What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-12-15 06:02:24 | STOP Ransomware Being Distributed in Korea (lien direct) | The ASEC analysis team discovered that the STOP ransomware is being distributed in Korea. This ransomware is being distributed at a very high volume that it is ranked among the Top 3 in the ASEC Weekly Malware Statistics (November 28th, 2022 – December 4th, 2022). The files that are currently being distributed are in the form of MalPe just like SmokeLoader and Vidar, and the filenames include a random 4-byte string as shown below. When the ransomware is executed, it first... | Ransomware Malware | ★ | |
 |
2022-12-15 03:21:53 | How to deal with cyberattacks this holiday season (lien direct) | The holiday season has arrived, and cyberattacks are expected to increase with the upcoming celebratory events. According to The Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) 2022 Holiday Season Threat Trends and summary report, ransomware and phishing attacks are expected to increase in retail. With the FIFA World Cup 2022, many cybersecurity experts have advised heightened caution about online impersonation scams and phishing campaigns. Looking back at 2021, studies show a 30% increase in ransomware attacks, and a 70% increase in attempted ransomware attacks during... | Ransomware Threat Studies | ★★ | |
 |
2022-12-15 00:00:00 | Ransomware Business Models: Future Pivots and Trends (lien direct) | Ransomware groups and their business models are expected to change from what and how we know it to date. In this blog entry, we summarize from some of our insights the triggers that spark the small changes in the short term (“evolutions”) and the bigger deviations (“revolutions”) they can redirect their criminal enterprises to in the long run. | Ransomware | ★★★ | |
 |
2022-12-14 21:20:00 | Cybereason Warns Global Organizations Against Destructive Ransomware Attacks From Black Basta Gang (lien direct) | The Royal Ransomware Group has emerged as a threat to companies in 2022 and they have carried out dozens of successful attacks on global companies. Cybereason suggests that companies raise their awareness of this potential pending threat. | Ransomware Threat | ★★ | |
|
2022-12-14 18:50:59 | Microsoft-Signed Malicious Drivers Usher In EDR-Killers, Ransomware (lien direct) | Malicious Windows drivers signed as legit by Microsoft have been spotted as part of a toolkit used to kill off security processes in post-exploitation cyber activity. | Ransomware | ★★★ | |
 |
2022-12-14 18:38:00 | Ransomware Attackers Use Microsoft-Signed Drivers to Gain Access to Systems (lien direct) | Microsoft on Tuesday disclosed it took steps to suspend accounts that were used to publish malicious drivers that were certified by its Windows Hardware Developer Program were used to sign malware. The tech giant said its investigation revealed the activity was restricted to a number of developer program accounts and that no further compromise was detected. Cryptographically signing malware is | Ransomware Malware | ★ | |
 |
2022-12-14 14:07:00 | Cuba ransomware group used Microsoft developer accounts to sign malicious drivers (lien direct) | Microsoft suspended several accounts on its hardware developer program that signed malicious drivers used by a ransomware group called Cuba to disable endpoint security tools. The driver certificates have been revoked and the drivers will be added to a blocklist that Windows users can optionally deploy."In most ransomware incidents, attackers kill the target's security software in an essential precursor step before deploying the ransomware itself," researchers from security firm Sophos said in a new report about the incident. "In recent attacks, some threat actors have turned to the use of Windows drivers to disable security products."To read this article in full, please click here | Ransomware Threat | ★★ | |
 |
2022-12-14 13:40:44 | (Déjà vu) Royal Rumble: Analysis of Royal Ransomware (lien direct) |
The Royal ransomware group emerged in early 2022 and has gained momentum since the middle of the year. Its ransomware, which the group deploys through different TTPs, has impacted multiple organizations across the globe. The group itself is suspected of consisting of former members of other ransomware groups, based on similarities researchers have observed between Royal ransomware and other ransomware operators. |
Ransomware | ★★★ | |
 |
2022-12-14 13:24:00 | Microsoft patches Windows zero-day used to drop ransomware (lien direct) | Microsoft has fixed a security vulnerability used by threat actors to circumvent the Windows SmartScreen security feature and deliver Magniber ransomware and Qbot malware payloads. [...] | Ransomware Malware Vulnerability Threat | ★★ | |
