A rootkit is a malicious software program that helps cybercriminals infiltrate a system and take control. Hackers use rootkits to carry out espionage, data theft, deploy other malware such as ransomware, and all without leaving a trace. Once a rootkit is installed on a device, it can intercept system calls, replace software and processes and be part of a larger exploit kit containing other modules such as keyloggers, data theft malware, or even cryptocurrency mining malware.

Researchers at Lookout Threat Lab have discovered close to 300 mobile loan applications on Google Play and the Apple App Store that exhibit predatory behavior such as exfiltrating excessive user data from mobile devices and harassing borrowers for repayment. These apps, which were found in Southeast Asian and African countries, as well as India, Colombia, and Mexico, purportedly offer quick, fully-digital loan approvals with reasonable loan terms.

Ransomware attacks have become so prevalent in recent years that it’s no longer a matter of “if” your business may be the victim of a ransomware attack, but “when.” In fact, in 2021, 37% of global organizations reported that they were the victim of a ransomware attack. To mitigate the impact and probability of ransomware on your business, you must continuously look for new ways to secure your network and maintain continuous cybersecurity monitoring.

The npm CLI has a very convenient and well-known security feature – when installing an npm package, the CLI checks the package and all of its dependencies for well-known vulnerabilities – The check is triggered on package installation (when running npm install) but can also be triggered manually by running npm audit. This is an important security measure that warns developers against using packages with known vulnerabilities.

Kroll analysts have identified new tactics used by threat actors associated with the AvosLocker ransomware. Critical vulnerabilities have been exploited within Veeam Backup and Replication, which may be an attempt to hide activity from detection technologies. The proxy tool “Chisel” has been identified, which can encrypt traffic through a victim’s firewall and could be used as a further evasion technique.

"People tell you who they are, but we ignore it, because we want them to be who we want them to be.” - Don Draper Earlier this year we announced some security enhancements to how we handle submissions to Splunkbase. The simple statement is we are making things faster/cheaper/better where Splunkbase security is concerned. Faster in that it takes less time for a developer to get an app into our platform. Cheaper in that it’s more automated.

Ransomware attacks continue to make headlines and cause havoc on organizations on an international scale. Unfortunately, we should expect that ransomware attacks will persist as one of the primary threats to organizations. Ransomware attacks have grown 350% in recent years, and while the best strategy is to prevent attacks from happening in the first place, there is no guarantee your data won’t be compromised.

Ransomware attacks are on the rise. Many organizations have fallen victim to ransomware attacks. While there are different forms of ransomware, it typically involves the attacker breaching an organization’s network, encrypting a large amount of the organization’s files, which usually contain sensitive information, exfiltrating the encrypted files, and demanding a ransom.

Believe it or not, the Financial Services industry has one of the slowest vulnerability remediation rates, with a median of 426 days. “Financial regulators can no longer rely on static, point-in-time assessments to understand the cybersecurity risks posed to the financial system,” said Sachin Bansal, SecurityScorecard’s Chief Business and Legal Officer, in a recent BusinessWire article. “Continuous monitoring tools must be a part of every regulator's toolbox.”

Rubrik allows customers to protect their workloads like VMs, Disks, and SQL instances running on Azure. We have customers who protect a large number of Azure subscriptions through our SaaS product. We offer features like File-Level Recovery to allow customers to make faster recoveries and Storage Tiering to save on storage costs associated with the backups. To support these features, we run compute in the customer’s environment to read the data from Azure Disk snapshots.

Malware is becoming more sophisticated, and it would be impossible to prevent and defend from every single cyber threat out there. As the digital dependence of enterprises grows in tandem with the enterprise’s growth, we at Rubrik are seeing some consistent trends that can be mapped to their exacerbating cyber risk. In today's competitive landscape, it is even more important to secure your data to defend against cyber attacks.

In October 2022, a novel ransomware named Prestige was found targeting logistics and transportation sectors in Ukraine and Poland. According to Microsoft, victims affected by Prestige overlap with previous victims targeted by HermeticWiper, spotted in February 2022. The research also shows that the attackers deployed the ransomware within an hour between all victims, abusing highly privileged domain credentials to deploy the payload.

Agent Tesla is a remote access trojan (RAT) written for the.NET framework that has knowingly been in operation since 2014. Threat actors behind this malware have leveraged many different methods to deliver their payload over time including macro enabled Word documents, Microsoft Office vulnerabilities, OLE objects and most recently, compiled HTML help files.

