Late December 2021: A company coming off a record year for revenue growth was preparing to ramp down for a week to celebrate the December holidays. However, unbeknownst to the company, just a few days prior, one of its longest-serving employees had been recruited by a ransomware group. The employee had responded to a posting on a computer hacking forum asking for access to corporate networks in return for cash payouts.

On Jan. 15, 2022, a set of malware dubbed WhisperGate was reported to have been deployed against Ukrainian targets. The incident is widely reported to contain three individual components deployed by the same adversary, including a malicious bootloader that corrupts detected local disks, a Discord-based downloader and a file wiper. The activity occurred at approximately the same time multiple websites belonging to the Ukrainian government were defaced.

From nation-state threat actors to typical cybercriminals, the public sector faces a multitude of cybersecurity threats. At the same time, public-sector organizations struggle to maintain a robust cyber hygiene posture because they need to balance limited budgets with complex IT environments and highly interconnected ecosystems.

Elastic Security has verified a new destructive malware targeting Ukraine: Operation Bleeding Bear. Over the weekend, Microsoft released details about this multi-stage and destructive malware campaign that the Ukrainian National Cyber Security Coordination Center has been referring to as Operation Bleeding Bear.

Protecting your data in the cloud is fundamental to your security posture in terms of business continuity and disaster recovery. While Rubrik customers utilize the cloud every day to safely store off-site copies of their data, this blog is going to explain how we’ve made that practice even safer! We know that security threats to backup systems are on the rise, with hacking, malware, and even human error becoming more prevalent in the age of remote work.

Malware targeting Linux-based operating systems, commonly deployed in Internet of Things (IoT) devices, have increased by 35% in 2021 compared to 2020, according to current CrowdStrike threat telemetry, with the top three malware families accounting for 22% of all Linux-based IoT malware in 2021.

Since the return of the Qakbot Trojan in early September 2021, especially through SquirrelWaffle malicious spam campaigns, we’ve received a few Qakbot samples to analyze from our Trustwave DFIR and Global Threats Operations teams.