 |
2022-12-14 12:00:00 | (Déjà vu) OT Cybersecurity Best Practices for Small & Medium Organizations: How to Respond to a Ransomware Attack (lien direct) | >This is our monthly blog detailing best practices for OT cybersecurity for under-resourced organizations by Dragos OT-CERT (Operational Technology –... The post OT Cybersecurity Best Practices for Small & Medium Organizations: How to Respond to a Ransomware Attack first appeared on Dragos. | Ransomware | ★★★ | |
 |
2022-12-14 11:00:00 | 5 Holiday Cybersecurity Tips That Make A Real Impact (lien direct) | >Tired of cybersecurity tips that don’t really make an impact? This post is for you. The year is winding down to an end. Everyone, including security teams, is busy and preoccupied. Cyber actors know this and are gearing up to launch attacks. Over the holiday season, the global number of attempted ransomware attacks has increased […] | Ransomware | ★ | |
 |
2022-12-14 09:42:46 | Ransomware : balance ton pote (lien direct) | Nouvelle fuite dans le petit monde des ransomwares. Un ancien membre du groupe URSNIF balance des informations personnelles sur les instigateurs de cette opération malveillante.... | Ransomware | ★★★ | |
|
2022-12-14 04:31:00 | New Royal ransomware group evades detection with partial encryption (lien direct) | A new ransomware group dubbed Royal that formed earlier this year has significantly ramped up its operations over the past few months and developed its own custom ransomware program that allows attackers to perform flexible and fast file encryption. "The Royal ransomware group emerged in early 2022 and has gained momentum since the middle of the year," researchers from security firm Cybereason said in a new report. "Its ransomware, which the group deploys through different TTPs, has impacted multiple organizations across the globe. The group itself is suspected of consisting of former members of other ransomware groups, based on similarities researchers have observed between Royal ransomware and other ransomware operators."To read this article in full, please click here | Ransomware | ★ | |
 |
2022-12-13 21:28:57 | Cuba Ransomware Gang Abused Microsoft Certificates to Sign Malware (lien direct) | The company has taken measures to mitigate the risks, but security researchers warn of a broader threat. | Ransomware Malware | ★★★ | |
 |
2022-12-13 20:02:12 | LockBit Breached The California Department of Finance (lien direct) | Authorities in California are looking into a cybersecurity breach at the Department of Finance after a large ransomware organization claimed to have stolen private information and financial records from the organization. In a statement released on Monday, the California Office of Emergency Services (Cal OES) called the danger a “intrusion” that had been “discovered via […] | Ransomware | ★★ | |
 |
2022-12-13 17:11:25 | Comment from WithSecure spokesperson on: LockBit ransomware crew claiming an attack on California Department of Finance (lien direct) | Following the news of LockBit ransomware crew claiming another attack on California Department of Finance; Neeraj Singh a Research & Development Manager from WithSecure highlights the numerous attacks by LockBit in the past few months, and the ever-growing importance of government agencies strengthen their cybersecurity strategies. Neeraj Singh, Research & Development Manager, WithSecure Intelligence. - Malware Update | Ransomware | ★★ | |
|
2022-12-13 16:24:20 | LockBit claims attack on California\'s Department of Finance (lien direct) | The Department of Finance in California has been the target of a cyberattack now claimed by the LockBit ransomware gang. [...] | Ransomware | ★★★ | |
 |
2022-12-13 16:00:00 | Anomali Cyber Watch: MuddyWater Hides Behind Legitimate Remote Administration Tools, Vice Society Tops Ransomware Threats to Education, Abandoned JavaScript Library Domain Pushes Web-Skimmers (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Compromised websites, Education, Healthcare, Iran, Phishing, Ransomware, and Supply chain. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
New MuddyWater Threat: Old Kitten; New Tricks
(published: December 8, 2022)
In 2020-2022, Iran-sponsored MuddyWater (Static Kitten, Mercury) group went through abusing several legitimate remote administration tools: RemoteUtilities, followed by ScreenConnect and then Atera Agent. Since September 2022, a new campaign attributed to MuddyWater uses spearphishing to deliver links to archived MSI files with yet another remote administration tool: Syncro. Deep Instinct researchers observed the targeting of Armenia, Azerbaijan, Egypt, Iraq, Israel, Jordan, Oman, Qatar, Tajikistan, and United Arab Emirates.
