A relatively new strain of ransomware called DragonForce has making the headlines after a series of high-profile attacks. Like many other ransomware groups, DragonForce attempts to extort money from its victims in two ways - locking companies out of their computers and data through encryption, and exfiltrating data from compromised systems with the threat of releasing it to others via the dark web.

Foresiet Security Intelligence has recently uncovered the Nitrogen campaign, which has set its sights on numerous organizations within the technology and non-profit sectors across North America. While Foresiet managed to intercept the infections before significant hands-on-keyboard activity took place, there are strong indications that threat actors are leveraging this infection chain to establish compromised environments for deploying ransomware.

Researchers at BlueVoyant observed a 50% increase in large-scale malvertising campaigns in 2023 compared to 2022. “Fraudulent search engine ads appear as benign advertisements, almost indistinguishable from legitimate ones,” the researchers write. “This makes ads a highly effective distribution mechanism since users often rely on the top search result rather than directly typing in a domain.

At this point, it is clear: cyber attacks from nation-state adversaries persistently threaten local, state, and federal governments, as well as educational institutions. It is not a matter of if bad actors can penetrate existing security controls, as they are already doing so and will continue to do so. Whether it is due to one unpatched machine or one user clicking on a link in an email, we believe cyberattacks are inevitable.

Law enforcement’s impact on LockBit, how unpatched vulnerabilities contribute to ransomware attacks, and Earth Freybug deploys UNAPIMON malware.

We are in a new global AI race to unlock new, knowledge-based capabilities at a scale never before seen. Companies like OpenAI have proven that early movers reap outsized rewards, so speed is of the essence.

A new PhaaS service brings the power of bypassing multi-factor authentication (MFA) to the world’s most-used email platforms. At its core, Tycoon 2FA isn’t doing anything new. It uses a reverse proxy server to host a phishing web page that impersonates the legitimate email platform in question. Then it intercepts the victim's input and relays them to the legitimate service. But it’s how this platform does it that is sophisticated.

A new campaign of StrelaStealer attacks identified by security analysts at Unit42 has been spotted targeting E.U. and U.S. organizations. This somewhat new infostealer has evolved to be even better at evading detection in a new string of campaigns aimed at stealing email credentials from well-known email clients.

Responsible for a number of infamous ‘big game hunter’ ransomware attacks and believed active since at least 2019, the ransomware threat group dubbed ‘CL0P‘ is thought to be a Russian-language cybercriminal gang and have been widely reported as associated with, or their malware adopted by, other cybercriminal groups including ‘FIN11’, a part of the larger financially-motivated ‘TA505’ group, and ‘UNC2546’.

In April 2023, Researchers uncovered a new ransomware actor named RA Group, demonstrating a connection to the Babuk ransomware through the utilization of leaked source code. Following the full disclosure of Babuk’s ransomware source code by an alleged group member in September 2021, various ransomware families have emerged, incorporating this leaked code into their attacks.