Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

May 2024

securitysenses

Best Practices for Secure Communication During Business Trips in the APAC Region

May 31, 2024 By SecuritySenses In SecuritySenses
Make no mistakes about it, we live in a world where information is power. Securing your information while you communicate on business trips is critical, especially within regions like APAC (Asia Pacific) where rapid technological advancement has led to increased risk of cyber threats.
Read Post
knowbe4

91% of Every Ransomware Attack Today Includes Exfiltrating Your Data

May 31, 2024 By Stu Sjouwerman In KnowBe4
New insight into ransomware attacks show that cyber attacks are a top concern for organizations – with many not aware they were a victim until after the attack. According to Arctic Wolf’s The State of Cybersecurity: 2024 Trends Report, 91% of reported ransomware attacks included a data exfiltration effort. This is far more than the sub-80% numbers we’ve seen from the Coveware quarterly reports we cover.
Read Post
manageengine

Top tips: Three telltale signs that you have been cryptojacked

May 30, 2024 By General In ManageEngine
Top tips is a weekly column where we highlight what’s trending in the tech world today and list ways to explore these trends. This week, we’re looking at three signs that your device may be infected with crypto malware. Has your computer been acting strange lately? Has the performance tanked out of nowhere, and are you experiencing overheating issues even though you’re not running any particularly demanding tasks at the moment?
Read Post
ciso global

The Beatings Ransoms Will Continue Until Morale Culture Improves

May 30, 2024 By Chris Clements In CISO Global
As we near the halfway point of 2024, it is apparent that the epidemic of extortionary cyber attacks will continue unabated into the foreseeable future. Now more than ever, I believe that until organizations adopt cultural approaches to cybersecurity, breaches will continue to wreak havoc on companies and industries. But why is this? There are far too many reasons to enumerate here, but in my experience the biggest factors are.
Read Post
cyjax

Here, There, Ransomware: The Surge of New Ransomware Groups

May 30, 2024 By Adam Price In CYJAX
From late 2023 and into 2024, the ransomware ecosystem has become more diverse than ever, with an ever-expanding cast of extortion groups. Established players continue to compromise large companies globally, while smaller, newer groups are breaking into the scene with increasing frequency. From January to mid-May 2024 alone, 22 new ransomware groups emerged. In comparison, only 22 groups emerged during the entire two-and-a-half-year period between January 2018 and August 2020.
Read Post
elastic

Elastic Security shines in Malware Protection Test by AV-Comparatives

May 30, 2024 By Jamie Hynds, In Elastic
Real-world malware 100% protection with zero false positives Elastic Security has achieved remarkable results in the recent AV-Comparatives Malware Protection Test, with a protection rate of 100% and no false positives against real-world malware samples. This independent assessment underscores our commitment to providing world-class malware protection, with zero false positives and zero user impact.
Read Post
trilio

Enterprise Cybersecurity: A Guide to Ransomware Recovery

May 29, 2024 By Kevin Jackson In Trilio
Believing that your organization is immune to ransomware is wishful thinking at best. Despite advancements in enterprise cybersecurity, the reality is that breaches are not a matter of if but when. Even the most sophisticated preventative measures can be circumvented by determined and resourceful cybercriminals, whose methods are constantly evolving. The fallout from a successful ransomware attack can be catastrophic.
Read Post
foresiet

Trojan Warning: Malware Identified in VAHAN PARIVAHAN.apk

May 28, 2024 By Foresiet In Foresiet
The Foresiet Threat Intelligence Team has recently conducted an in-depth analysis of an Android malware Trojan masquerading as the "VAHAN PARIVAHAN.apk" application. This trojan poses a significant threat to users by leveraging a backdoor, utilizing the Telegram API bot, and exploiting the services of GoDaddy.com LLC and Mark Monitor Inc. In this blog, we delve into the specifics of this malware, including its technical details, behavior, and potential impact on users.
Read Post
foresiet

ShrinkLocker: Turning BitLocker into Ransomware

May 28, 2024 By Foresiet In Foresiet
Attackers are continually developing sophisticated techniques to bypass defensive measures and achieve their goals. One highly effective approach involves exploiting the operating system's native features to evade detection and ensure compatibility. In the realm of ransomware threats, this can be seen in the use of the cryptographic functions within ADVAPI32.dll, such as CryptAcquireContextA, CryptEncrypt, and CryptDecrypt.
Read Post
foresiet

Foresiet Explores the Patterns of Ransomware Attacks on VMware ESXi Infrastructure

