A China-based advanced persistent threat (APT) group is possibly deploying short-lived ransomware families as a decoy to cover up the true operational and tactical objectives behind its campaigns.
The activity cluster, attributed to a hacking group dubbed Bronze Starlight by Secureworks, involves the deployment of post-intrusion ransomware such as LockFile, Atom Silo, Rook, Night Sky, Pandora, and LockBit 2.0.
A recent study made by security management firm Cymulate has confirmed that 65% of companies have suffered cyber attacks for the second time within one year. Disappointingly, 40% of businesses were targeted two times within 12 months, while 10% of them were hit multiple times within a year’s time frame.
According to a report titled Cymulate Data Breaches Study, most of the attacks reached the corporate networks through phishing emails. While 1% of them emerged via insider threats.
A new malware tool that enables cybercriminal actors to build malicious Windows shortcut (.LNK) files has been spotted for sale on cybercrime forums.
Dubbed Quantum Lnk Builder, the software makes it possible to spoof any extension and choose from over 300 icons, not to mention support UAC and Windows SmartScreen bypass as well as “multiple payloads per .LNK” file. Also offered are capabilities to generate .HTA and disk image (.ISO) payloads.
The acceleration of hybrid IT has increased network complexity for most organisations and caused several worrisome challenges for IT professionals, according to the latest SolarWinds IT Trends Report 2022.
Hybrid and remote work have amplified the impact of distributed and complex IT environments. Running workloads and applications across both cloud and on-premises infrastructure can be challenging, and many organisations are increasingly experiencing—and ultimately hindered by—these pain points.
These days ransomware analysis gets a lot of coverage in commercial and public reports, with vendors issuing dozens of ransomware-related publications each year. These reports provide analysis on specific malware families or new samples, describe the activities of a particular ransomware group, give general tips on how to prevent ransomware from working, and so on. Malware analysts and security professionals can learn a lot from these reports, but not much of the content has an immediate or practical use. With the release of the report Common TTPs of modern ransomware, Kaspersky experts have taken a different approach. We want to familiarize the reader with the different stages of ransomware deployment, how cybercriminals use RATs and other tools across the various stages and what they aim to achieve. The report also provides a visual guide to defending against targeted ransomware attacks, using the most prolific groups as examples, and introduces the reader to the SIGMA detection rules that we created.
Most people today depend on their phones entirely. Aside from being a portal to our social life, they also make our lives easier in many ways. One of the best things probably is paying with them and having the chance to check our bank account through them.
Connectivity to every area in our lives is also a target for hackers. Having our bank accounts and everything else on our phones drives criminals to try and get inside the software. We need to be fully protected and ensure no malware is installed on our phones.
The Cybersecurity and Infrastructure Security Agency (CISA) and United States Coast Guard Cyber Command (CGCYBER) are releasing this joint Cybersecurity Advisory (CSA) to warn network defenders that cyber threat actors, including state-sponsored advanced persistent threat (APT) actors, have continued to exploit CVE-2021-44228 (Log4Shell) in VMware Horizon® and Unified Access Gateway (UAG) servers to obtain initial access to organizations that did not apply available patches or workarounds.
Since December 2021, multiple threat actor groups have exploited Log4Shell on unpatched, public-facing VMware Horizon and UAG servers. As part of this exploitation, suspected APT actors implanted loader malware on compromised systems with embedded executables enabling remote command and control (C2). In one confirmed compromise, these APT actors were able to move laterally inside the network, gain access to a disaster recovery network, and collect and exfiltrate sensitive data.