Black Cat Attack on UnitedHealth Group

October 24, 2023

Las Vegas Casinos Targeted by Ransomware Attacks

Ever since the invention of internet browsers for personal computers came about in the 1990s, cybercrime has been on the rise. Almost 30 years after the invention of the World Wide Web, cybercriminals have a variety of different methodologies and toolkits they use daily to leverage vulnerabilities and commit crimes. One of the most popular types of attacks that is used by threat actors is a ransomware attack. Most recently, several Las Vegas Casinos fell victim to a series of ransomware attacks.

October 12, 2023

Job Hunt or Data Hunt? The Rise of Malicious Recruiters in Cyberspace

Hackers, whether they are working by themselves or part of a larger APT (advanced persistence threat) group, are constantly thinking about new ways to launch attacks against individuals and organizations around the world. Most of these hackers and APT groups share common motives ranging from things like revenge and hacktivism to financial gain. Things get a little more complicated when hackers are working on behalf of a state-sponsored operation, especially when that state is North Korea. Recently, there have been reports of hackers connected to the North Korean state posing as job recruiters to deploy complex malware onto the devices of individuals around the world.

September 7, 2023

DarkGate Malware Returns

In the past couple of months, researchers observed an uptick in malware being delivered to end users through a malspam campaign. Malspam is a term given to spam emails that contain malicious links, contents, or files. One such malware that is currently being spread through malspam is DarkGate. Recently, researchers have begun to investigate new cases of this malware which began spreading in June 2023.

September 7, 2023

MMRat: A New Banking Trojan

Many threat actors tend to gravitate towards using some type of remote access trojan (RAT) in their campaigns. RATs are a type of malware that is designed to allow the attacker to have control over an infected device. RATs are a popular choice for hackers to use due to their many capabilities from reconnaissance and data exfiltration to long-term persistence. Throughout the last couple of months, a new Android banking trojan has been making headlines. This trojan, known as MMRat, has been seen targeting mobile users in Asia and has been linked to bank fraud.

August 7, 2023

Unraveling The Decoy Dog Malware

August 7, 2023

Biden’s IoT Cybersecurity Initiative

August 7, 2023

FraudGPT and WormGPT: New Tools in a Cyber Criminal’s Arsenal

July 5, 2023

Anonymous Sudan

Anonymous Sudan, a hacker group that originated as a Russian-speaking Telegram channel in early January of 2023 has been known to target American technology corporations by launching distributed denial of service attacks.

July 5, 2023

Code Mirage

Code Mirage: How Cyber Criminals Harness AI-Hallucinated Code for Malicious Machinations

June 5, 2023

Blacktail

Unveiling the Tactics of a Notorious Cybercrime Group

June 5, 2023

Volt Typhoon

Unraveling the Chinese Hacking Group "Volt Typhoon": A Global Cybersecurity Threat

April 10, 2023

OneNote

With the disablement of VBA macros, threat actors have turned to using OneNote attachments as a new way to install malware on an endpoint. OneNote attachments can contain embedded file formats, such as HTML, ISO, and JScripts, which can be exploited by malicious actors. OneNote attachments are particularly appealing to attackers because they are interactive and designed to be added on to and interacted with, rather than just viewed. This makes it easier for malicious actors to include enticing messages and clickable buttons that can lead to infection

March 8, 2023

Dridex

Dridex is a banking Trojan that is primarily used to steal sensitive information, such as login credentials and financial information. Dridex is known for its ability to evade detection by using dynamic configuration files.

January 5, 2023

Gu-Loader

GuLoader is an advanced malware downloader that is used by cybercriminals to distribute secondary malware payloads to further their infection chain

December 7, 2022

Raccoon Infostealer

Raccoon Stealer was first observed in 2019 and caught everyone’s attention when it became a popular choice for cybercriminals. With its new version released lately, it continues to gain popularity as a preferred tool for threat actors and poses a great threat to organizations that are not properly equipped to defend against information stealing malware such as Raccoon infostealer.

November 7, 2022

Vice Society

Vice Society is a ransomware group that initially appeared in June 2021. Although the group has been active since then, Vice Society was able to maintain its low profile until now by targeting small-sized schools. What makes Vice Society unique is that it targets organizations that have weaker security controls due to a lack of resources and exploit them for a ransom.

November 4, 2022

Typo-squatting

October 5, 2022

Metador

A fairly new hacker group known as “Metador” has recently started gaining traction in the news. This group is interesting because their motives are not fueled by any monetary value, however, it seems that the group’s main goal is long-term persistence and espionage. It is hypothesized that this group has been around for about 2-3 years targeting mostly organizations in the Middle East and Africa.

October 5, 2022

NullMixer

Nullmixer is a new malware dropper that gives us another reason to avoid questionable downloads. Your computer can become infected with malware after downloading and running the dropper, which is disguised as illegal, cracked software or some other app that might prompt you to ignore warnings from your antivirus software.

