Cybercriminals continue to exploit unpatched Microsoft Exchange servers. Cybersecurity researchers at Sophos report an unknown attacked has been attempting to leverage the ProxyLogon exploit to unload malicious Monero cryptominer onto Exchange servers, with the payload being hosted on a compromised Exchange server.
A new CISCO Talos Intelligence report explores how cybercriminals are increasingly abusing the communications platforms that many organizations use to facilitate employee communications. According to the report, communication platforms have allowed attackers to circumvent perimeter security controls and maximize infection capabilities. Over the past year, adversaries are increasingly relying on these platforms as part of the infection process.
These are the terrible uncertainties and costs organizations like yours face as ransomware rages around the cybersphere. As you deliberate on the best strategy and tactics for defending your organization from ransomware, understand that the total cost of recovering from such an attack more than outweighs the cost of being prepared to defend against it.
There has been an significant increase in PYSA ransomware targeting education institutions in 12 U.S. states and the U.K., according to a joint Federal Bureau of Investigation (FBI) and Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) flash industry alert.
The use of artificial intelligence (AI) in cybersecurity, while often overhyped, is not a new concept. Hackers have included countermeasures in malware since its inception to detect runtime environments or sense detection attempts. Early actions were primitive compared to what we know today, but they laid the groundwork for more critical thought about adaptive and evasive technologies and sophisticated situational awareness. This lethal combination of research and deep targeting is likely the future of malware as adversaries attempt to outsmart the companies and researchers trying to thwart them.
Sophos has published new research, “Gootloader Expands Its Payload Delivery Options,” that details how the delivery method for the six-year-old Gootkit financial malware has been developed into a complex and stealthy delivery system for a wide range of malware, including ransomware. Sophos researchers have named the platform, “Gootloader.” Gootloader is actively delivering malicious payloads through tightly targeted operations in the U.S., Germany and South Korea. Previous campaigns also targeted internet users in France.
Malwarebytes’ Threat Intelligence analysts introduced a new APT group they have named LazyScripter, presenting in-depth analysis of the tactics, techniques, procedures, and infrastructure employed by this actor group.
Netskope revealed new research showing that the majority of all malware is now delivered via cloud applications, underscoring how attackers increasingly abuse popular cloud services to evade legacy security defenses putting enterprise data increasingly at risk. The findings are part of the February 2021 Netskope Cloud and Threat Report, which analyzes the most interesting trends on enterprise cloud service and app use, web and cloud-enabled threats, and cloud data migrations and transfers.
Nuspire announced the release of its 2020 Q4 and Year in Review Threat Landscape Report. Sourced from its 90 billion traffic logs, the report outlines new cybercriminal activity and tactics, techniques and procedures (TTPs) with additional insight from its threat intelligence partner, Recorded Future.
Malwarebytes announced the findings of its annual “State of Malware” report. The latest report explores how the global pandemic forced many employees to quickly become a remote workforce and confined consumers to their homes. In the wake of this change, cybercriminals ditched many of their old tactics, placing a new emphasis on gathering intelligence, and exploiting and preying upon fears with targeted and sophisticated attacks. As a result, the State of Malware Report found a notable shift in the devices targeted and strategies deployed by cybercriminals.
