Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Ransomware attacks do not simply start and end with a locked computer screen and a ransom note. They unravel as intricate narratives, leaving a trail of financial wreckage, operational interruptions, and reputational damage in their wake. These attacks bear significant costs. In 2022, the average cost of a ransomware attack was a whopping $4.54 million, per IBM Security and the Ponemon Institute. And that does not include the actual ransom payment itself.

The Sysdig Threat Research Team (TRT) recently discovered a new, financially motivated operation, dubbed LABRAT. This operation set itself apart from others due to the attacker’s emphasis on stealth and defense evasion in their attacks. It is common to see attackers utilize scripts as their malware because they are simpler to create. However, this attacker chose to use undetected compiled binaries, written in Go and.NET, which allowed the attacker to hide more effectively.

The Rhysida ransomware as a service (RaaS) group was first revealed in May 2023. Since then, the group has claimed 41 victims, including some high-profile ones such as the Chilean army and five educational institutions in the U.S. The group is also suspected to be behind the attack against Prospect Medical Holdings, which affected 17 hospitals and 166 clinics in the U.S., although Prospect is not listed as a victim on Rhysida’s website.

Cloud takeover campaign targets top-level executives, Rhysida ransomware threatens the healthcare sector, and LOLKEK ransomware continues to evolve.

On April 21st, 2023, AT&T Managed Extended Detection and Response (MXDR) investigated an attempted ransomware attack on one of our clients, a home improvement business. The investigation revealed the attacker used AuKill malware on the client's print server to disable the server's installed EDR solution, SentinelOne, by brute forcing an administrator account and downgrading a driver to a vulnerable version.

AT&T Alien Labs researchers recently discovered a massive campaign of threats delivering a proxy server application to Windows machines. A company is charging for proxy service on traffic that goes through those machines. This is a continuation of research described in our blog on Mac systems turned into proxy exit nodes by AdLoad.

Grab a cup of coffee, and let's talk about something that's been making waves in the cybersecurity world: ransomware. You've probably heard about the alarming rise in ransom payments, but did you know that ransom monetization rates have actually fallen to a record low? It's a complex and evolving landscape, and we're here to break down the recent very interesting Coveware report for you.

According to a new report, cybercriminals are making full use of AI to create more convincing phishing emails, generating malware, and more to increase the chances of ransomware attack success. I remember when the news of ChatGPT hit social media – it was everywhere. And, quickly, there were incredible amounts of content providing insight into how to make use of the AI tool to make money.

Malvertising–also called malicious advertising–is when cybercriminals use advertisements to infect devices with malware. Malvertising can appear on any advertisement you see online, you don’t necessarily have to be on a malicious website to be a victim of this cyberthreat. When a victim is exposed to a malvertisement, their device and data are at risk of being compromised, even if they don’t interact with the advertisement.

Law firms are being targeted by a large number of social engineering attacks involving the Gootloader malware delivery tool, according to researchers at Trustwave. “Recently, we’ve seen a noticeable surge in malware cases linked to a malicious payload delivery system known as Gootloader,” the researchers write. “The group behind this malware is believed to operate a malware-as-a-service operation, exclusively providing a malware delivery service for other threat actors.