Top tips is a weekly column where we highlight what’s trending in the tech world today and list out ways to explore these trends. This week we’re looking at five ways you can protect your IT infrastructure against ransomware attacks. Every year, the month of October is observed as Cybersecurity Awareness Month. This year, we wanted to dedicate a special entry in our top tips column to one of the fastest-growing digital economies in the world: the Middle East.

As attackers leave little-to-no traces of their attack patterns, more ransomware groups are shifting from automated attacks to manual attacks. According to the newly-released Microsoft Digital Defense Report 2023, about 40% of the ransomware attacks detected were human-driven and tracked back to over 120 ransomware-as-a-service (RWaaS) affiliates. This spike in human-operated ransomware attacks likely goes back to attackers wanting to minimize their footprint within an organization.

A look at the FBI’s recent Qakbot takedown, the return of Bumblebee after a two-month hiatus, and other developing cyberthreats from 2023.

Business leaders today must ask themselves a challenging question: “Who do I trust to face cybersecurity problems head on and consistently stay ahead of attacker trends?” Consider the following challenges of IT: As more and more businesses are turning to Managed Service Providers (MSPs), those MSPs must face the cybersecurity problems head on everyday and stay ahead of modern threats in order to defend themselves and their customers.

Over the past week, an establishment of a new ransomware franchise has emerged named GhostLocker. Ghost Locker is a new Ransomware-as-a-Service (Raas) established by several hacktivist groups led by GhostSec. Recently, many hacktivist groups have tried to engage in cybercrime activities in order to sustain themselves and GhostLocker seems to be one of these cases. In fact, some ransomware groups have already migrated to using GhostLocker instead of their original products.

As attackers evolve their toolsets and processes, the significant drop in dwell time signifies a much higher risk to organizations that now have less time to detect and respond to initial attacks. This is bad news. Two years ago, the median dwell time – the time between gaining access to a network and executing the ransomware – was 5.5 days. Last year it was 4.5 days.

Kroll has observed an uptick in cases of DARKGATE malware being delivered through Microsoft Teams messages. These campaigns have mainly targeted organizations in the transportation and hospitality sectors. This activity has also been reported throughout open-source reporting, sharing a number of key indicators with Kroll observations, such as common filenames, adversary infrastructure and similar domain name conventions to host the initial download.

Understanding Qakbot Malware Qakbot is a sophisticated banking Trojan that first emerged around 2007 and has continued to evolve over the years. Its primary goal is to steal sensitive financial information, including banking credentials and personal data, from infected systems. Once it infiltrates a system, it can also serve as a delivery mechanism for other malicious payloads, making it a potent tool for cybercriminals.

The threat intelligence data that Forescout Research – Vedere Labs curates comes from the millions of connected devices that we monitor, attacks we observe and dissect in our sandboxes, data relating to attacks that is traded on the Darknet, and from our Adversary Engagement Environment. We see a lot of data. One thing no cybersecurity researcher wants to see, however, is an attack on their own organization.