modern cyberattacks, this post is for you. Today’s adversaries are relentless. While many threat actors have adopted newer techniques such as data extortion, identity-based threats and in-memory attacks to achieve their goals, some continue to rely on tried-and-proven threats — and legacy software is no match for either.

The financially motivated Desorden (Disorder in Spanish) group, previously known as “chaoscc”, was first observed going by the new name Desorden in 2021 while acting against multiple Asian-based organizations in various sectors. The group mainly targets high-revenue enterprises and supply chains to amass as much profit as possible by extracting sensitive organizational data and demanding a ransom for it.

If you want to visualize how data flows across your connected applications, you can think back to that childhood game of Chutes and Ladders (also called Snakes and Ladders). As a kid, the board felt like a confusing grid that had the weirdest, seemingly arbitrary connections between blocks. In your modern digital environment, your Application Programming Interfaces (APIs) fulfill the same role that the ladders and chutes/snakes fulfilled, connecting disparate blocks across a larger whole.

Web cache poisoning is a cyber attack that wreaks havoc on unsuspecting websites. It exploits vulnerabilities by caching mechanisms that web servers, proxies, and content delivery networks (CDNs) use, compromising data integrity. Malicious actors can use cache poisoning to deliver malicious payloads, tamper with sensitive information, or redirect users to fraudulent websites. In this article, we’ll comprehensively explore web cache poisoning attacks and how they work.

The Attack Surface is Growing, and fast. What once was considered the attack surface is no longer. Instead organizations are faced with a sprawling attack surface, including not just domains, IPs and sub-domains, but also third parties, brand risks and more. Businesses in the finance sector face two additional challenges: This blog focuses on banks, FinTech companies and insurance providers, as they are among the largest types of entities in the financial sector.

Earlier this year, analysts in the AT&T Cybersecurity Managed Threat Detection and Response (MTDR) security operations center (SOC) were alerted to a potential ransomware attack on a large municipal customer. The attack, which was subsequently found to have been carried out by members of the Royal ransomware group, affected several departments and temporarily disrupted critical communications and IT systems.

There was some good news on the cybersecurity front in August, starting with a joint effort by U.S. and European authorities that broke up a far-reaching network of compromised computers used in attacks on healthcare organizations around the world. The takedown also netted more than $8 million in illicit cryptocurrency from Russian-affiliated hacking groups.

In this blog post, we will take a comprehensive dive into a real-world cyber attack that reverberated across the digital realm – SCARLETEEL. Through an in-depth analysis of this notorious incident using the MITRE ATT&CK framework, we aim to unearth invaluable insights into the operational tactics of cyber adversaries.

Discover insights from Sophos' 2023 Active Adversary Report. Credential leaks are now the leading way in for attackers and dwell times are getting shorter.