Analyst Comment: Network defenders are advised to establish a baseline for typical running processes and monitor for remote desktop solutions that are not common in the organization.
MITRE ATT&CK: [MITRE ATT&CK] Phishing - T1566 | [MITRE ATT&CK] Remote Access Tools - T1219
Tags: mitre-group:MuddyWater, actor:Static Kitten, actor:Mercury, Iran, source-country:IR, APT, Cyberespionage, Ministry of Intelligence and Security, detection:Syncro, malware-type:RAT, file-type:MSI, file-type:ZIP, OneHub, Windows
Babuk Ransomware Variant in Major New Attack
(published: December 7, 2022)
In November 2022, Morphisec researchers identified a new ransomware variant based on the Babuk source code that was leaked in 2021. One modification is lowering detection by abusing the legitimate Microsoft signed process: DLL side-loading into NTSD.exe — a Symbolic Debugger tool for Windows. The mechanism to remove the available Shadow Copies was changed to using Component Object Model objects that execute Windows Management Instrumentation queries. This sample was detected in a large, unnamed manufacturing company where attackers had network access and were gathering information for two weeks. They have compromised the company’s domain controller and used it to distribute ransomware to all devices within the organization through Group Policy Object. The delivered BAT script bypasses User Account Control and executes a malicious MSI file that contains files for DLL side-loading and an open-source-based reflective loader (OCS files).
Analyst Comment: The attackers strive to improve their evasion techniques, their malware on certain steps hides behind Microsoft-signed processes and exists primarily in device memory. It increases the need for the defense-in-depth approach and robust monitoring of your organization domain.
MITRE ATT&CK: [MITRE ATT&CK] Data Encrypted for Impact - T1486 | [MITRE ATT&CK] Abuse Elevation Control Mechanism - T1548 | [MITRE ATT&CK] Hijack Execution Flow - T1574 | |
Ransomware Malware Tool Threat Medical | APT 38 | ★★★ |
|
2022-12-13 14:38:00 | Cybersecurity Experts Uncover Inner Workings of Destructive Azov Ransomware (lien direct) | Cybersecurity researchers have published the inner workings of a new wiper called Azov Ransomware that's deliberately designed to corrupt data and "inflict impeccable damage" to compromised systems. Distributed through another malware loader known as SmokeLoader, the malware has been described as an "effective, fast, and unfortunately unrecoverable data wiper," by Israeli cybersecurity company | Ransomware Malware | ★★★ | |
|
2022-12-13 14:28:51 | Catalogic Software announced the release and general availability of the latest version of Catalogic DPX (lien direct) | Catalogic Software Strengthens Proactive Ransomware Shield; Broadens Data Protection for Azure and Google Clouds DPX 4.9 extends GuardMode to Linux servers and Samba shares; improves quality of alerts for backup administrators. - Product Reviews | Ransomware | ★★ | |
|
2022-12-13 12:30:00 | Malware Strains Targeting Python and JavaScript Developers Through Official Repositories (lien direct) | An active malware campaign is targeting the Python Package Index (PyPI) and npm repositories for Python and JavaScript with typosquatted and fake modules that deploy a ransomware strain, marking the latest security issue to affect software supply chains. The typosquatted Python packages all impersonate the popular requests library: dequests, fequests, gequests, rdquests, reauests, reduests, | Ransomware Malware | ★★★ | |
 |
2022-12-12 20:16:39 | LockBit ransomware crew claims attack on California Department of Finance (lien direct) | >The ransomware crew claims to have stolen nearly 76 gigabytes of files, and has given the agency until Christmas Eve to respond. | Ransomware | ★★ | |
|
2022-12-12 18:34:25 | Play ransomware claims attack on Belgium city of Antwerp (lien direct) | The Play ransomware operation has claimed responsibility for a recent cyberattack on the Belgium city of Antwerp. [...] | Ransomware | ★ | |