May 27, 2024 By Foresiet In Foresiet
Foresiet, your trusted cybersecurity partner, delves into the intricate world of ransomware attacks targeting VMware ESXi infrastructure, shedding light on the established patterns uncovered by cybersecurity firm Sygnia. These findings unveil a standardized sequence of actions adopted by threat actors, regardless of the variant of file-encrypting malware deployed. Understanding the Modus Operandi.
Read Post
keeper

How To Prevent Ransomware Attacks on Your Devices

May 24, 2024 By Aranza Trevino In Keeper
Ransomware is one of the fastest-growing cyber attack vectors, making it crucial to learn how to prevent it. To prevent ransomware attacks on your devices, you should avoid clicking suspicious links and attachments, never insert random USBs into your device, keep your Operating System (OS) up to date, use a Virtual Private Network (VPN) when connecting to public WiFi and use a password manager to ensure your passwords are strong.
Read Post

Driving Strategic Excellence in Cybersecurity with Sue Bergamo, CISO and CIO, BTE Partners

May 23, 2024 By Rubrik In Rubrik
Welcome to the Data Security Decoded podcast, brought to you by Rubrik Zero Labs. Each episode features senior cybersecurity leaders and other luminaries with unique perspectives about the current state of data security. We explore rising trends and themes across cybersecurity and unpack what that means for organizations looking to secure their data and achieve cyber resilience.
View Video
knowbe4

Newly Updated Grandoreiro Banking Trojan Distributed Via Phishing Campaigns

May 21, 2024 By Stu Sjouwerman In KnowBe4
Researchers at IBM X-Force are tracking several large phishing campaigns spreading an updated version of the Grandoreiro banking trojan. The criminal malware operation was disrupted by law enforcement in January 2024 but resurfaced in March with an expanded set of targets. The new version of the malware is targeting more than 1,500 banks in over sixty countries.
Read Post
Corelight

Detecting the STRRAT Malware Family

May 17, 2024 By Corelight Labs Team In Corelight
In this edition of Corelight’s Hunt of the Month blog, we bring you a STRRAT malware detector. In recent months STRRAT has become one of the top malware families submitted to Any.Run’s malware sandbox: STRRAT is a Java-based remote access tool (RAT) that uses a plugin architecture to provide full remote access to an attacker, as well as credential stealing, key logging, and additional plugins.
Read Post
knowbe4

Black Basta Ransomware Uses Phishing Flood to Compromise Orgs

May 16, 2024 By Roger Grimes In KnowBe4
Rapid7 reports an interesting social engineering scheme that easily bypasses content filtering defenses and creatively uses a fake help desk to supposedly “help” users put down the attack. The Black Basta ransomware group, also covered in a recent CISA warning bulletin, floods a victim’s email inbox with many, many emails. The emails are often otherwise legitimate emails, such as newsletter confirmation emails, which most email content filtering gateways would not block.
Read Post
Rubrik

Behind the Scenes: How Rubrik's System Engineers deliver confidence to its customers

May 16, 2024 By Srikanth Janardhan In Rubrik
At Rubrik, our mission is to secure the world’s data. Data is complex and it comes in many forms (structured, unstructured, sensitive, transient, etc. ) and it is critical for every enterprise to protect it. Our systems that backup and store huge amounts of data also get subjected to extreme situations – enormous scale & stress, aging and faults.
Read Post
Forescout

Caught in the act: Ransomware attack sticks to our AI-created honeypot

May 16, 2024 By Forescout Research - Vedere Labs In Forescout
Here is the story of how we caught a ransomware attack in our research honeypot. Ransomware attacks on enterprise organizations lead the news. See Change Healthcare and Ascension. Attackers spend their time on the victim’s network, exfiltrate gigabytes of sensitive data, then lock victim’s systems — and ask for millions of dollars in ransom payment. We also hear news about how AI is used maliciously.
Read Post
cyberint

Fall of Major Ransomware Groups Sparks Rapid Rise of New Threats

May 15, 2024 By Adi Bleih In Cyberint
In 2023, international law enforcement agencies intensified their efforts against ransomware, resulting in the decline of groups such as Hive, Ragnar Locker, and the collapse of ALPHV (BlackCat). These actions underscore the growing challenges faced by ransomware groups. The significant operation in February 2024 targeting LockBit, which included arrests and the seizure of data leak sites and servers, represents one of the largest law enforcement actions taken against a major ransomware operation.
Read Post
knowbe4

New Research: Number of Successful Ransomware Attacks Rise 29% in a Just One Year