Meet "Sodinokibi" this month, the threat group behind the eponymous Sodinokibi ransomware, also known as “REvil”, to understand their tactics and how you can better secure your system from this threat

As the attack surface widens and cybercriminals get more sophisticated, organizations are struggling to prepare for and respond to ransomware and other cyber incidents. According to the inaugural State of Data Security report from Rubrik Zero Labs, a staggering 92% of global IT and security leaders are concerned they are unable to maintain business continuity following an attack.

Healthcare organisations in the United States are being warned to be on their guard once again, this time against a family of ransomware known as Venus. An advisory from the United States Department of Health and Human Services (HHS) has warned that the cybercriminals behind the Venus ransomware have targeted at least one healthcare entity in the United States, and are known to be targeting publicly-exposed Remote Desktop Servers.

In this third post in our series on Malicious Software Packages, we’ll focus on the aftermath of a successful attack and how the attacker executes payloads to serve their needs through various real-life scenarios. Before we start, let’s review a few highlights from the second post you might’ve missed: Now, let’s get to blog three in the series.

PC manufacturer Lenovo has been forced to push out a security update to more than two dozen of its laptop models, following the discovery of high severity vulnerabilities that could be exploited by malicious hackers. Security researchers at ESET discovered flaws in 25 of its laptop models - including IdeaPads, Slims, and ThinkBooks - that could be used to disable the UEFI Secure Boot process.

“Have you backed up your files?” If you had a Dirham for every time you heard this and followed up with immediate action, you’d be a Shiekh by now. But alas, we’re here because you didn’t do your due diligence and now you have to pay the ultimate price—your data has been compromised and you’ll have to decide what to do about it. But don’t feel too bad; data backup at a corporate level is a luxury not everyone gets to enjoy.

Every software we use consists of instructions in the form of computer codes that dictate how computers behave or perform certain tasks. But not all software is designed to make our lives easier. Malware, a portmanteau of the words malicious and software, is specifically designed to help hackers gain access to, steal information from, or damage a computer. Oftentimes, all this happens without the knowledge of the computer user themselves. Until it’s too late, that is.

BlackCat (a.k.a. ALPHV and Noberus) is a Ransomware-as-a-Service (RaaS) group that emerged in November 2021, making headlines for being a sophisticated ransomware written in Rust. It has both Windows and Linux variants and the payload can be customized to adapt to the attacker’s needs. BlackCat is also believed to be the successor of the Darkside and BlackMatter ransomware groups.

Let’s dig deeper into the techniques used by attackers and the mitigations you should implement when ransomware on Azure affects you. By now, we should all be aware of ransomware from the constant news articles associated with this known threat. As we explained in the anatomy of a cloud attacks, ransomware is a way for attackers to make money when they gain control of your accounts through data encryption, therefore restricting your access to the system.

In workplaces of the past, IT teams could afford to trust the devices in their network because they knew them. After all, they issued and managed them. But today’s work environment makes trust a little difficult. From work from home to the vast expansion of enterprise applications, IT and security teams have a whole new set of cybersecurity challenges to mitigate. Your workers are human and are subject to human error. Phishing attempts are not always easy to spot.

Have you ever walked up to an ATM after another person finished with the machine only to find they left it on a prompt screen asking, “Do you want to perform another transaction?” I have. Of course, I did the right thing and closed out their session before beginning my own transaction. That was a mistake an individual made by careless error which could have cost them hundreds of their own currency.

Rubrik Zero Labs is excited to share “The State of Data Security: The Human Impact of Cybercrime”. This in-depth global study commissioned by Rubrik and conducted by Wakefield Research gives businesses around the world a deeper look into the challenges that IT and security decision-makers face, the effects of those challenges, and subsequent solutions. This study engaged over 1,600 senior IT and cybersecurity leaders with more than half at the CIO and CISO level.

As an entrepreneur, you're well aware of how devastating ransomware attacks can be. And as the frequency and magnitude of such attacks are constantly on the rise, devising a formidable plan to protect your startup from a ransomware attack is imperative. According to CrowdStrike 2022 Global Threat Report, there has been an 82% YoY increase in ransomware-related data leaks in 2021. What's more? According to Statista, there were 623.3 million ransomware attacks worldwide in 2021.

That’s a wrap for Data Security Summit 2022! Last month, we gathered some of the wisest forces from the frontlines of cybersecurity to discuss why data security is a crucial component—and often a missing one—of a well-rounded security strategy.