Cybersecurity

Dark Reading posted an article providing insights from GuidePoint Security’s recently released GRIT 2022 Ransomware Report. GuidePoint offers multiple perspectives based on its ransomware negotiations. The report highlights four general categories that ransomware groups fall into and which are the most active threat. Additionally, the report offers additional considerations, most notably how improved backup strategies have been making a positive difference in being able to successfully recover after an attack.

Yesterday, the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Multi-State Information Sharing and Analysis Center (MS-ISAC) published a joint Cybersecurity Advisory (CSA) to warn network defenders about threat actors exploiting legitimate remote monitoring and management (RMM) software to conduct malicious activity.

Palo Alto Networks published a blog discussing research by its Unit 42 of a newly discovered variant of PlugX malware. This variant has a few unique capabilities, including the ability to hide itself within a USB using a novel technique that’s effective on the current Windows OS and that can only be detected using specialized forensic tools. It then copies all Adobe PDF and Microsoft Word files from the attached machine and spreads to any other removable drives (e.g., floppy, thumb, or flash) connected to the system.

Attackers are now exploiting Microsoft OneNote attachments in phishing emails to compromise users with remote access malware, which are likely to be used to deliver additional malware, steal credentials, and other financial information.