 |
2022-12-12 16:00:00 | Royal Ransomware Targets US Healthcare (lien direct) | Requested ransom payment demands ranged from $250,000 to over $2m | Ransomware | ★★★ | |
|
2022-12-12 13:27:00 | Royal Ransomware Threat Takes Aim at U.S. Healthcare System (lien direct) | The U.S. Department of Health and Human Services (HHS) has cautioned of ongoing Royal ransomware attacks targeting healthcare entities in the country. "While most of the known ransomware operators have performed Ransomware-as-a-Service, Royal appears to be a private group without any affiliates while maintaining financial motivation as their goal," the agency's Health Sector Cybersecurity | Ransomware Threat | ★★★ | |
 |
2022-12-12 12:46:57 | Python, JavaScript Developers Targeted With Fake Packages Delivering Ransomware (lien direct) | Phylum security researchers warn of a new software supply chain attack relying on typosquatting to target Python and JavaScript developers. | Ransomware | ★★ | |
|
2022-12-12 12:36:59 | Ransomware et pénurie de compétences informatiques : Comment les entreprises peuvent-elles encore limiter les dégâts ? (lien direct) | Ransomware et pénurie de compétences informatiques : Comment les entreprises peuvent-elles encore limiter les dégâts ? Par Jean-Pierre Boushira, VP South EMEA, Benelux & Nordics chez Veritas Technologies - Points de Vue | Ransomware | ★ | |
|
2022-12-12 12:30:00 | What CISOs Can Do to Win the Ransomware Game (lien direct) | In this Expert Insight, Jeffrey Wheatman, the Cyber Risk Evangelist at Black Kite, says that CISOs need to shift their approach: becoming more proactive in working to preventing ransomware attacks. And he provides some steps CISOs can take to ensure their companies stay safe. | Ransomware | ★★ | |
|
2022-12-12 12:21:29 | Rackspace Hit With Lawsuits Over Ransomware Attack (lien direct) | At least two lawsuits have been filed against Texas-based cloud company Rackspace over the recently disclosed ransomware attack. | Ransomware | ★ | |
|
2022-12-12 11:00:00 | Ransomware: Which Industries Are Most Likely to Pay (lien direct) |
A recent study by Cybereason, Ransomware: The True Cost to Business 2022, revealed that 73% of respondents had experienced a ransomware attack in the last 24 months. Of those respondents, 28% said their organizations paid the ransom. A separate survey of cybersecurity leaders conducted by WSJ Pro Research found that 42.5% of respondents said they would consider paying a ransom. |
Ransomware Guideline | ★★★★ | |
 |
2022-12-12 10:55:50 | From disruption to destruction- Azov Ransomware presents a new shift towards destructive wipers (lien direct) | >Highlights: Check Point Research (CPR) provides under-the-hood details of its analysis of the infamous Azov Ransomware Using advanced wipers, Azov is designed to inflict immense damage to the infected machine it runs on Check Point Research flags a worrying shift towards sophisticated malware designed to destroy the compromised system, and advises organizations to take appropriate… | Ransomware Malware | ★★★ | |
|
2022-12-12 10:55:16 | Pulling the Curtains on Azov Ransomware: Not a Skidsware but Polymorphic Wiper (lien direct) | >Highlights: Introduction During the past few weeks, we have shared the preliminary results of our investigation of the Azov ransomware on social media, as well as with Bleeping Computer. The below report goes into more detail regarding the internal workings of Azov ransomware and its technical features. Background & Key Findings Azov first came to […] | Ransomware | ★★★ | |
|
