The city government of Oakland has declared a state of emergency after it was hit by a ransomware attack. The attack, which began in the evening of February 8th, has forced the city to take all its IT systems offline, and has affected many non-emergency services, including the ability to collect payments, issue permits, and process reports.

The underground economy of the initial access brokers (IABs) is more flourishing than ever. At least this is one of the conclusions of the recent report “Hi-Tech Crime Trends 2022/2023” released by Group-IB. Initial access brokers exploit vulnerabilities or misconfigurations to get hold of valid access credentials (typically VPN or RDP) and outsource or sell them to criminal gangs, including ransomware operators.

Ransomware appears to be one of the most expensive and disruptive internet afflictions. It is a type of malware that encrypts the victim's files and vital information, and hackers demand payoffs to provide the decryption keys. While ransomware is not any new form of attack on cybersecurity, the prevalent scenario is indeed alarming; the following numbers corroborate the same- It seems that individuals and organizations are likely to get affected by ransomware attacks even in 2023 and beyond.

The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. This blog was jointly authored with Arjun Patel. GuLoader is a malware downloader that is primarily used for distributing other shellcode and malware such as ransomware and banking Trojans.

In a year where headlines were dominated by the global economic and geopolitical uncertainty around Russia’s war on Ukraine, 2022 saw a threat landscape that was both volatile and fragmented, largely due to the war. As the year drew to an end, ransomware hit a peak, primarily due to the rise in attacks impacting the manufacturing, health care, technology and telecommunications industries.

Info-stealers are malicious software designed to extract sensitive information, such as passwords, from victim systems. Info-stealers have become one of the most discussed malware types in cybercriminal underground forums. Let’s see how info-stealers have evolved recently to become the threat that they are. Then, we’ll look at a specific stealer freely available as open-source that could be used in future attacks.