DarkGate malware spreads via Teams group chats, Telegram marketplaces contribute to phishing attacks, and BianLian ransomware targets multiple industries.
In our previous blog, we discussed the importance of product quality, different types of testing we rely on at Rubrik, and how automated testing plays a pivotal role in ensuring quality of our products. Relying heavily on Unit, Component and Integration testing is important. But there will be code paths which we may not be able to cover using these types of tests. In the picture below, we can see a high-level view of our solution.
In 2023, Remote Access Trojans (RATs) and Trojan Stealers were some of the most prevalent types of malware in the cybersecurity landscape. RATs and Trojan Stealer malware represent significant cybersecurity threats, as they’re often employed to conduct espionage, surveillance, and data theft, which emphasizes the critical need for robust defenses.
During an Advanced Continual Threat Hunt (ACTH) investigation that took place in early December 2023, Trustwave SpiderLabs discovered Ov3r_Stealer, an infostealer distributed using Facebook advertising and phishing emails. SpiderLabs’ “Facebook Advertising Spreads Novel Malware Variant,” is an in-depth dive into Ov3r_Stealer, exposing what the Threat Hunt team learned about the threat actors, their techniques, tactics, and procedures and how the malware functions.
On January 16, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) sent out a Cybersecurity Advisory (CSA) about active threat actors deploying the AndroxGh0st malware. This is significant as cyber criminals are actively using this malware to target Laravel (CVE-2018-15133) (an open source PHP framework).env files and obtain credentials for various high profile applications like Office365, SendGrid, and Twilio.
Cybercriminals can spread malware through phishing attacks, man-in-the-middle attacks, exploit kits and drive-by downloads. Cybercriminals typically use social engineering tactics to trick people into downloading malware or exploit security vulnerabilities to install malware without the victim knowing. Continue reading to learn more about malware, how cybercriminals spread it, how to detect if your device is infected and how to stay protected against malware.
New data for Q4 of 2023 reveals a sizable shift in the cyber threat landscape, with serious implications regarding ransomware and social engineering attacks targeting both the largest and smallest organizations worldwide. The good news is that ransoms continue to decline – according to the most recent Quarterly Ransomware Report from ransomware response vendor Coveware.
While most end users are well-acquainted with the dangers of traditional phishing attacks, such as those delivered via email or other media, a large proportion are likely unaware that Microsoft Teams chats could be a phishing vector. Most Teams activity is intra-organizational, but Microsoft enables External Access by default, which allows members of one organization to add users outside the organization to their Teams chats.
The Play ransomware group is one of the most successful ransomware syndicates today. All it takes is a quick peek with a disassembler to know why this group has become infamous. This is because reverse engineering the malware would be a Sisyphean task full of anti-analysis techniques. That said, it might come as a surprise that the malware crashes quite frequently when running.