Cybersecurity

Ransomware threat actors continue to terrorize organizations across the world and when one group is shutdown another seemingly appears. It’s no surprise that last year saw a lot of ransomware activity. According to Digital Shadows, in the last quarter of 2021 there were 781 ransomware victims reported on data-leakage sites, a 37 percent increase compared to the previous quarter. The U.S. was the most targeted country with over 300 attacks.

The FBI has published a TLP:WHITE FLASH providing indicators of compromise associated with Diavol ransomware. The FLASH indicates that Diavol ransomware threat actors, first observed in October 2021, are associated with the Trickbot Group, who utilize the Trickbot Banking Trojan. According to the FBI, “Diavol encrypts files solely using an RSA encryption key, and its code is capable of prioritizing file types to encrypt based on a pre-configured list of extensions defined by the attacker.” Ransomware demands have ranged in price from $10,000 to $500,000.

Yesterday afternoon, the Cybersecurity and Infrastructure Security Agency (CISA) published a new CISA Insights urging organizations to immediately implement cybersecurity measures to protect against potential critical threats – CISA Insights: Implement Cybersecurity Measures Now to Protect Against Potential Critical Threats.

Phishing attacks remain one of the most common entry vectors for threat actors seeking to compromise an organization or an individual’s device or network. A particularly effective phishing tactic is brand impersonation, when adversaries attempt to mimic a website or domain of a well-known brand by using a similar domain name and webpage designed like the actual site. A recent report from the IT company Check Point identifies the top brands criminals impersonated in brand phishing attacks in the fourth quarter of 2021.