When organizations are attacked by ransomware, only a little more than half are able to recover their data using a backup. This begs the question, “What about the rest? Why might they be unable to recover?” One reason may be that their backup data has been compromised. Backups are a hot target for hackers. If they can get to an organization’s backup data, they have far more leverage.
We decided to try to run a well-known Remote Access Trojan (RAT) called Remcos used by FIN7. This tool has been around for some time and has a reputation for being stealthy and effective in controlling compromised hosts. Sold as a remote computer monitoring tool, this tool has plenty of features that can allow an operator behind the control to do multiple operations against a compromised system.
On 3rd November, Bleeping Computer reported that the BlackMatter Ransomware-as-a-Service group had posted a message alerting users that its operations were ceasing within 48 hours. The message advised affiliates to obtain their decryption keys so that they could continue to extort current victims.
A recently published report from the US Government Accountability Office (GAO) has warned that official security guidance from the Department of Education is out-of-date, and needs to be refreshed to address the increasing reports of ransomware and other cyber threats.
AT&T Alien Labs™ has found new malware written in the open source programming language Golang. Deployed with more than 30 exploits, it has the potential of targeting millions of routers and IoT devices.
The number of ransomware attacks continues to grow, and that trend will likely continue in 2022. Organizations will be attacked, files will be encrypted, and victims will need to decide whether to pay ransom or try to implement expensive and painful recovery techniques on their own. That much, unfortunately, should come as no surprise, but what will be different is how those attacks are carried out.
A keylogger is a type of spyware that monitors and records user keystrokes. They allow cybercriminals to read anything a victim is typing into their keyboard, including private data like passwords, account numbers, and credit card numbers. Some forms of keyloggers can do more than steal keyboard strokes. They can read data copied to the clipboard and take screenshots of the user's screen - on PCs, Macs, iPhones, and Android devices. Keyloggers are not always the sole threat in cyberattacks.
IcedID is a banking trojan, it is designed to be stealthy and built to collect financial information. IcedID harvests user credentials and banking sessions to commit financial crimes, including carding, money laundering, and transferring of funds to foreign financial institutions. In recent research published by Splunk Threat Research Team (STRT) the inclusion of cryptocurrency exchange information was also included by Trickbot in the web inject code.
Malware analysis is a fundamental factor in the improvement of the incident detection and resolution systems of any company. The Sysdig Security Research team is going to cover how this Shellbot malware works and how to detect it. Shellbot malware is still widespread. We recorded numerous incidents despite this being a relatively old and known attack that is also available on open Github repositories.
