%term

Overheard at the SANS Security Awareness Summit 2022

Sep 22, 2022 By Anastasios Arampatzis In Tripwire

People have become the primary attack vector for cyber attackers around the world. As the Verizon Data Breach Investigations Report 2022 indicates, it is humans rather than technology that now represent the greatest risk to organizations. According to the SANS 2022 Security Awareness Report, the top three security risks that security professionals are concerned about are phishing, business email compromise (BEC) and ransomware, all closely related to human behavior.

Read Post

Tripwire

Read more about Overheard at the SANS Security Awareness Summit 2022

LockBit3.0 Leak

Sep 21, 2022 By Shmuel Gihon In Cyberint

Lockbit3.0 is the number one ransomware group in the ransomware industry. The group’s operations are so vast and powerful, that we have witnessed weeks where Lockbit’s victim count was more than all other ransomware families altogether. Ever since Conti’s leaks, Lockbit overtook the ransomware throne without any intention of going down anytime soon.

Read Post

Cyberint

Read more about LockBit3.0 Leak

Government Agencies vs. Ransomware: A National Emergency

Sep 21, 2022 By Rubrik In Rubrik

The State of Ransomware in Government 2021 report finds that government agencies are facing a ransomware “national emergency.” Local governments in particular face higher rates of encryption during cyber attacks due to constrained budgets and organizational pressure to divert funds away from cybersecurity, leaving gaps in their data protection.

Read Post

Rubrik

Read more about Government Agencies vs. Ransomware: A National Emergency

Threat Actor of the Month - Shathak

Sep 19, 2022 By Outpost 24 In Outpost 24

Meet Shathak – a threat group tied to malware used in the Russian-speaking underground targeting enterprises across different sectors in the Americas, Europe and Asia

Read Post

Outpost 24

Read more about Threat Actor of the Month - Shathak

Protecting Critical Infrastructure from Cyber Attacks

Sep 19, 2022 By Rubrik In Rubrik

Ransomware and other malicious threats have become commonplace around the globe. But the reality is, whether it be encrypted records, stolen email credentials, or exfiltrated financial statements, these incidents generally involve a limited number of individuals or groups. Before your feathers are completely ruffled, understand that by no means am I minimizing the impact cybercriminals can have on a business. But have you considered attacks of greater scale? Perhaps those that affect the populus?

Read Post

Rubrik

Read more about Protecting Critical Infrastructure from Cyber Attacks

Threat news: TeamTNT targeting misconfigured kubelet

Sep 19, 2022 By Alberto Pellitteri In Sysdig

TeamTNT is a prevalent threat actor who has been targeting cloud and virtual environments such as Kubernetes and Docker since at least late 2019. This threat actor is financially motivated, focusing their efforts on stealing credentials and cryptomining. In 2020, we analyzed their use of Weave Scope on an unsecured Docker API endpoint exposed to the internet. In December 2021, we attributed an attack to TeamTNT in which they targeted a vulnerable WordPress pod to steal AWS credentials.

Read Post

Sysdig

Read more about Threat news: TeamTNT targeting misconfigured kubelet

Recovering from Ransomware with Rubrik

Sep 16, 2022 By Rubrik In Rubrik

When ransomware strikes, it’s important to know your recovery options. Whether you need to blanket recover everything in one fell swoop, or you prefer a more surgical approach, Rubrik has your back. This video details how you can use Rubrik Security Cloud to recover from ransomware attacks and other scenarios quickly, and with confidence that you’re not accidentally restoring malware.

View Video

Rubrik

Read more about Recovering from Ransomware with Rubrik

Lorenz Ransomware Intrusion: Understanding Your Risk

Sep 14, 2022 By Arctic Wolf In Arctic Wolf

The Arctic Wolf Labs team recently investigated a Lorenz ransomware intrusion, which leveraged a Mitel MiVoice VOIP appliance vulnerability (CVE-2022-29499) for initial access and Microsoft’s BitLocker Drive Encryption for data encryption. Lorenz is a ransomware group that has been active since at least February 2021 and like many ransomware groups, performs double-extortion by exfiltrating data before encrypting systems. Over the last quarter, the group has primarily targeted small and medium businesses (SMBs) located in the United States, with outliers in China and Mexico.

View Video

Arctic Wolf

Read more about Lorenz Ransomware Intrusion: Understanding Your Risk

Credential theft food chain-What is Ransomware-as-a-Service

Sep 13, 2022 By Ross Moore In AT&T Cybersecurity

Anyone who has watched the Lockpicking Lawyer realizes that certain locks promoted as the latest-and-greatest aren’t necessarily the most reliable devices for securing physical assets. Like many other security professionals, he seeks to educate consumers and manufacturers on defects in devices and how to improve their security. It reminds me of a quote by Deviant Ollam (security auditor and penetration testing consultant): "Security is achieved through openness.

Read Post

AT&T Cybersecurity

Read more about Credential theft food chain-What is Ransomware-as-a-Service

Cloud Threats Memo: Lampion Exploiting WeTransfer to Deliver Malware

Sep 13, 2022 By Paolo Passeri In Netskope

Lampion is a banking trojan with a particular predisposition to targeting Portuguese-speaking users (and exploiting cloud services). First documented in December 2019, the malware has gone through multiple releases, characterized by a number of different mechanisms to deliver the initial VBS (Visual Basic Script Loader). All the different variants have an element in common, the malware is distributed abusing legitimate cloud services throughout different stages of the attack chain.

Read Post