Malware

Ransomware Trends Q4 2023 Report

Jan 16, 2024 By Shmuel Gihon In Cyberint

2023 is considered the most successful year for ransomware groups in history. One of the most common threats to organizations worldwide claimed this year 4,368 victims – a climb of over 55.5% since last year. Q2 and Q3 alone claimed more victims than the entire 2022, with 2903 victims.

Read Post

Cyberint

Read more about Ransomware Trends Q4 2023 Report

Blink-and-Update: All About Rhadamanthys Stealer

Jan 16, 2024 By Coral Tayar In Cyberint

Rhadamanthys, an info stealer, written in C++, was first seen on August 22, 2022. This stealer, still gets updates and patched regularly. Version 0.5.0 shifted towards a more customizable framework allowing threat actors to counter security measures and exploit vulnerabilities by deploying targeted plugins, such as ‘Data Spy,’ which monitors RDP logins.

Read Post

Cyberint

Read more about Blink-and-Update: All About Rhadamanthys Stealer

Babuk Tortilla Ransomware Dev Arrested In Amsterdam

Jan 11, 2024 By ImmuniWeb Cybersecurity Blog In ImmuniWeb

Read also: The US charges admins, sellers and buyers linked to xDedic, a ShinyHunters hacker gets 3 yers in prison, and more.

Read Post

ImmuniWeb

Read more about Babuk Tortilla Ransomware Dev Arrested In Amsterdam

Stories from the SOC: BlackCat on the prowl

Jan 11, 2024 By James Rodriguez In AT&T Cybersecurity

BlackCat is and has been one of the more prolific malware strains in recent years. Believed to be the successor of REvil, which has links to operators in Russia, it first was observed in the wild back in 2021, according to researchers. BlackCat is written in the Rust language, which offers better performance and efficiencies than other languages previously used. BlackCat is indiscriminate in how it targets its victims, which range from healthcare to entertainment industries.

Read Post

AT&T Cybersecurity

Read more about Stories from the SOC: BlackCat on the prowl

Ransomware & Extortionware in 2024: Stats & Trends

Jan 11, 2024 By Chrissy Kidd In Splunk

In the underground cybercrime circles of the Dark Web, ransomware attacks are a particularly lucrative enterprise. These attacks are on the rise. And they’re disrupting the stalwart IT industry. The average cost of a ransom attack in 2023 was $1.54 million, almost double the previous year’s average. And research we gathered for The CISO Report show that 83% of organizations hit by a ransomware attack paid their attackers. Curious which industry is most likely to pay the ransom? Retail.

Read Post

Splunk

Read more about Ransomware & Extortionware in 2024: Stats & Trends

CTI Roundup: Remcos RAT Phishing Attacks, New Meduza Stealer Found on Dark Web

Jan 10, 2024 By Tanium In Tanium

CISA adds two bugs to the KEV catalog, UAC-0050 distributes Remcos RAT with phishing tactics, and an updated version of Meduza Stealer launches on the dark web.

Read Post

Tanium

Read more about CTI Roundup: Remcos RAT Phishing Attacks, New Meduza Stealer Found on Dark Web

How Generative AI Will Accelerate Cybersecurity with Sherrod DeGrippo

Jan 10, 2024 By Rubrik In Rubrik

In this episode of Cyber Security Decoded, host Steve Stone, Head of Rubrik Zero Labs, is joined by Sherrod DeGrippo, Director of Threat Intelligence Strategy at Microsoft to discuss the cyber threat landscape. In this episode, you'll hear insights on: Rubrik Zero Labs' “The State of Data Security: The Journey to Secure an Uncertain Future" report provides a timely view into the increasingly commonplace problem of cyber risks and the challenge to secure data across an organization’s expanding surface area.

View Video

Rubrik

Read more about How Generative AI Will Accelerate Cybersecurity with Sherrod DeGrippo

Data Insights on AgentTesla and OriginLogger Victims

Jan 9, 2024 By André Tavares In BitSight

AgentTesla is a Windows malware written in.NET, designed to steal sensitive information from the victim's system. It’s considered commodity malware given its accessibility and relatively low cost. Commodity malware poses a significant threat as it enables less sophisticated cybercriminals to conduct various types of cyberattacks without requiring extensive technical knowledge. AgentTesla has been a persistent and widespread threat since its emergence in 2014.

Read Post

BitSight

Read more about Data Insights on AgentTesla and OriginLogger Victims

SYSTEMBC Command and Control Server Demonstration

Jan 9, 2024 By Kroll In Kroll

Throughout Q2 and Q3 2023, we observed an increased use of the malicious “SYSTEMBC” tool to maintain access in a compromised network. In this video, Kroll Threat Intelligence expert, Dave Truman, provides an initial walkthrough of our research into SYSTEMBC, focusing in its C2 server.

View Video

Kroll

Read more about SYSTEMBC Command and Control Server Demonstration

FBI Releases Blackcat Ransomware Decryption Tool to Victims, Disrupting Attacks

Jan 8, 2024 By Stu Sjouwerman In KnowBe4

For the first time ever, the U.S. Justice Department announced the existence of an FBI-developed decryption tool that has been used to save hundreds of victim organizations attacked by one of the most prolific ransomware variants in the world. In an announcement made last month, the Justice Department made the world aware of the existence of a decryption tool to be used by those organizations hit by Blackcat – also known as ALPHV or Noberus.

Read Post