Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The City of Dallas, Texas, is the ninth largest in the United States currently, with a population of more than 2.6 million people. This massive city was just hit by a substantial ransomware attack by the Royal ransomware gang. The attack interfered with policy response time, 911 services, the police website, the city's court system, and more. With such significant interference occurring in the city's system of government, it's a serious issue for everyone in Dallas.

Recently, a new trend has emerged in the world of ransomware: intermittent encryption, the partial encryption of targeted files. Many ransomware groups, such as BlackCat and Play, have adopted this approach. However, intermittent encryption is flawed. In this blog post, I will introduce White Phoenix, a tool my team built that takes advantage of the fact that those files aren’t entirely encrypted and can, in the right circumstances, salvage some content from the unencrypted parts of the files.

560,000 new pieces of malware are detected daily and over 1 billion malware programs exist currently. The first half of 2022 alone saw 236.7 million ransomware attacks globally with an average cost of $4.54 million per incident. This Blog Includes show Top Malware Attack Statistics Malware statistics 2023 How Many Malware Are Detected Every Day?

CommScope is a massive tech company with more than 30,000 employees. The organization works with companies around the world and helps to establish network infrastructure systems for hospitals, schools, federal agencies, and more. CommScope is based out of Hickory, North Carolina, and has been in business since 1976. The massive company has an annual revenue of 9.23 billion USD and manages substantial networks for businesses throughout the United States.

The most common route for malware infections remains social engineering in its various forms: phishing, vishing, etc. Such approaches take advantage of users’ deliberately cultivated willingness to trust communications they receive and to follow the instructions and links such malicious communications carry.

March saw a huge jump in ransomware compared to January and February, signifying that organizations should expect to see a lot more of these attacks this year. With security solutions getting good at spotting and stopping malware on endpoints and servers, you’d think that ransomware attacks would be dwindling. But, according to the NCC Group’s Cyber Threat Report for March 2023, it feels a lot more like 2023 is going to be a repeat of 2022, but at significantly higher attack levels.

The annual RSA Conference always brings exciting product innovations, new partnerships, and lots of debate across cybersecurity and risk practitioners, and last week’s event was no different. RSAC comes on the heels of the recently released National Cybersecurity Strategy which outlined heightened security aspirations for technology providers and organizations that maintain personal data.

CrossLock is a ransomware group that emerged in April 2023, targeting a large digital certifier company in Brazil. This ransomware was written in Go, which has also been adopted by other ransomware groups, including Hive, due to the cross-platform capabilities offered by the language. CrossLock operates in the double-extortion scheme, by threatening to leak stolen data on a website hosted on the deep web if the ransom isn’t paid by the victim.

In recent years, especially with hybrid work, almost everyone uses an iOS or Android device for work. In fact, in a recent survey, Lookout found that 92% of remote workers use their personal laptops or smartphones for work tasks, with 46% of them having saved files onto their devices. Now that employees expect to be productive from anywhere, organizations across all industries have become more relaxed with allowing the use of personal devices with bring-your-own-device (BYOD) programs.

Researchers at the Lookout Threat Lab have discovered a new Android surveillance tool which we attribute with moderate confidence to the Law Enforcement Command of the Islamic Republic of Iran (FARAJA). Named BouldSpy for the “BoulderApplication” class which configures the tool’s command and control (C2), we have been tracking the spyware since March 2020.