The InfoStealer and remote-access-tools (RATs) markets constantly provide us with new products. The Cyberint Research Team discovered a new RAT that is claiming to be the next popular threat against organizations and individuals worldwide. With fairly interesting PR and marketing methods, RevolutionRAT seems to be gaining attention with a growing Telegram community after only a few days of operation.

The ransomware industry has been a prominent player this quarter, causing significant impact and affecting numerous organizations globally. With its widespread threat, the industry has successfully claimed 1386 victims. The industry is feeling increasingly impacted by ransomware as many critical vulnerabilities were discovered this quarter. Additionally, the emergence of new groups, both from the end of 2022 and during this quarter, has contributed to the industry’s growth.

In the face of persistent data breaches and escalating cyber threats, organizations are compelled to prioritize cloud defense in depth. These measures are indispensable for protecting critical assets and upholding the integrity of cloud-based systems. By establishing a comprehensive security plan, organizations can effectively convey their commitment to security and lay a solid foundation for a resilient and secure cloud environment.

In this version of the Hacker’s Playbook Threat Coverage round-up, we are highlighting newly added coverage for several recently discovered or analyzed ransomware and malware variants, including Cactus ransomware and BlackSuit ransomware, amongst others. SafeBreach customers can select and run these attacks and more from the SafeBreach Hacker’s Playbook™ to ensure coverage against these advanced threats.

The Iranian threat actor Charming Kitten is launching sophisticated spear phishing attacks to distribute a new version of its POWERSTAR malware, according to researchers at Volexity. “In the last few years, Volexity has observed threat actors dramatically increase the level of effort they put into compromising credentials or systems of individual targets,” Volexity says.

With the worldwide popularity of Android and its open-source software, hackers have an increased incentive and opportunity to orchestrate attacks. A Google search for “Android malware” brings up headlines like these, all from the past few days or weeks: SecurityScorecard recently analyzed a specific threat known as the AhMyth RAT (remote access trojan), which made headlines for infiltrating a popular screen recording app on the Google Play Store.

When KnowBe4 went public in April 2021, I got to know a select group of analysts that served as co-managers on our IPO. These professionals all know our industry very well and we spoke with them quarterly during our earnings conference call where we discussed the past 3 months and expectations for the future. One of these firms was Baird Equity Research and I am still on their mailing list, even though we went private this year as a Vista Equity Partners portfolio company.

Following our research regarding the abuse of Malvertising using Malicious Ads, Cyberint has uncovered a new strain of mobile banking malware. This malware is being distributed on third-party APK sites and is disguised as advertisements for popular messaging applications like KIK and Viber. Our Cyberint team has conducted an analysis of the malware’s source code. Based on our findings, it appears that the campaign is primarily targeting Asia.

Security teams use tools like Microsoft Sentinel to aggregate their security events, alert on threat detection, and most importantly, orchestrate threat responses through a variety of automated playbooks. By providing both Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) functionality, Sentinel enables teams to respond to threats quickly and efficiently.