Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Apparently expanding efforts outside of Southeast Asian countries, this threat group’s known malware has shown up in a European healthcare facility, raising concerns for USB-based attacks. You’d think that literally no one uses USB drives anymore, making them a very improbable attack vector. And yet, the Camaro Dragon APT group has been tracked by security researchers at Check Point for well over a year, with them finding instances of attacks throughout all of last year and into this year.

On the 6th of July 2023, a joint advisory was published by CISA, the FBI, and CCCS (Canadian Center for Cyber Security) warning of a malware campaign actively exploiting a Remote Code Execution (RCE) vulnerability in Netwrix Auditor (CVE-2022-31199) for initial access.

On July 6th, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Canadian Centre for Cyber Security (CCCS) released an advisory highlighting the newly identifying Truebot malware variants. Truebot (also known as Silence Downloader) is a botnet that has been used by the CL0P ransomware gang to collect and exfiltrate stolen target victim information.

There's good news for any business which has fallen victim to the Akira ransomware. Security researchers at anti-virus company Avast have developed a free decryption tool for files that have been encrypted since the Akira ransomware first emerged in March 2023. The ransomware has been blamed for a number of high profile attacks - including ones against universities, financial institutions, and even a daycare centre for children.

The largest port in Japan, Nagoya, is now the most recent victim of a ransomware attack. The attack impacts the operation of container terminals, as the port handles over two million containers each year. This port is also used by the Toyota Motor Corporation, one of the world’s largest automakers, to export most of its cars.

The InfoStealer and remote-access-tools (RATs) markets constantly provide us with new products. The Cyberint Research Team discovered a new RAT that is claiming to be the next popular threat against organizations and individuals worldwide. With fairly interesting PR and marketing methods, RevolutionRAT seems to be gaining attention with a growing Telegram community after only a few days of operation.

The ransomware industry has been a prominent player this quarter, causing significant impact and affecting numerous organizations globally. With its widespread threat, the industry has successfully claimed 1386 victims. The industry is feeling increasingly impacted by ransomware as many critical vulnerabilities were discovered this quarter. Additionally, the emergence of new groups, both from the end of 2022 and during this quarter, has contributed to the industry’s growth.

In the face of persistent data breaches and escalating cyber threats, organizations are compelled to prioritize cloud defense in depth. These measures are indispensable for protecting critical assets and upholding the integrity of cloud-based systems. By establishing a comprehensive security plan, organizations can effectively convey their commitment to security and lay a solid foundation for a resilient and secure cloud environment.