The cybersecurity landscape has recently been shaken by a surge in activity involving a Mirai distributed denial-of-service (DDoS) botnet variant known as CatDDoS. Over the past three months, threat actors have aggressively exploited more than 80 vulnerabilities to spread this malware. In this blog, we explore the recent CatDDoS attacks, the targeted sectors, and the implications for cybersecurity practices.

Did your company fall victim to the LockBit ransomware? Have cybercriminals left gigabytes of your data encrypted, with no easy route for recovery that doesn't involve paying a ransom? Well, don't fear. The FBI announced this week that it had obtained over 7,000 decryption keys for the LockBit ransomware and is urging victims to come forward for free assistance.

Threat actors prefer deploying tools which appear genuine and expected in a business IT environment. This provides camouflage for their toolset, blending into organisations' application portfolios. NetSupport Manager, a remote access tool, has been utilised by system administrators since its release in 1989 and has been used by threat actors since at least 2016.

CrowdStrike is constantly researching, working and innovating to stay at the cutting edge of threat detection and response. Recently, these efforts include EMBERSim, a large-scale dataset developed to address limitations in binary code similarity (BCS), improve malware detection and facilitate future work in this area.

While often considered a newer threat, and rightly so given its fast-rising dominance among the cybercrime landscape, ransomware is not a recent innovation in the ongoing cyber war. It stretches back decades to the early days of the internet, email, and even floppy discs.

During a recent client investigation, Trustwave SpiderLabs found a malicious version of the Advanced IP Scanner installer, which contained a backdoored DLL module. Our client had been searching for the Advanced IP Scanner tool online and inadvertently downloaded the compromised installer from a typo-squatted domain that appeared in their search results. Figure 1. Search results for Advanced IP Scanner may direct users to a malicious domain.

On May 2, 2024, Arctic Wolf Labs began monitoring deployment of a new ransomware variant referred to as Fog. The ransomware activity was observed in several Arctic Wolf Incident Response cases, each exhibiting similar elements. All victim organizations were located in the United States, 80% of which were in the education sector and 20% in the recreation sector. We are sharing details of this emerging variant to help organizations defend against this threat.

While both locker and crypto ransomware are types of ransomware, there is one key difference between the two. The main difference between locker and crypto ransomware is that locker ransomware locks an entire device whereas crypto ransomware only encrypts files and data stored on the infected device. Keep reading to learn more about locker and crypto ransomware and how your organization can prevent these and other ransomware attacks.

With ransomware increasing and a complex, business-critical cloud migration on the horizon, BSM, one of the world’s largest shipping companies, was seeking a solution to monitor its environment for potential threats, both now and in the future. Working with Kroll gives the company greater visibility across its global network of offices and ships to better detect and respond to threats.