The purpose of the Netskope Threat Labs News Roundup series is to provide enterprise security teams an actionable brief on the top cybersecurity news from around the world. The brief includes summaries and links to the top news items spanning cloud-enabled threats, malware, and ransomware.
In a recent social-engineering attack targeting the hospitality sector observed by the ThreatSpike team, there appears to be a change in the tactics employed by the threat actor. The hospitality sector, where top-notch customer-service is expected, customer-facing employees are often lucrative targets for phishing, as detailed in our previous blog post.
My analysis of this year’s newly-released Verizon Data Breach Investigations Report begins with ransomware findings that point back to users as a big problem. If you only read one report each year to give you an idea of what’s going on with cyber attacks, it’s Verizon’s Data Breach Investigations Report (DBIR). Each year, analysts sort through tens of thousands of data breach incidents (some successful, some not) and identify the attack patterns.
On the surface, ransomware – malicious software designed to block access to a computer system until a sum of money is paid – appears to be off to yet another ruthless start in 2023 as one of the leading types of malware. Recent victims of public attacks in North America include industries such as health care, communication, education, and even government offices and municipalities.
Cybercrime continues to rise — the 2022 Internet Crime Report produced by the FBI's Internet Crime Complaint Center (IC3) revealed that the number of complaints it receives annually has more than doubled since 2018. The potential loss from cybercrime has also grown significantly – between 2021 and 2022, it rose from $6.9bn to $10.2bn.
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has identified and designated Mikhail Matveev for his role in ransomware attacks back 2021. When the U.S. sanctions a country, a business, or a group, the intent is to A) confiscate any and all property owned by the designee within the U.S. or in the possession of a U.S. person, and B) add the designee to the Specially Designated Nationals and Blocked Persons (SDN) List.
Most malware security researchers encounter in the wild is written in C or C++. These languages provide low-level system access and control, plus performance, allowing threat actors to create highly efficient and stealthy code. But that doesn’t mean cybercriminals are limited to those two languages. SecurityScorecard recently reverse-engineered the Vjw0rm worm written in JavaScript and the Java-based STRRAT remote access trojan (RAT).
SeroXen is a new Remote Access Trojan (RAT) that showed up in late 2022 and is becoming more popular in 2023. Advertised as a legitimate tool that gives access to your computers undetected, it is being sold for only $30 for a monthly license or $60 for a lifetime bundle, making it accessible.