2022-12-12 09:35:26 | Les attaques ciblées par ransomware ont doublé en 2022, de nouvelles techniques et de nouveau groupes émergent (lien direct) | Les attaques ciblées par ransomware ont doublé en 2022, de nouvelles techniques et de nouveau groupes émergent Au cours des dix premiers mois de 2022, la proportion d'internautes victimes d'attaques ciblées par ransomware a presque doublé par rapport à la même période en 2021. Une croissance aussi frappante indique que les groupes de ransomware, qu'ils soient déjà bien connus ou fraîchement débarqués, ont continué à perfectionner leurs techniques. Le rapport sur les crimewares 2022 de Kaspersky suit l'évolution du paysage des ransomwares et révèle au grand jour de nouvelles stratégies de ces groupes malveillants, celles introduites par le célèbre groupe "LockBit" et un nouveau venu, "Play", qui emploie des techniques d'auto-propagation. - Malwares | Ransomware | ★★ | |
|
2022-12-11 11:22:33 | (Déjà vu) Clop ransomware uses TrueBot malware for access to networks (lien direct) | Security researchers have noticed a spike in devices infected with the TrueBot malware downloader created by a Russian-speaking hacking group known as Silence. [...] | Ransomware Malware | ★★ | |
|
2022-12-11 11:22:33 | Clop ransomware partners with TrueBot malware for access to networks (lien direct) | Security researchers have noticed a spike in devices infected with the TrueBot malware downloader created by a Russian-speaking hacking group known as Silence. [...] | Ransomware Malware | ★ | |
|
2022-12-09 14:51:48 | Rackspace warns of phishing risks following ransomware attack (lien direct) | Cloud computing provider Rackspace warned customers on Thursday of increased risks of phishing attacks following a ransomware attack affecting its hosted Microsoft Exchange environment. [...] | Ransomware | ★★ | |
|
2022-12-09 12:45:50 | (Déjà vu) Is there a way for healthcare providers to prevent cyberattacks from spreading? (lien direct) | Is there a way for healthcare providers to prevent cyberattacks from spreading? By Antoine Korulski, Product Marketing Manager, Infinity architecture Highlights: The Healthcare sector was the most targeted industry for ransomware during the third quarter of 2022, with one in 42 organizations impacted by ransomware. 78% of CISOs have 16 or more tools in their cybersecurity vendor portfolio, they concluded that having too many security vendors results in complex security operations and increased security headcount. - Opinion | Ransomware | ★★ | |
 |
2022-12-08 18:25:04 | New Ransom Payment Schemes Target Executives, Telemedicine (lien direct) | Ransomware groups are constantly devising new methods for infecting victims and convincing them to pay up, but a couple of strategies tested recently seem especially devious. The first centers on targeting healthcare organizations that offer consultations over the Internet and sending them booby-trapped medical records for the "patient." The other involves carefully editing email inboxes of public company executives to make it appear that some were involved in insider trading. | Ransomware | ★★ | |
|
2022-12-08 15:27:11 | CommonSpirit Health ransomware attack exposed data of 623,000 patients (lien direct) | CommonSpirit Health has confirmed that threat actors accessed the personal data for 623,774 patients during an October ransomware attack. [...] | Ransomware Threat | ★★★ | |
|
2022-12-08 14:00:00 | What CISOs Should Know About CIRCIA Incident Reporting (lien direct) | >In March of 2022, a new federal law was adopted: the Cyber Incident Reporting Critical Infrastructure Act (CIRCIA). This new legislation focuses on reporting requirements related to cybersecurity incidents and ransomware payments. The key takeaway: covered entities in critical infrastructure will now be required to report incidents and payments within specified time frames to the […] | Ransomware | ★★ | |
 |
2022-12-08 07:48:00 | Ransomware Roundup – New Vohuk, ScareCrow, and AERST Variants (lien direct) | In this week's ransomware roundup, FortiGuard Labs covers the Vohuk, ScareCrow, and AERST ransomware along with protection recommendations. Read more. | Ransomware | ★★ | |
|
