In November 20211 and February 2022,2 Microsoft announced that by default it would block Excel 4 and VBA macros in files that were downloaded from the internet. Following these changes, CrowdStrike Intelligence and the CrowdStrike Falcon® Complete managed detection and response team observed eCrime adversaries that had previously relied on macro execution for malware delivery adapt their tactics, techniques and procedures (TTPs).

The Minneapolis public school district includes approximately 100 primary and secondary public schools. Between the many different schools, approximately 36,000 students are served by about 1,500 teachers. The district is currently suffering from a ransomware attack supposedly and is being extorted for a $1 Million payment by a ransomware gang.

BlackSnake is a ransomware-as-a-service (RaaS) group that first appeared in a hacking forum in August 2022, where the operators were seeking affiliates and stating that they would take 15% of the profit, which is below the typical average of 20-30%. On February 28, 2023, a new variant of BlackSnake was spotted, and is notable for having a clipper module that targets cryptocurrency users.

Companies around the world and across industries face greater cyber threats than ever before. Cybersecurity incidents are becoming ever more frequent, and the costs associated with those attacks have marched upward too. As the risks grow, companies have strengthened their capabilities, both in prevention and incident response. Still, no company can guarantee that it will never be hacked, so companies must have cyber insurance in place in case the worst happens.

A major logistics company was hit by a ransomware attack at a time when it was reviewing and upgrading its cybersecurity defense. Kroll provided seamless incident response to enable the company to act quickly to mitigate and minimize the damage caused by the attack. The company also deployed Kroll Responder, Kroll’s award-winning Managed Detection and Response (MDR) solution, giving it comprehensive 24/7 visibility and management of threats and enhancing its long-term cyber resilience.

A Rootkit is a malicious program composed of malware that is created to provide prolonged root-level or privileged-level access to a computer. It remains hidden in the computer system while maintaining control of the system remotely. Rootkits have the ability to steal data, eavesdrop, change system configurations, create permanent backdoors, deactivate other security defensive programs, and conceal other types of malware.

A joint FBI and CISA advisory on Royal ransomware, Sharp Panda’s new malware variant, and an update on IceFire ransomware.

Chat Generative Pre-trained Transformer (ChatGPT) is now available on the official Google Chrome store as a browser extension, giving you easy access to this sophisticated chatbot. How exciting does that sound? Read the full story here.

Another day, another cyber espionage campaign exploiting two legitimate and well-known cloud services to deliver the malicious payload. Once again, this campaign was unearthed by researchers at Sentinel One, and it is aimed to distribute the Remcos Remote Access Tool (yet another example of a remote control tool used for malicious purposes) through the DBatLoader to target predominantly organizations in Eastern Europe.

First observed in 2019 and advertised (Figure 1) as a ‘Malware-as-a-Service’ (MaaS) threat on various cybercriminal forums, Raccoon is an information stealer targeting victim credentials and cryptocurrency wallets. Seemingly favored by some threat actors due to its simplicity, the malware element of Raccoon omits advanced features, such as those used to evade detection, and instead focuses on the ‘stealer’ task in hand.