Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Grab a cup of coffee, and let's talk about something that's been making waves in the cybersecurity world: ransomware. You've probably heard about the alarming rise in ransom payments, but did you know that ransom monetization rates have actually fallen to a record low? It's a complex and evolving landscape, and we're here to break down the recent very interesting Coveware report for you.

According to a new report, cybercriminals are making full use of AI to create more convincing phishing emails, generating malware, and more to increase the chances of ransomware attack success. I remember when the news of ChatGPT hit social media – it was everywhere. And, quickly, there were incredible amounts of content providing insight into how to make use of the AI tool to make money.

Cloud takeover campaign targets top-level executives, Rhysida ransomware threatens the healthcare sector, and LOLKEK ransomware continues to evolve.

On April 21st, 2023, AT&T Managed Extended Detection and Response (MXDR) investigated an attempted ransomware attack on one of our clients, a home improvement business. The investigation revealed the attacker used AuKill malware on the client's print server to disable the server's installed EDR solution, SentinelOne, by brute forcing an administrator account and downgrading a driver to a vulnerable version.

AT&T Alien Labs researchers recently discovered a massive campaign of threats delivering a proxy server application to Windows machines. A company is charging for proxy service on traffic that goes through those machines. This is a continuation of research described in our blog on Mac systems turned into proxy exit nodes by AdLoad.

Malvertising–also called malicious advertising–is when cybercriminals use advertisements to infect devices with malware. Malvertising can appear on any advertisement you see online, you don’t necessarily have to be on a malicious website to be a victim of this cyberthreat. When a victim is exposed to a malvertisement, their device and data are at risk of being compromised, even if they don’t interact with the advertisement.

Law firms are being targeted by a large number of social engineering attacks involving the Gootloader malware delivery tool, according to researchers at Trustwave. “Recently, we’ve seen a noticeable surge in malware cases linked to a malicious payload delivery system known as Gootloader,” the researchers write. “The group behind this malware is believed to operate a malware-as-a-service operation, exclusively providing a malware delivery service for other threat actors.

The second quarter of this year has become the focus of some new firsts in ransomware attacks, according to new data from cybersecurity vendor Reliaquest. None of us want to see ransomware continue “up and to the right” on a chart. But it appears that this is the case, according to Reliaquest’s Ransomware Report: Q2 2023.

Rhysida is a Windows-based ransomware operation that has come to prominence since May 2023, after being linked to a series of high profile cyber attacks in Western Europe, North and South America, and Australia. The group appears to have links to the notorious Vice Society ransomware gang.

AdLoad malware is still infecting Mac systems years after its first appearance in 2017. AdLoad, a package bundler, has been observed delivering a wide range of payloads throughout its existence. During AT&T Alien Labs’ investigation of its most recent payload, it was discovered that the most common component dropped by AdLoad during the past year has been a proxy application turning MacOS AdLoad victims into a giant, residential proxy botnet.