A new report from ENISA, the European Union Agency for Cybersecurity, looking at cyberattacks targeting the European transport network over a period of almost two years, has identified that ransomware has become the prominent threat. ENISA's report, its first ever analysis of the myriad of cybersecurity threats facing the transport sector in the EU, mapped and studied cyber incidents targeting aviation, maritime, railway, and road transport between January 2021 and October 2022.

AT&T Alien Labs researchers have discovered a new variant of BlackGuard stealer in the wild, infecting using spear phishing attacks. The malware evolved since its previous variant and now arrives with new capabilities.

Emotet is undoubtedly a very resilient botnet. Even though its operation was disrupted by Europol in January 2021, Emotet came back a few months later and continues to spread. In May 2022, shortly after Microsoft released new controls related to malicious macros, Netskope Threat Labs analyzed an Emotet campaign where they were testing a new delivery method, by using LNK files.

Ransomware as a Service (RaaS) has been a growing trend in recent years, enabling anyone with an internet connection to become a hacker. In the past, launching a ransomware attack required a high level of technical expertise, but RaaS has lowered the barrier to entry, making it easier for anyone to launch a ransomware attack. So, how does RaaS work, and what are the implications for businesses and individuals?

The San Francisco 49ers, confirmed a ransomware attack, Cisco was attacked by the Yanluowang ransomware gang, and Entrust was attacked by Lockbit. And that’s just a handful of ransomware accounts noted in 2022.

News broke in early February that the ACN, Italy’s National Cybersecurity Agency, issued a warning regarding a VMware vulnerability discovered two years ago. Many organizations hadn’t yet patched the issue and became the victims of a new ransomware called ZCryptor. The malicious software wreaked havoc on Italian and European businesses by encrypting users’ files and demanding payment for the data to be unencrypted.

On March 2nd, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) issued a joint Cybersecurity Advisory (CSA) – #StopRansomware: Royal Ransomware. We highly encourage everyone in a security role to read the Advisory, as it contains recent and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with Royal ransomware.

The name Chaos is being used for a ransomware strain, a remote access trojan (RAT), and now a DDoS malware variant too. Talk about chaos! In this case, Sysdig’s Threat Research Team captured attacks using the Chaos variant of the Kaiji botnet malware. There is very little reported information on this malware since September 2022, perhaps because of the unfortunately chaotic naming, or simply because it is relatively new. Kaiji malware was of Chinese origin in 2020 and is written in Golang.

In November 20211 and February 2022,2 Microsoft announced that by default it would block Excel 4 and VBA macros in files that were downloaded from the internet. Following these changes, CrowdStrike Intelligence and the CrowdStrike Falcon® Complete managed detection and response team observed eCrime adversaries that had previously relied on macro execution for malware delivery adapt their tactics, techniques and procedures (TTPs).

Security researchers have released a new decryption tool that should come to the rescue of some victims of a modified version of the Conti ransomware, helping them to recover their encrypted data for free. Conti was one of the most notorious ransomware groups, responsible for hundreds of attacks against organisations, which netted criminals over $150 million.