You are here

Home » Cybersecurity

Cybersecurity

Threat Awareness – Threat Actors Exploiting Event Logs to Hide Fileless Malware

Security researchers have uncovered a malicious cyber campaign that employs a novel anti-detection technique to deliver a trojan onto a targeted device. The campaign, first observed by Kaspersky, writes shellcode into Windows event logs that allows for a “fileless” last stage trojan to be hidden in a computer’s random-access memory. Injecting malware directly into system memory is what classifies as “fileless” and this technique allows threat actors to hide malicious payloads from traditional security and detection tools.

FBI PSA – BEC Scams Continue to Target Organizations Large and Small

The FBI’s Internet Crime Complaint Center (IC3) has updated its Public Service Announcement (PSA) on the continuing threat of Business Email Compromise (BEC) scams. This latest PSA includes updated statistical data for the time frame of October 2013 to December 2021, which includes the estimate that during this period total domestic and international losses to BEC have amounted to over $43 billion.

Threat Awareness - Bumblebee Malware Loader

Security researchers have detected a new malware loader dubbed Bumblebee. The sophisticated malware appears to be a replacement for BazarLoader and is likely being used to gain initial access for follow on ransomware attacks and other malicious activity. Bumblebee is a highly sophisticated malware loader “that integrates intricate elaborate evasion techniques and anti-analysis tricks,” according to BleepingComputer. Researchers have detected a number of email campaigns distributing Bumblebee within ISO attachments.

Ransomware Awareness – Onyx Ransomware Destroys Certain Sized Files

Security researchers have identified a new strain of ransomware that is overwriting files larger than 2MB rather than encrypting them. In typical ransomware fashion, Onyx threat actors steal data from a compromised network before encrypting files and employ the all-too-common double-extortion tactic. However, the destructive action of deleting files larger than 2MB essentially prevents these files from being recovered. This behavior, whether intentional or accidental, further supports that there are no guarantees on data recovery when ransoms are paid.

Threat Awareness – Emotet Testing New Delivery Tactics to Circumvent Defenses

Emotet malware continues to be one of the most prolific threats in the wild and the malware’s developers are testing new delivery methods to circumvent recent Microsoft security protocols. In this latest activity, first detected by Proofpoint, Emotet threat actors were observed likely testing new tactics, techniques, and procedures (TTPs) on a small scale before employing them in a larger campaign. Specifically, the observed malicious emails contained OneDrive URLs that hosted a zip archive containing XLL files which dropped Emotet malware.

Ransomware Resilience – Flashpoint’s Comprehensive Guide on the Ransomware Threat

Flashpoint has published a definitive guide on the ransomware threat, with the aim of helping organizations better understand the threat in order to increase their defenses and effectively respond and recover when attacked. The report begins with an overview and history of the ransomware threat. It then discusses the various strains of ransomware and how attacks unfold. Finally, the guide offers specific steps to prevent ransomware incidents and how to respond and recover from an attack.

(Update April 28, 2022) CISA and FBI Update Advisory on Destructive Malware Targeting Organizations in Ukraine

CISA and the FBI have updated joint Cybersecurity Advisory AA22-057A: Destructive Malware Targeting Organizations in Ukraine, originally released February 26, 2022. The advisory has been updated to include additional indicators of compromise for WhisperGate and Malware Analysis Reports (MARs) containing technical details for HermeticWiper, IsaacWiper, HermeticWizard, and CaddyWiper destructive malware.

Pages

Subscribe to Cybersecurity