Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On Jan. 15, 2022, a set of malware dubbed WhisperGate was reported to have been deployed against Ukrainian targets. The incident is widely reported to contain three individual components deployed by the same adversary, including a malicious bootloader that corrupts detected local disks, a Discord-based downloader and a file wiper. The activity occurred at approximately the same time multiple websites belonging to the Ukrainian government were defaced.

From nation-state threat actors to typical cybercriminals, the public sector faces a multitude of cybersecurity threats. At the same time, public-sector organizations struggle to maintain a robust cyber hygiene posture because they need to balance limited budgets with complex IT environments and highly interconnected ecosystems.

Elastic Security has verified a new destructive malware targeting Ukraine: Operation Bleeding Bear. Over the weekend, Microsoft released details about this multi-stage and destructive malware campaign that the Ukrainian National Cyber Security Coordination Center has been referring to as Operation Bleeding Bear.

Malware targeting Linux-based operating systems, commonly deployed in Internet of Things (IoT) devices, have increased by 35% in 2021 compared to 2020, according to current CrowdStrike threat telemetry, with the top three malware families accounting for 22% of all Linux-based IoT malware in 2021.

Since the return of the Qakbot Trojan in early September 2021, especially through SquirrelWaffle malicious spam campaigns, we’ve received a few Qakbot samples to analyze from our Trustwave DFIR and Global Threats Operations teams.

As the pandemic continues, organizations around the world are working hard to adapt to the “new normal.” This article highlights the key trends that we will face in 2022 and beyond. Ransomware attacks more than doubled in 2021 compared to 2020, with healthcare and utilities the most commonly targeted sectors. Moreover, attacks are getting more expensive, with the average ransomware payment leaping from US$312,000 in 2020 to $570,000 in 2021.

The early stages of an intrusion usually include initial access, execution, persistence, and command-and-control (C2) beaconing. When structured threats use zero-days, these first two stages are often not detected. It can often be challenging and time-consuming to identify persistence mechanisms left by an advanced adversary as we saw in the 2020 SUNBURST supply chain compromise. Could we then have detected SUNBURST in the initial hours or days by finding its C2 beacon?

It was 11 PM on a Friday in November of 2019. WED2B IT systems administrator Jamie Jeeves started receiving a barrage of email alerts warning that antivirus (AV) clients were crashing in the company’s central office. All prospects for a relaxing weekend vanished when Jeeves logged into the remote system to investigate the AV shutdowns. While checking the network’s file share, Jeeves noticed they were in trouble. Mass encryption of data was underway.