Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

NOTE: The MOVEit Transfer vulnerability remains under active exploitation, and Kroll experts are investigating. Expect frequent updates to the Kroll Cyber Risk blog as our team uncovers more details. On June 5, 2023, the Clop ransomware group publicly claimed responsibility for exploitation of a zero-day vulnerability in the MOVEit Transfer secure file transfer web application (CVE-2023-34362).

On May 31, 2023, Kroll received multiple reports that a zero-day vulnerability in MOVEit Transfer was being actively exploited to gain access to MOVEit servers. Kroll has observed threat actors using this vulnerability to upload a web shell, exfiltrate data and initiate intrusion lifecycles. This vulnerability may also enable a threat actor to move laterally to other areas of the network.

Kroll’s findings for Q1 2023 highlight fragmented threat actor groups and a continued evolution in attack methods and approaches, which, alongside other key shifts in behavior, have concerning implications for organizations in many sectors. In Q1 2023, Kroll observed a 57% increase in the overall targeting of the professional services sector from the end of 2022.

Kroll Cyber Threat Intelligence analysts have identified a new strain of ransomware, named CACTUS, targeting large commercial entities since March 2023. The name “CACTUS” is derived from the filename provided within the ransom note, cAcTuS.readme.txt, and the self-declared name within the ransom note itself. Encrypted files are appended with.cts1, although Kroll notes the number at the end of the extension has been observed to vary across incidents and victims.

Organizations are increasingly turning to the cloud in their attempt to become more agile and efficient. Many will choose the Microsoft ecosystem and will need to become familiar with threat detection and response offered by this environment, how these technologies can be leveraged to their full potential, and what should be supplemented to avoid unnecessary risk.

The use of Amazon Web Services (AWS) in organizations around the world is prolific. The platform accounted for 31% of total cloud infrastructure services spend in Q2 2022, growing by 33% annually. Despite its widespread use, many organizations still fail to consider the nuances of incident response in AWS.

You have probably wondered what would happen if your company laptop got lost or stolen. Would someone be able to extract sensitive data from your laptop even if the device is encrypted or locked? There are several ways to compromise a laptop with physical access, and one of them is through a direct memory access (DMA) attack.