Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

While browsing the internet, you may accidentally install spyware on your phone without even knowing. Android phones are known to be more susceptible to spyware than iPhones; however, anyone who owns a smartphone needs to watch out for spyware – especially if your phone is outdated or jailbroken. Some ways you can tell if spyware is installed is if your phone’s camera and mic turn on randomly, you hear a noise during phone calls, or you see unfamiliar apps and files on your phone.

Cybercriminals increasingly used malvertising to gain initial access to victims’ networks in 2023, according to Malwarebytes’s latest State of Malware report. The researchers note that the Royal ransomware group has been using phony ads for TeamViewer to deliver malware as a precursor to its ransomware attacks.

A new and concerning chapter has unfolded in these troubled times of geopolitical chaos. The Cozy Bear threat actor has caused significant breaches targeting Microsoft and HPE, and more are likely to come. These recent events have sent shockwaves throughout the tech community, and for good reason. As we continue to uncover the fallout from these breaches, it has become apparent that the magnitude of the incident is more significant than we first realized.

Cyjax analysts have identified the distribution of STOP ransomware on Google Groups through mass spam attacks on Usenet. Over 385,000 posts have been observed, which contain malicious links resulting in ransomware infection. This campaign, henceforth referred to as “STOPNET.GG”, has been in operation since at least May 2023, and is ongoing at the time of writing.

LockBit continues to be a top threat for organizations in the very diverse ransomware landscape. In the first half of 2023, there were more successful LockBit attacks than using any other ransomware family, with BlackCat and Clop coming in second and third. LockBit continued to successfully breach the world’s top companies and governmental agencies throughout 2023.

Understanding malware is essential to defending an organization against attacks. Analyzing suspicious applications helps us determine if an alert is a false positive, and the information discovered can be used to help remediate an incident or strengthen a system's defenses against further attacks.

DarkGate malware spreads via Teams group chats, Telegram marketplaces contribute to phishing attacks, and BianLian ransomware targets multiple industries.

In our previous blog, we discussed the importance of product quality, different types of testing we rely on at Rubrik, and how automated testing plays a pivotal role in ensuring quality of our products. Relying heavily on Unit, Component and Integration testing is important. But there will be code paths which we may not be able to cover using these types of tests. In the picture below, we can see a high-level view of our solution.

On January 16, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) sent out a Cybersecurity Advisory (CSA) about active threat actors deploying the AndroxGh0st malware. This is significant as cyber criminals are actively using this malware to target Laravel (CVE-2018-15133) (an open source PHP framework).env files and obtain credentials for various high profile applications like Office365, SendGrid, and Twilio.