Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Arctic Wolf Labs is aware of several instances of ransomware cases where the victim organizations were contacted after the original compromise for additional extortion attempts. In two cases investigated by Arctic Wolf Labs, threat actors spun a narrative of trying to help victim organizations, offering to hack into the server infrastructure of the original ransomware groups involved to.

Hitting three hospitals within a Germany-based hospital network, the extent of the damage in this confirmed ransomware attack remains undetermined but has stopped parts of operations. It appears that affiliates of ransomware gangs have forgotten the golden rule – you don’t hit hospitals. It’s one thing to disrupt operations at a regular brick and mortar business. But hitting a business where someone’s life could be literally placed in jeopardy because a system is unavailable?

Chae$ 4 threatens the finance and logistics sectors, 3AM ransomware attacks continue, BattleRoyal deploys DarkGate and NetSupport, and Andariel steals South Korean defense secrets.

The main differences between a worm and a virus are how they spread and how they are activated. Worms spread automatically to devices through a network by self-replicating, whereas viruses spread by attaching themselves to files or programs. Worms don’t need human interaction to activate and infect a device, whereas viruses do. Continue reading to learn more key differences between worms and viruses and how to keep your devices and data safe from both types of malware.

Bunker Hill Community College (BHCC) serves a population of about 13,000 across two campuses and dispersed locations. BHCC offers over 100 degrees, including arts, sciences, business, health, law, and STEM opportunities. In May 2023, BHCC experienced a ransomware event—officials responded by taking their systems offline—but the threat was successful nonetheless. The assailants stole an estimated 195,588 records in their attack.

Monster, a novel Ransomware-as-a-Service (RaaS) built on Delphi, surfaced in March 2022 and caught the attention of the BlackBerry Incident Response (IR) team during an incident investigation. After its initial appearance, Monster’s capabilities and its ransomware partnership program were promoted on the Russian Anonymous Marketplace (RAMP) in June. The mastermind behind Monster ransomware later introduced an enhanced version named Beast Ransomware, incorporating advanced features.

The number of new types of attacks that compromise organizations’ cybersecurity is on the rise. Cybercriminals are more capable than ever of adapting and upgrading their attack formats to circumvent their victims' protection protocols. Data shows that the volume of new attacks is increasing every year. According to Astra, this year we have reached a record number of 560,000 new types of malware detected daily. This brings the number of malware currently in existence to over one billion.

A new report from the U.K. government’s Joint Committee on the National Security Strategy (JCNSS) outlines both just how likely an attack on critical national infrastructure is and where they are vulnerable. The impact of a coordinated cyberattack on the U.K.’s national infrastructure could impact millions of citizens within its country, according to the JCNSS’s report A hostage to fortune: ransomware and UK national security.

In this version of the Hacker’s Playbook Threat Coverage round-up, we are highlighting attack coverage for newly discovered or analyzed threats, including those based on original research conducted by SafeBreach Labs. SafeBreach customers can select and run these attacks and more from the SafeBreach Hacker’s Playbook™ to ensure coverage against these advanced threats. Additional details about the threats and our coverage can be seen below.