Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Malware

LockBit Takedown: Law Enforcement Disrupts Operations, but Ransomware Threats Likely to Persist

The news that US, UK, and other international law enforcement agencies disrupted LockBit is welcome, as stopping any threat group activity is always a positive. The unfortunate aspect is this blow won’t impact ransomware overall. As in the past, another group will pick up the slack, or LockBit itself will reform and get back into business.

Understanding and Responding to Ransomware

As cybercrime evolves, one avenue for attack has risen to prominence across the world: Ransomware. According to Arctic Wolf’s State of Cybersecurity 2023 Trends Report, 48% of organizations view ransomware as the top attack vector concern. A concern comes with just cause, as the Arctic Wolf Labs 2024 Threats Report showed 48.6% of incidents investigated by Arctic Wolf were ransomware attacks.

SSH-Snake: New Self-Modifying Worm Threatens Networks

The Sysdig Threat Research Team (TRT) discovered the malicious use of a new network mapping tool called SSH-Snake that was released on 4 January 2024. SSH-Snake is a self-modifying worm that leverages SSH credentials discovered on a compromised system to start spreading itself throughout the network. The worm automatically searches through known credential locations and shell history files to determine its next move. SSH-Snake is actively being used by threat actors in offensive operations.

Malvertising Campaign Spreads Phony Utility Bills

A widespread malvertising campaign is attempting to trick users into paying phony utility bills, according to researchers at Malwarebytes. “We discovered a prolific campaign of fraudulent ads shown to users via Google searches,” the researchers write. “To give an idea of scale, the number of ads we found exceeds what we have found in previous malvertising cases....The scam begins when a user searches for keywords related to their energy bill.

Only 7% of Organizations Can Restore Data Processes within 1-3 Days After a Ransomware Attack

New data on how organizations are able to respond to ransomware attacks also shows that paying a ransom is highly likely, despite having a policy of “Do Not Pay.” New research from security vendor Cohesity says organizations are overconfident in their ability to recover from a ransomware attack. According to the data: And even if you do have an outstanding recovery plan, when’s the last time you tested it?
Featured Post

Leveraging Threat Intelligence for Regulatory Compliance

The US Government recently announced that state-sponsored Chinese cyber group Volt Typhoon has compromised multiple critical infrastructure organisations' IT networks in the US and is preparing "disruptive or destructive cyber attacks" against communications, energy, transport, water and waste water systems. The announcement, which was supported by national cybersecurity agencies in Australia, Canada, UK, and New Zealand, is a sobering reminder that modern life relies on digital networks. From healthcare, banking, and socialising, to energy, water, local and national government - everything has a digital aspect.

Department of Justice disrupts Moobot botnet commandeered by Russian APT28: analysis of attacks against routers and malware samples

On February 15, the US Department of Justice announced “Operation Dying Ember”: the takedown of a botnet controlled by APT28, the Russian military cyber threat actor also known as Fancy Bear. APT28 was previously known for developing the VPNFilter botnet, which targeted routers and network attached storage devices and was also disrupted by the DoJ in 2018.

Messaging Platform Telegram Sprouts Cyber Crime "Marketplaces" of Tools, Insights and Data

Cybercriminals are taking advantage of the messaging platform Telegram by creating channels and groups where learning and commerce all can take place freely. We’ve long known the dark web to be the back shadowed corner of the Internet where cybercriminals go to do business. But we’ve seen more examples of marketplaces frequented by threat actors shifting to the open web. One of the latest is the continued misuse of messaging platform Telegram.

Data Insecurity: Building Resilience in the Face of Cyber Threats

In today's digital age, organizations are using data in innovative ways to understand their businesses and generate new value, making data the lifeblood of every operation. As a result, data is growing at an unprecedented rate across on-premises, SaaS, and multi-cloud environments. However, this rapid growth presents significant challenges for organizations, as they often struggle to identify sensitive or regulated data, where it’s located, and who has access to it.

Rubrik Recognized as a 2024 Gartner Peer Insights Customers' Choice

Rubrik is on a mission to secure the world’s data. And our customers are at the very heart of that mission. Everything we do is with you, our customer, in mind, ensuring continual value in every step of our journey. We are dedicated to constant innovation in data security and know that simplification and automation of cyber detection and recovery is top of mind for organizations as cyber incidents are increasingly frequent and attacks are quickly evolving.