It was almost exactly 10 years ago in December 2013 that we wrote our first blog post about detecting CryptoLocker, which was the first sophisticated Ransomware attack of its kind back then. BTW, 2013 was the year of the Boston Marathon bombing, Edward Snowden leaking secret NSA information, Syrians fleeing their home country and Nelson Mandela passing away.

Ranging from the process of recovering stolen data to having to hire legal services, a cyberattack generates a series of costs that companies have to face. According to an IBM report, the global average cost of a data breach reached $4.45 million in 2023, which represents an increase of 15% in three years. This seven-digit figure is clearly worrying.

Data is at the heart of nearly every business operation, and it’s critical to ensure the security and integrity of that data. Amazon Simple Storage Service (S3) has long been a popular choice for organizations seeking a scalable, cost-effective, and resilient storage solution for their data needs. In fact, nearly one million organizations around the world rely on Amazon S3 to store hundreds of exabytes of unstructured, business-critical data.

DarkGate is a commodity malware with multiple features including the ability to download and execute files to memory, a hidden virtual network computing (HVNC) module, keylogging, information-stealing capabilities, and privilege escalation.

While browsing the internet, you may accidentally install spyware on your phone without even knowing. Android phones are known to be more susceptible to spyware than iPhones; however, anyone who owns a smartphone needs to watch out for spyware – especially if your phone is outdated or jailbroken. Some ways you can tell if spyware is installed is if your phone’s camera and mic turn on randomly, you hear a noise during phone calls, or you see unfamiliar apps and files on your phone.

Cybercriminals increasingly used malvertising to gain initial access to victims’ networks in 2023, according to Malwarebytes’s latest State of Malware report. The researchers note that the Royal ransomware group has been using phony ads for TeamViewer to deliver malware as a precursor to its ransomware attacks.

A new and concerning chapter has unfolded in these troubled times of geopolitical chaos. The Cozy Bear threat actor has caused significant breaches targeting Microsoft and HPE, and more are likely to come. These recent events have sent shockwaves throughout the tech community, and for good reason. As we continue to uncover the fallout from these breaches, it has become apparent that the magnitude of the incident is more significant than we first realized.

Cyjax analysts have identified the distribution of STOP ransomware on Google Groups through mass spam attacks on Usenet. Over 385,000 posts have been observed, which contain malicious links resulting in ransomware infection. This campaign, henceforth referred to as “STOPNET.GG”, has been in operation since at least May 2023, and is ongoing at the time of writing.

Understanding malware is essential to defending an organization against attacks. Analyzing suspicious applications helps us determine if an alert is a false positive, and the information discovered can be used to help remediate an incident or strengthen a system's defenses against further attacks.