August 2, 2022

Denial of Service Attacks

A denial-of-service attack (DoS attack) is a cyber-attack in which an attacker seeks to make a machine or network resource unavailable by disrupting access to that specific machine or network. Denial of service is typically accomplished by flooding the targeted machine or resource with excess requests to prevent legitimate requests from being fulfilled.

August 2, 2022

Malware Evasion Techniques

July 4, 2022

CanaryTokens

July 4, 2022

What is Beaconing?

June 2, 2022

TrickBot

June 2, 2022

Top Ten Web Application Vulnerabilities Pt. 2

Web Applications are an attackers first choice when trying to compromise an organization. By being one of the few attack vectors that face the public, if not secured correctly, they can be an easy way for attackers to gain a foothold in your organization. In this post we will talk about the vulnerabilities in Web Applications that the OWASP Foundation has highlighted as “Most Critical”.

May 3, 2022

Fancy Bear

May 3, 2022

A Switch From the Norm - A New Malware Infection Chain

Microsoft started to disable Excel 4.0 macros by default at the beginning of the year, sending ripples through the hacking community. For context, macros are code embedded within documents which allow users to automate repetitive tasks and calculate complex equations automatically. While the purpose of macros began in a place of doing good and being efficient, they have been used for malicious purposes in the past, as malware authors have started injecting excel with malicious code that runs upon opening the sheet.

April 1, 2022

Lapsus$

A new player in the ransomware circle has continued to target big name companies such as Microsoft, Samsung, and Nvidia. While the group has become infamous, it is strongly believed that the group is formed by a group of teenagers based on their behavior and operation procedures/tactics.

April 1, 2022

Top 10 Web Application Vulnerabilities Pt. 1

Web Application’s are an attackers first choice when trying to compromise an organization. By being one of the few attack vectors that face the public, if not secured correctly, they can be an easy way for attackers to gain a foothold in your organization. In this post we will talk about the vulnerabilities in Web Applications that the OWASP Foundation has highlighted as “Most Critical”.

April 1, 2022

Suspected UNC 1151 Attacks as Ukraine Conflict Continues

March 2, 2022

The Anatomy of a Cyber Attack

The rate of cyber-attacks has escalated exponentially in the past year. According to Reuters, cybercrime has risen 500% since the beginning of the pandemic. As a lot of companies are turning to remote work, attackers are finding new ways to exploit this along with the multitude of options already available to them. Although stopping attackers from gaining access may seem like a daunting task, by understanding the entire process, from initial reconnaissance to system compromise, we can be better prepared to stop an attack before it does real damage.

March 2, 2022

BlackCat Ransomware

A ransomware group using Rust programming language and with ties to DarkSide & BlackMatter has been increasing their activity as many organizations have fallen victim to their ransomware.

February 2, 2022

#LeakTheAnalyst

The group responsible for hacking Mandiant analyst back in 2017 has made their return, according to Forum chatter and a new website.

February 1, 2022

A New Campaign From Lazarus Group

Lazarus Group (also known by other monikers such as Zinc, HIDDEN COBRA, and APT 38) is a cybercrime group made up of an unknown number of individuals run by the North Korean state. Researchers have attributed many cyberattacks to them between 2010 and 2021. The Lazarus Group has strong links to North Korea.

January 3, 2022

The Return of Emotet

In early 2021, an international law enforcement operation coordinated by Europol and Eurojust took over the Emotet infrastructure and arrested two individuals related to the group. Now, in late 2021, Emotet has been revived and improved, and has been gradually increasing its activity.

January 3, 2022

Introduction to Threat Modeling

The attack and defense sides of security are constantly changing. As part of handling this change, organizations should continually reassess and evolve their defenses. This process is called Threat Modeling and is a proactive approach to protecting your organization against threats.

December 13, 2021

The Downfall of REvil

One of the most infamous ransomware gangs, REvil, may have been permanently brought offline thanks to law enforcement activity. Several arrests of cyber criminals related to REvil have been made and their one of their leader named “Unknown” has been missing. REvil servers are currently offline and many in the DarkWeb Forum communities believe this the end of REvil.

December 3, 2021

Yanluowang Ransomware

November 3, 2021

Do You Need an MDR Solution?

Malware and Ransomware is only getting more complex over time. Find out if your organization could benefit from a MDR solution.

November 3, 2021

Lockbit 2.0

While Darkside may have rebranded as BlackMatter and REvil took a short break in July, the LockBit 2.0 ransomware group is gradually amassing an immense number of victims and continue to successfully make less noise than their counterparts.

August 19, 2021

Prometheus TDS – A Whole New Cybercrime Ecosystem

A new cybercrime service is being offered on the DarkWeb to help malware gangs distribute their malicious payloads through hacked websites

August 17, 2021

BlackMatter - A Possible Successor to Darkside and REvil

After the disappearance of two of the top ransomware gangs, a new group called BlackMatter appears in the DarkWeb to take their place.

August 15, 2021

Conti Ransomware

The case for a defense in depth approach to securing our networks.