CTI Roundup: ESXiArgs Ransomware Attacks Target VMware
The latest on ESXiArgs ransomware attacks, new QakNote attacks pushing QBot malware via Microsoft OneNote files, and Biden’s attention to data privacy in the State of the Union.
The latest on ESXiArgs ransomware attacks, new QakNote attacks pushing QBot malware via Microsoft OneNote files, and Biden’s attention to data privacy in the State of the Union.
The threat actor group behind Royal ransomware first appeared in January 2022, pulling together actors previously associated with Roy/Zeon, Conti and TrickBot malware. Originally known as “Zeon” before renaming themselves “Royal” in September 2022, they are not considered a ransomware-as-a-service (RaaS) operation because their coding/infrastructure are private and not made available to outside actors.
The Hive Ransomware Group is a sophisticated criminal organisation that targets businesses around the world with their ransomware attacks. The group’s primary goal is to extort money from victims by locking and encrypting their data, making it inaccessible until a ransom payment is made.
Operating in a cloud model means not only being able to access your data anywhere but that your infrastructure is flexible and scalable enough to accommodate demands that change from day to day or sometimes from moment to moment. This is easy enough to achieve in a public cloud, where resources can be made elastic and added and removed dynamically.
Last October, Trustwave SpiderLabs blogged about the use and prevalence of HTML email attachments to deliver malware and phishing for credentials. The use of HTML smuggling has become more prevalent, and we have since seen various cybercriminal groups utilizing these techniques to distribute malware. HTML smuggling employs HTML5 attributes that can work offline by storing a binary in an immutable blob of data within JavaScript code.
Clicking on malicious links can lead to compromised accounts and can infect your devices with malware. Learning how to check if a link is safe, before clicking on it, is important to keeping you safe online. You can check if a link is safe by hovering over the link to see if it’s the URL it’s saying it is or by using a URL checker.
The annual State CIO Top 10 priorities list issued by the National Association of State Chief Information Officers shows that while the technology initiatives remain relatively unchanged, there is a slight shuffle around priorities. Cybersecurity continues to take the number one spot and will likely be the case for years to come, given the increase in ransomware attacks across industries and organizations of all sizes.