May 14, 2024 By Stu Sjouwerman In KnowBe4
New analysis of Q1’s ransomware attacks uncovers a single group responsible for the majority and discusses what makes them so successful. This sort of analysis helps to establish threat landscape trends and keeps our collective focus on the places where cyber attacks are working.
Read Post
knowbe4

"Unknown" Initial Attack Vectors Continue to Grow and Plague Ransomware Attacks

May 14, 2024 By Stu Sjouwerman In KnowBe4
Trend analysis of ransomware attacks in the first quarter of this year reveals a continual increase in the number of "unknown" initial attack vectors, and I think I might understand why. There are two reports that you should be keeping an eye on—the updated Verizon Data Breach Report and ransomware response vendor Coveware’s Quarterly Ransomware Reports. In their latest report covering Q1 of this year, we see a continuing upward trend in “unknown” as the top initial attack vector.
Read Post
knowbe4

[Beware] Ransomware Targets Execs' Kids to Coerce Payouts

May 13, 2024 By Stu Sjouwerman In KnowBe4
Just when you think bad actors cannot sink any lower, they find a way to. In a recent chilling evolution of ransomware tactics, attackers are now also targeting the families of corporate executives to force compliance and payment. Mandiant's Chief Technology Officer, Charles Carmakal, highlighted this disturbing trend at RSA last week: criminals engaging in SIM swapping attacks against executives' children.
Read Post
safebreach

SafeBreach Coverage for AA24-131A (Black Basta Ransomware)

May 13, 2024 By Kaustubh Jagtap In SafeBreach
On May10th, Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), Department of Health and Human Services (HHS), and Multi-State Information Sharing and Analysis Center (MS-ISAC) issued an urgent advisory about malicious threat activity involving the Black Basta ransomware variant. Detailed information about these threats and the associated IOCs and TTPs can be seen on #StopRansomware: Black Basta.
Read Post

ESXi Ransomware: Trends, Logging, and Detection | Threat SnapShot

May 11, 2024 By SnapAttack In SnapAttack
Since 2021, ransomware groups have set their sights on VMware ESXi hypervisors, with the SEXi variant, emerging in 2024, being the most recent threat. The Babuk Locker was one of the first to target ESXi, and its leaked source code enabled other strains like ESXiArgs, BlackBasta, and Clop to develop customized variants terminating VMs and encrypting data on ESXi servers. While employing similar tactics like exploiting vulnerabilities and encrypting VM files, these ESXi-focused ransomware exhibit patterns that provide detection opportunities across the board. By analyzing past attacks, we can better prepare for future threats targeting our virtualization environments. Join the SnapAttack community to access in-depth detection content covered in this video and stay ahead of evolving ransomware targeting ESXi.
View Video
knowbe4

Phishing-as-a-Service Platform LabHost Disrupted by Law Enforcement Crackdown

May 10, 2024 By Stu Sjouwerman In KnowBe4
One of the largest phishing-as-a-service platforms, LabHost, was severely disrupted by law enforcement in 19 countries during a year-long operation that resulted in 37 arrests. According to a recent Europol announcement, the folks behind the LabHost Phishing as a Service (PhaaS) platform were arrested last month. In a coordinated search over three days, 37 suspects were apprehended, disrupting the well-known service.
Read Post
knowbe4

[Must Read] How Boeing Battled a Whopping $200M Ransomware Demand

May 10, 2024 By Stu Sjouwerman In KnowBe4
Boeing recently confirmed that in October 2023, it fell victim to an attack by the LockBit ransomware gang, which disrupted some of its parts and distribution operations. The attackers demanded a whopping $200 million not to release the data they had exfiltrated. On Wednesday, Boeing admitted it was the company described as the "multinational aeronautical and defense corporation headquartered in Virginia" in a recently unsealed U.S. Department of Justice indictment.
Read Post
securitysenses

Top 4 Network Security Risks

May 9, 2024 By SecuritySenses In SecuritySenses
Network security integrates different processes, devices, and technologies into a broad plan that safeguards your computer networks' integrity, accessibility, and confidentiality. It keeps your networking infrastructure safe from malicious acts like manipulation and unauthorized access. Network security risks allow malicious actors to cause significant damage to your network while exposing your company's sensitive data. Discussed below are the top four network security risks.
Read Post
cyberint

All About That 8Base Ransomware Group: The Details

May 8, 2024 By Adi Bleih In Cyberint
First Publishied Nov 6th 2023 Updated May 9th 2024 Last seen on this month, 8Base is a ransomware collective that initiated its operations in April 2022. Despite its relatively short time in the cyber landscape, the group has swiftly garnered a reputation for its forceful strategies and the substantial volume of victims it has affected.
Read Post
tripwire

