Blogs

Summary  

Cl0p ransomware, a Ransomware-as-a-Service (RaaS) model, has targeted over 90 organizations worldwide, with more than 50 of these attacks occurring within the United States. In March 2023, the Cl0p leak site listed 91 victims, which is an increase of over 65% in the total number of attacks between August 2020 and February 2023. It is assessed that this sudden increase in ransomware attacks is likely associated with the group’s exploitation of the zero-day vulnerability, CVE-2023-0669.

Summary  

An emerging ALPHV (a.k.a. BlackCat, Noberus) affiliate, tracked as UNC4466, is exploiting CVE-2021-27876, CVE-2021-27877 and CVE-2021-27878 in publicly exposed installations of Veritas Backup Exec. These vulnerabilities grant the threat actors initial access to victim environments. A recent internet scan revealed over 8,500 instances of Veritas Backup Exec are currently exposed to the internet. It is unknown if all these installations have been updated with Veritas Backup software version 21.2.

Let’s face it, in our ever-growing digital world, cybersecurity is a big deal. A multi-trillion-dollar big deal! Cybercriminals are getting craftier, using multi-stage attacks and cross-domain techniques that can make life difficult for cybersecurity operations. To add to that, Security Operations Center (SOC) teams are often in a spot where they are very much behind the 8-ball staff wise, skillset wise, tool wise, or worse, all the above.

The Dark Power ransomware, a relatively new ransomware strain, was launched in early February 2023. It is a rare breed of ransomware, as it was written in the Nim programming language. The ransomware targets Microsoft Windows platforms, and its impact is high, as it encrypts files on the compromised machine and demands a ransom for file decryption. 

Overview: 

Highly Evasive Adaptive Threats, or HEAT attacks, are a new form of existing browser exploit techniques that leverage features and tools to bypass traditional security controls and then attack from within, compromising credentials or deploying ransomware. HEAT attacks go beyond traditional phishing methods and target web-based tools critical to productivity, frequently exploiting SaaS (Software as a Service) applications. 

Summary  

Chinese-linked Tick advanced persistent threat (APT) group, a.k.a. Bronze Butler, REDBALDKNIGHT, Stalker Panda, and Stalker Taurus, has been attributed to a long-lasting operation against an East Asian data loss prevention (DLP) software company. During this extensive intrusion, Tick deployed at least three different types of malware, including a previously unknown downloader.

Summary 

AlienFox, a new module toolkit, is allowing threat actors to steal authentication secrets and credentials from cloud-based web hosting and email services through misconfigured servers. The threat actors claim that AlienFox can search for common misconfigured cloud endpoints in Laravel, Drupal,. Joomla, Magento, Opencart, Prestashop, and WordPress frameworks.

DEV-0147, a group believed to be state-sponsored by China, has been observed targeting diplomatic entities in South America using common espionage and exfiltration tools such as ShadowPad, which is frequently used by other Chinese threat actors. Microsoft reports that this new campaign represents an expansion of the group's data exfiltration operations, which have previously focused on targeting government agencies and think tanks in Asia and Europe. 

Widely regarded as one of the most effective solutions in the security information and event management (SIEM) space, Microsoft Sentinel was named a Leader in the 2022 Gartner Magic Quadrant for SIEM and positioned highest on the “Ability to Execute” axis. Microsoft Sentinel is built to provide the most holistic threat monitoring and detection platform available to stop breaches.  

Cyberattacks continue to evolve, and you should expect the same from your MDR provider.   

How the Mirai botnet creators used Golang to make it even more sophisticated and dangerous

Summary  

North Korean advanced persistent threat (APT) actor, Kimsuky (a.k.a. TA406, Thallium, and Velvet Chollima) is leveraging several spear phishing campaigns to conduct cyber-espionage against diplomats, journalists, government agencies, university professors, and politicians.