Cybersecurity

Security researchers at Cisco Talos recently uncovered a new malware threat, called Squirrelwaffle, that spreads via spam campaigns, providing threat actors with an initial entry into a compromised device or network and allowing them to deploy additional malware, such as Qakbot or Cobalt Strike. Squirrelwaffle, which was first identified last month, leverages stolen reply-chain emails to propagate across devices and networks.

Although ransomware and phishing attempts are often perceived as the most frequent and persistent cyber threats by many, a new survey by the Neustar International Security Council (NISC), however, shows that domain name system (DNS) attacks are impacting businesses at an increasing rate. According to the survey, which was conducted in September 2021, 72 percent of respondents experienced a DNS attack within the last year. Among the targeted respondents, 58 percent experienced business disruptions that lasted more than an hour and 14 percent took several hours to recover.

Microsoft has shared details on the latest campaign conducted by the Russian-backed threat actor NOBELIUM. It notes that since May 2021, NOBELIUM has targeted hundreds of cloud service providers (CSPs), managed service providers (MSPs), and other IT services organizations to exploit the administrative or privileged access provided to these companies by their downstream customers.

The FBI has published a TLP:WHITE FLASH providing indicators of compromise associated with the Ranzy Locker ransomware. The FLASH indicates that Ranzy Locker ransomware, which was first detected in late 2020, has targeted more than 30 U.S. organizations, including critical infrastructure entities. Past incidents indicate the threat actors conducted brute force attacks targeting Remote Desktop Protocol (RDP) credentials to gain access to the victims’ networks. The actors also utilized Microsoft Exchange Server vulnerabilities and phishing to compromise a victim’s network.