Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Over the past week, an establishment of a new ransomware franchise has emerged named GhostLocker. Ghost Locker is a new Ransomware-as-a-Service (Raas) established by several hacktivist groups led by GhostSec. Recently, many hacktivist groups have tried to engage in cybercrime activities in order to sustain themselves and GhostLocker seems to be one of these cases. In fact, some ransomware groups have already migrated to using GhostLocker instead of their original products.

Kroll has observed an uptick in cases of DARKGATE malware being delivered through Microsoft Teams messages. These campaigns have mainly targeted organizations in the transportation and hospitality sectors. This activity has also been reported throughout open-source reporting, sharing a number of key indicators with Kroll observations, such as common filenames, adversary infrastructure and similar domain name conventions to host the initial download.

As attackers evolve their toolsets and processes, the significant drop in dwell time signifies a much higher risk to organizations that now have less time to detect and respond to initial attacks. This is bad news. Two years ago, the median dwell time – the time between gaining access to a network and executing the ransomware – was 5.5 days. Last year it was 4.5 days.

Understanding Qakbot Malware Qakbot is a sophisticated banking Trojan that first emerged around 2007 and has continued to evolve over the years. Its primary goal is to steal sensitive financial information, including banking credentials and personal data, from infected systems. Once it infiltrates a system, it can also serve as a delivery mechanism for other malicious payloads, making it a potent tool for cybercriminals.

The threat intelligence data that Forescout Research – Vedere Labs curates comes from the millions of connected devices that we monitor, attacks we observe and dissect in our sandboxes, data relating to attacks that is traded on the Darknet, and from our Adversary Engagement Environment. We see a lot of data. One thing no cybersecurity researcher wants to see, however, is an attack on their own organization.

The Ransomware Defence Assessment (RDA) service offers a comprehensive approach to bolster your organisation against ransomware threats. Our method, leveraging the CIS framework, combines asset identification, vulnerability scanning, policy review, training, and continuous improvement to ensure a holistic defence strategy.

Q3 will be remembered as a new record for the ransomware industry as it was the most successful quarter ever recorded. While the number skyrocketed in Q2 with 1386 cases, in Q3, the ransomware industry was able to surpass this number with 1420 cases. With no surprise, the U.S. continues to be the most targeted country by ransomware, while the business services sector is the most targeted sector.

The infostealer malware Rhadamanthys was discovered in the last quarter of 2022. Its capabilities showed a special interest in crypto currency wallets, targeting both wallet clients installed in the victim’s machine and browser extensions. The main distribution methods observed for this threat are fake software websites promoted through Google Ads, and phishing emails, without discriminating by region or vertical.