Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

AsyncRAT appears in a new campaign, Water Curupira distributes PikaBot loader malware, and Turkish hackers exploit global MS SQL servers.

Here at Rubrik, few things excite us more than knowing that the work we do enables a smoother functioning of our governments. Government organizations have an important duty to defend our nation’s critical institutions and essential infrastructure against threat actors—while operating with limited budgets and limited resources. Rubrik has a long history of securing public sector institutions. We have relentlessly focused on developing products that ensure rapid and confident cyber recovery.

AutoIt is a scripting language designed for automating the Windows GUI and general scripting. Over the years, it has been utilized for malicious purposes, including AutoIt-compiled malware, which dates back to as early as 2008. Malware creators have exploited the versatility of AutoIT in a variety of ways, such as using obfuscated scripts for payload decryption, utilizing legitimate tools like BaSupportVNC, and even creating worms capable of spreading through removable media and Windows shares.

On January 16th, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent advisory to highlight the ongoing malicious activities by threat actors deploying the Androxgh0st Malware. Detailed information about these activities and the associated indicators of compromise (IOCs) and the various tactics, techniques, and procedures (TTPs) is listed in Known Indicators of Compromise Associated with Androxgh0st Malware.

The main difference between malware and viruses is that malware is an umbrella term used to describe all types of malicious software, whereas viruses are a specific type of malware. In other words, all viruses are malware but not all types of malware are viruses. Continue reading to learn what malware is, what a virus is, the key differences between the two and how you can protect yourself against all types of malware, including viruses.

Play is a recent entrant into the realm of ransomware, with its initial appearance being identified in June 2022. In this context, “Play” encompasses both the entity responsible for its development and distribution, as well as the name of the executable used for the ransomware. Following a pattern observed among numerous actors in this domain, Play has embraced the strategy of double extortion.

2023 is considered the most successful year for ransomware groups in history. One of the most common threats to organizations worldwide claimed this year 4,368 victims – a climb of over 55.5% since last year. Q2 and Q3 alone claimed more victims than the entire 2022, with 2903 victims.

Rhadamanthys, an info stealer, written in C++, was first seen on August 22, 2022. This stealer, still gets updates and patched regularly. Version 0.5.0 shifted towards a more customizable framework allowing threat actors to counter security measures and exploit vulnerabilities by deploying targeted plugins, such as ‘Data Spy,’ which monitors RDP logins.

Read also: The US charges admins, sellers and buyers linked to xDedic, a ShinyHunters hacker gets 3 yers in prison, and more.

BlackCat is and has been one of the more prolific malware strains in recent years. Believed to be the successor of REvil, which has links to operators in Russia, it first was observed in the wild back in 2021, according to researchers. BlackCat is written in the Rust language, which offers better performance and efficiencies than other languages previously used. BlackCat is indiscriminate in how it targets its victims, which range from healthcare to entertainment industries.