September 11, 2024 at 10:04AM In the past year, successful takedowns of major ransomware groups like LockBit have signaled a shift in the balance of power, achieved through innovative law enforcement strategies. Operation Cronos, involving 10 countries, seized servers, froze cryptocurrency accounts, and made key arrests. Law enforcement has disrupted the reputation and operations of … Read more
September 4, 2024 at 06:06PM The MacroPack framework, originally for Red Team exercises, is exploited by threat actors to distribute malicious payloads such as Havoc, Brute Ratel, and PhantomCore. Security researchers at Cisco Talos found various documents in different countries, indicating widespread abuse. These attacks use advanced evasion techniques and represent a concerning trend. Ransomware … Read more
August 12, 2024 at 02:08PM Evolution Mining experienced a ransomware attack on August 8, 2024, affecting its IT systems. The company engaged external cybersecurity experts and has contained the attack. Despite the disruption, it anticipates no material impact on operations. The incident has been reported to the Australian Cyber Security Centre, with no group claiming … Read more
July 30, 2024 at 04:12PM Ransomware groups are exploiting an authentication bypass bug (CVE-2024-37085) in VMware ESXi, giving them significant access and enabling rapid malware deployment. Broadcom has issued a fix. ESXi hypervisors inadvertently grant full administrative access to any AD domain group called “ESX Admins.” Hackers find hypervisors alluring due to their complexity and … Read more
July 10, 2024 at 06:08AM Ransomware groups are evolving beyond encrypting and demanding payments to stealing sensitive information with custom malware. Cisco Talos revealed key tactics and identified 14 prominent ransomware groups, emphasizing their unique goals and activities. These groups employ double-extortion tactics and offer bespoke malware for data exfiltration. They utilize social engineering and … Read more
April 21, 2024 at 11:52AM Coveware’s report reveals a record low of 28% of companies paying ransom in Q1 2024. Although the payment rate has decreased, the total amount paid to ransomware actors reached $1.1 billion last year. Remote access and vulnerability exploitation are key infiltration methods, with law enforcement operations impacting ransomware affiliates. Akira … Read more
March 20, 2024 at 11:27AM Law enforcement action against ransomware groups has not eradicated them, but it has disrupted the cyber underground and created distrust among criminals. Based on the meeting notes, the key takeaway is that while law enforcement action has not completely eradicated ransomware groups, it has disrupted the cyber underground and fostered … Read more
March 5, 2024 at 08:15AM Cybercriminals are conducting widespread attacks across the Middle East, Africa, and Asia using the new GhostLocker 2.0 ransomware. Affected organizations include technology companies, universities, manufacturing, transportation, and government organizations. The attackers demand payment for decryption keys and threaten to release stolen data if their demands are not met. Cisco Talos … Read more
January 26, 2024 at 09:24AM Recent research from Dragos shows that despite recent takedowns of top ransomware groups, remaining threat actors continue to evolve new tactics and capitalize on zero-day vulnerabilities to target industrial control systems (ICS). While the number of attacks has decreased, these groups are refining their techniques and increasing their media relations … Read more
November 16, 2023 at 08:12AM The U.S. Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and MS-ISAC have issued an advisory about the Rhysida ransomware. The threat actors behind Rhysida use a ransomware-as-a-service model and target organizations in various sectors. They exploit VPNs, the Zerologon vulnerability, and phishing campaigns to gain access to networks. Rhysida … Read more