Hey, You. Get Off of My Cloud

May 8, 2024 By Katrina Thompson In Tripwire
The Rolling Stones wanted to protect their space; we, as security practitioners, need to protect ours. Data 'castles' in the cloud are out there, and they're constantly under siege. By drawing inspiration from a band that embodied personal freedom, we can draw some – okay, very stretched - parallels to modern cloud security. Nonetheless, they work. And we all knew this blog was coming. And if you read the blog backward you can hear the name of the latest malware family... Maybe.
Read Post
knowbe4

9 in 10 Organizations Paid At least One Ransom Last Year

May 8, 2024 By Stu Sjouwerman In KnowBe4
New analysis of cyber attacks shows ransomware attacks are running far more rampant than previously thought, with half of organizations blaming poor cyber hygiene. After last year’s shocking stat that 70% of organizations pay the ransom, it’s really surprising to see that an even greater percentage (91%) have paid a ransom at least once in the last 12 months – this according to Extrahop’s 2024 Global Cyber Confidence Index.
Read Post
cyberint

May 2024: LockBit Returns?

May 5, 2024 By Adi Bleih In Cyberint
On May 6, 2024, the LockBit ransomware group published a list of over 50 victims on their newly established data leak platform. Among the victims are NASDAQ-listed firms, major corporations, governmental organizations, and technology companies. Interestingly, some of these victims had been targeted previously by other groups or even by LockBit in earlier attacks.
Read Post

The Impact of Ransomware on Hospitals and Patient Care with Hannah Neprash, PhD

May 3, 2024 By Rubrik In Rubrik
NEWS: Cyber Security Decoded is now Data Security Decoded! In this episode of the podcast, our host and Head of Rubrik Zero Labs, Steve Stone, is joined by Dr. Hannah Neprash, a health economist whose research focuses on the delivery and financing of healthcare. Steve and Dr. Neprash discuss the findings in Rubrik Zero Labs' new report, “The State of Data Security: Measuring Your Data’s Risk,” and focus on the aspects of the report, specifically calling out the cyber threats and vulnerabilities facing healthcare organizations.
View Video
WatchGuard

Malware-as-a-Service (MaaS): How to protect your customers

May 3, 2024 By The Editor In WatchGuard
The cyberthreat landscape is in a state of constant evolution. As the digital dependency of businesses grows, so do the opportunities for those looking to take advantage of it. In recent years, we have witnessed an upsurge in a new type of malicious actor: the non-technical cybercriminal.
Read Post
bdrsuite

The New SEXi Ransomware Targets VMware ESXi Servers: What You Need to Know?

May 2, 2024 By Jasmin Kahriman In BDRSuite
Several companies running their workloads on VMware ESXi servers were attacked by the hacking group SEXi. They developed ransomware called SEXi to encrypt VMware ESXi servers, virtual machines, and backups. SEXi = ESXi – quite an interesting name, isn’t it? It points directly to ESXi.
Read Post

This is SCARLETEEL

May 2, 2024 By Sysdig In Sysdig
In under five minutes, SCARLETEEL exploits an unpatched vulnerability to access credentials, escalate privileges, and move to other accounts, potentially stealing proprietary software. To defend against this threat, sophisticated layers of defense and speed are necessary. The 555 benchmark is one way to keep your team ready to act at the speed of the cloud.
View Video
safebreach

Acid Rain, Pikabot, VenomRAT, Mallox Ransomware, and More: Hacker's Playbook Threat Coverage Round-up: March-April 2024

May 2, 2024 By Kaustubh Jagtap In SafeBreach
In this version of the Hacker’s Playbook Threat Coverage round-up, we are highlighting attack coverage for newly discovered or analyzed threats, including those based on original research conducted by SafeBreach Labs. SafeBreach customers can select and run these attacks and more from the SafeBreach Hacker’s Playbook™ to ensure coverage against these advanced threats.
Read Post
cyberint

Credentials And Control Go Bye, Bye, Bye with AsyncRAT: What You Need to Know

May 2, 2024 By Adi Bleih In Cyberint
Introduced in 2019, AsyncRAT is classified as a remote access trojan (RAT) that primarily functions as a tool for stealing credentials and loading various malware, including ransomware. This RAT boasts botnet capabilities and features a command and control (C2) interface, granting operators the ability to manipulate infected hosts from a remote location.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.