2022-12-08 02:10:30 | (Déjà vu) ASEC Weekly Malware Statistics (November 28th, 2022 – December 4th, 2022) (lien direct) | The ASEC analysis team uses the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from November 28th, 2022 (Monday) to December 4th, 2022 (Sunday). For the main category, Infostealer ranked top with 34.8%, followed by downloader with 28.2%, backdoor with 21.1%, ransomware with 14.6%, and CoinMiner with 0.3%. Top 1 – SmokeLoader SmokeLoader is an infostealer/downloader malware that is distributed via exploit kits. This week, it ranked first place with... | Ransomware Malware | ★★ | |
|
2022-12-07 20:04:00 | Vice Society Ransomware Attackers Targeted Dozens of Schools in 2022 (lien direct) | The Vice Society cybercrime group has disproportionately targeted educational institutions, accounting for 33 victims in 2022 and surpassing other ransomware families like LockBit, BlackCat, BianLian, and Hive. Other prominent industry verticals targeted include healthcare, governments, manufacturing, retail, and legal services, according to an analysis of leak site data by Palo Alto Networks | Ransomware | ★★★ | |
|
2022-12-07 17:00:00 | NZ Privacy Commissioner Investigates Mercury IT Ransomware Attack (lien direct) | The watchdog also confirmed it plans on opening a compliance investigation into the incident | Ransomware | ★★★ | |
|
2022-12-07 14:08:48 | New Zealand Government Hit by Ransomware Attack on IT Provider (lien direct) | The New Zealand government this week confirmed being impacted by a ransomware attack on managed service provider (MSP) Mercury IT, which has disrupted businesses and public authorities in the country. A small business with only 25 employees, Mercury IT provides cybersecurity, IT, telecoms, and support services for multiple organizations in the country. | Ransomware | ★★ | |
|
2022-12-07 14:05:00 | FFT and Ransomware Represent Over Half of Cyber Insurance Claims in 2022 (lien direct) | While average ransomware claims are much higher, the report warned that vectors like BEC could deliver "death by a thousand cuts" | Ransomware | ★★★ | |
|
2022-12-07 14:01:30 | Intersport Data Posted On Hive Dark Web Blog (lien direct) | On the dark web blog of the well-known Ransomware gang Hive, data purportedly belonged to the renowned sports shop Intersport. Following a hack on Black Friday, the Hive ransomware group appears to be posting Intersport’s data via its victim blog.It comes after a hack that happened in November during the week of Black Friday. Last […] | Ransomware Hack | ★★★ | |
|
2022-12-07 13:31:22 | What Do You Know About Mercury IT Ransomware Attack? (lien direct) | Numerous government departments and public bodies are believed to have been affected by a ransomware attack on Mercury IT, a popular managed service provider (MSP) in New Zealand. A hack on a third-party IT support provider has affected a number of governmental authorities, including Te Whatu Ora (Health New Zealand) and the Ministry of Justice. […] | Ransomware Hack | ★★ | |
|
2022-12-07 12:00:00 | What Healthcare CISOs Can Do Differently to Fight Ransomware (lien direct) |
Ransomware attacks cost the healthcare industry over $20 billion in 2020 and show no sign of slowing down. “The current outlook is terrible,” says Israel Barak, CISO of Cybereason. “We are seeing the industry experience an extremely sharp increase in both the quantity and level of sophistication of these attacks.” |
Ransomware | ★★★ | |
 |
2022-12-07 11:56:23 | Detect, manage and respond: Clop ransomware (lien direct) | >by Santosh Nepal, Security Analytics EngineerContentsTL;DRFast FactsDetecting Clop using LogpointDetecting execution of a malicious documentIncident investigation and response using Logpoint SOAROut-of-the-box Logpoint playbooksBest practicesDetecting signs of ransomware from common threat actors early is keyTL;DRThere is a growing complexity of ransomware development and threat actors who are continuously adding different sophisticated techniques to their arsenal. When Michael [...] | Ransomware Threat | ★★★ |
To see everything:
Our RSS (filtrered)
