Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On January 19, Microsoft issued an advisory disclosing a cybersecurity incident targeting their M365 tenants and attributing the attack to Midnight Blizzard, a state-sponsored actor also known as Nobelium and APT29. Following this, on January 24, the Microsoft team expanded on the initial announcement with a comprehensive blog post providing more insights about the attack and outlining specific tactics, techniques and procedures leveraged by the threat actor.

As the popularity of SaaS apps continues to grow, security analysts expect the misuse of such apps as the host for malware downloads to continue to rise through 2024. I’ve provided plenty of examples on this blog of threat actors using cloud-based SaaS applications to host impersonated websites and malicious downloads. The credibility of such sites aids the cybercriminal, as traffic to and from reputable sites have a tendency to get past security solutions.

Analysis of this newly-spotted service makes it clear that the newest entrant into the Ransomware-as-a-Service (RaaS) space has taken note of where predecessors are lacking and launched a better product. Given the financial and operational disruption ransomware has caused since last year, any headline about a new RaaS will surely lead to anxiety and grimace for IT and security professionals.

In a typical ransomware attack, an adversary attempts to deploy ransomware directly on the machines they wish to encrypt. However, ransomware groups are increasingly adopting a newer tactic to ensure the success of their campaigns: remote encryption.

Malware attacks continue to be the order of the day for businesses. The adaptability of threats and the fact that new attack models spread almost daily mean they are still very much a concern among cybersecurity professionals. The rise of malicious threat actors seems unstoppable. According to Gartner, by 2025, 45% of organizations worldwide will have experienced attacks on their software, which represents a staggering 300% growth since 2021.

It was almost exactly 10 years ago in December 2013 that we wrote our first blog post about detecting CryptoLocker, which was the first sophisticated Ransomware attack of its kind back then. BTW, 2013 was the year of the Boston Marathon bombing, Edward Snowden leaking secret NSA information, Syrians fleeing their home country and Nelson Mandela passing away.

Ranging from the process of recovering stolen data to having to hire legal services, a cyberattack generates a series of costs that companies have to face. According to an IBM report, the global average cost of a data breach reached $4.45 million in 2023, which represents an increase of 15% in three years. This seven-digit figure is clearly worrying.

Data is at the heart of nearly every business operation, and it’s critical to ensure the security and integrity of that data. Amazon Simple Storage Service (S3) has long been a popular choice for organizations seeking a scalable, cost-effective, and resilient storage solution for their data needs. In fact, nearly one million organizations around the world rely on Amazon S3 to store hundreds of exabytes of unstructured, business-critical data.

DarkGate is a commodity malware with multiple features including the ability to download and execute files to memory, a hidden virtual network computing (HVNC) module, keylogging, information-stealing capabilities, and privilege escalation.