Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Researchers at Malwarebytes warn that a malvertising campaign is targeting Mac users with phony Microsoft Teams ads. The ads are meant to trick users into installing Atomic Stealer, a commodity strain of malware designed to steal information from macOS systems.

Analysis of new ransomware group Volcano Demon provides a detailed look into how and why calling victims ups the chances of ransomware payment. Security researchers at Halcyon have uncovered a new ransomware threat group that initially follows traditional methods – harvesting admin credentials, data exfiltrated to a C2 server, logs cleared and data was encrypted using LukaLocker. However, Volcano Demon attacks take a different direction in the extortion phase.

According to the filing, the organization in question failed to devise controls to adequately detect, respond to, and disclose an attack that included data exfiltration and service disruption. Back in 2021, R.R. Donnelley & Sons Co.

A new report focused on cyber espionage actors targeting government and critical infrastructure sectors highlights the strategic use of ransomware for distraction or misattribution. It was inevitable: a threat group using a secondary attack type to cover their tracks – whether those “tracks” are the groups true intent, who’s responsible – or to simply make some additional money after they’re done with the initial attack.

Phishing remains a top initial access vector for ransomware actors, according to researchers at Cisco Talos. The threat actors often use phishing to steal legitimate credentials so they can use employee accounts without raising suspicion.

New data shows that only 3 percent of organizations are solely relying on their current cyber defenses when adding on cyber insurance, indicating that organizations are beginning to understand the true value and place of a cyber insurance policy. For the last few years, it felt like organizations were seeing cyber insurance like they do their car insurance; have an “accident” and let the policy cover it.

Ransomware is more prolific and expensive than ever. Depending on the source you read, the average or median ransomware payment was at least several hundred thousand dollars to well over several million in 2023. Marsh, a leader in cybersecurity insurance, wrote that its customers paid an average of $6.5 million in ransom in 2023 (after just paying an average of $1.4 million in 2023).

Researchers at Abnormal Security have observed a 360% increase in phishing attacks against state and local government entities over the past year. The researchers write, “While phishing tends to consistently increase each year and regularly accounts for the majority of advanced threats, this level of growth is extraordinary.” Threat actors often use phishing to gain a foothold within an organization before launching more follow-on attacks.

Recently I had to prepare for a governance, risk and compliance conference. I promptly realized that although I used to be quite immersed in this field as an ISO 27k implementation consultant and even a short stint as a Payment Card Industry (PCI QSA) auditor years ago, it has been a while since I looked into this.

I recently read a story about a South Korean telecom company that pushed out malware to over 600,000 of its customers who were using torrents to share files, in a bid to limit their file-sharing capabilities. Users reported that their files went missing, random folders appeared, and in some cases, their PCs were disabled.