Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Malware

Communicating Cyber Risk to Executives and Boards with Shamane Tan

In this episode of Cyber Security Decoded from Rubrik Zero Labs, host Steve Stone is joined by Chief Growth Officer at Sekuro and Best-Selling Author Shamane Tan to discuss differences in the cybersecurity landscape between the US and APAC, communication strategies for CISOs, building trust for better cybersecurity outcomes, improving organizational resilience, and diversity in the cybersecurity field.

How Weak Passwords Lead to Ransomware Attacks

Weak passwords can lead to ransomware attacks because they can be easily compromised through password-cracking techniques, allowing cybercriminals to gain access to an organization’s network where they can then inject ransomware. Often, when people think of the causes of ransomware infections, their first thought is it was caused by a phishing email.

The Anatomy of an ALPHA SPIDER Ransomware Attack

Over the last two years, CrowdStrike Services has run several incident response (IR) engagements — in both pre- and post-ransomware situations — in which different ALPHA SPIDER affiliates demonstrated novel offensive techniques coupled with more commonly observed techniques. The events described in this blog have been attributed to ALPHA SPIDER affiliates by CrowdStrike Counter Adversary Operations.

Qilin Ransomware: Get the 2024 Lowdown

Qilin operates as an affiliate program for Ransomware-as-a-Service, employing a Rust-based ransomware to target victims. Qilin ransomware attacks are often tailored for each victim to maximize their impact, utilizing tactics like altering filename extensions of encrypted files and terminating specific processes and services.

Busting the SugarLocker Syndicate: Syndicate's Secrets and Takedown Tactics

Sugarlocker Summary On February 23, 2022, the operator linked to the SugarLocker ransomware, utilizing the pseudonym "gustavedore," was conspicuously seeking new partnerships on the Dark Web. SugarLocker operates through a highly flexible Ransomware-as-a-Service (RaaS) framework, facilitating extensive customization for its users in the clandestine corners of the Dark Web.

Game-Changer: Biometric-Stealing Malware

I have been working in cybersecurity for a long time, since 1987, over 35 years. And, surprisingly to many readers/observers, I often say I have not seen anything new in the hacker/malware space since I began. The same threats that were a problem then are the same problems now. Social engineering and unpatched software (and firmware) have long been the two biggest initial root causes for hacking…for decades.

New Research: Ransomware Incidents Spike 84% in 2023

Newly-released data covering cyberthreats experienced in 2023 sheds some light on how very different last year was and paints a picture of what to expect of cyber attacks in 2024. As someone who looks a lot at industry data, I really want it to be as relevant as possible. But it’s also important to see the larger trends over the recent past to begin to predict what’s to come.

How Is Ransomware Delivered?

Some of the most common ways ransomware is delivered are through phishing emails, drive-by downloads, exploit kits and RDP exploits. According to Malwarebytes’ 2024 State of Malware report, in 2023 the number of known ransomware attacks increased by 68% from the previous year. The report also found that the largest ransom demanded in 2023 was $80 million.

Safeguarding Your Business: A Comprehensive Guide to Preventing Ransomware Attacks

February 28, 2024 | By Sagi Brody As the Chief Technology Officer at Opti9, I’ve spent over two decades navigating the ever-evolving landscape of digital infrastructure. According to the Ransomware Trends Report 2023, at least 93% of cyberattacks targeted backup infrastructure. Clearly, cyber criminals are becoming more proficient in the ability to take your data for ransom.

Hunting PrivateLoader: The malware behind InstallsKey PPI service

Since July 2022, Bitsight has been tracking PrivateLoader, the widespread malware downloader behind the Russian Pay-Per-Install (PPI) service called InstallsKey. At the time, this malware was powering the now decommissioned ruzki PPI service. Figure 1 presents a brief description of the service, which was found in their sales telegram channel. Fig. 1 - Service description on telegram channel profile (Russian and English).