MITRE ATT&CK Wizard Spider and Sandworm Evaluation: ReaQta, an IBM company demonstrates Best-in-Class capabilities for Three Years in a row.

MITRE Engenuity has just released the results of the latest round of ATT&CK Evaluations which this year focused on two well-known threat actors: Wizard Spider and Sandworm. This marks the third time that ReaQta, an IBM Company, has successfully completed the ATT&CK Evaluations with top-quality alerts, showing ReaQta’s capabilities in delivering world-class protection against even …

Rook Ransomware (RaaS): The latest kid on the block with an attitude.

Rook, the latest kid on the block for ransomware operations, first appeared on VirusTotal on 26 November 2021. Since its discovery, Rook has claimed its victims across verticals like Banking, Finance, Technology and Aerospace and they have been announced on their TOR site. Like most ransomware operations, Rook utilizes a ‘double extortion’ approach to force …

Babuk Ransomware (RaaS): Back-up Deletion and how to stop it

Babuk ransomware was discovered in January 2021 and operated a ransomware-as-a-service (RaaS) model before shutting down its operations in April. The group’s modus operandi is much like other RaaS operations, compromising organizations via phishing attempts or vulnerability exploits such as those used by HAFNIUM to gain initial access. This is followed by exfiltration of sensitive …

AvosLocker Ransomware (RaaS): A New Ransomware Group Emerges

AvosLocker recently made headlines as a new ransomware-as-a-service (RaaS) that commenced operations in June, represented by a purple bug brand logo. Operating based on a similar modus operandi to most RaaS, AvosLocker has started promoting its RaaS program via various forums on the dark web in its search for affiliates. AvosLocker’s primary mode of malware …

Remote code execution vulnerability CVE-2021-40444 could become the next prolific cyber crime tool. Here’s how to stay ahead of such exploits.

A recently discovered exploit targeting a vulnerability in Microsoft’s internal browser engine, MSHTML, could become a prolific tool by cyber criminals in both targeted and wide-spread campaigns. CVE-2021-40444, a remote code execution vulnerability within Microsoft’s MSHTML browser engine was disclosed by Microsoft in a 07 September 2021 advisory1 but a malicious document involved in the exploit …

BlackMatter Ransomware: A New Ransomware-as-a-Service (RaaS)

Following the recent trend in ransomware affiliates, BlackMatter has emerged as the latest ransomware-as-service (RaaS). According to Threat Intelligence company Recorded Future, BlackMatter has announced that they have “incorporated in itself the best features of DarkSide, REvil, and LockBit” as mentioned in an interview. Black Matter cited the following inspirations from each of their partner …

A New Era of Ransomware and its Affiliates: LockBit 2.0

Following REvil’s sudden disappearance, the empty niche in the RaaS (Ransomware as a Service) ecosystem has quickly been occupied by a new actor: LockBit that recently unveiled their LockBit 2.0 ransomware, capable of impressive encryption speeds – according to their own benchmarks – a full-fledged exfiltration service and a new affiliate program. Soon after its …

Understanding PrintNightmare: The importance of having visibility over new attack vectors

What is PrintNightmare? PrintNightmare (CVE-2021-34527) is a recently discovered vulnerability, affecting the Microsoft Windows Print Spooler Service. It allows threat actors to run arbitrary code on any device with Print Spooler service enabled with SYSTEM level privileges via Remote Code Execution (RCE) after obtaining initial access. The vulnerability allows attackers to load a DLL into …

Understanding the Avaddon Ransomware: Is your organization equipped to stop zero-day threats?

Recently, The Financial Times reported that Asian subsidiaries of a French Global insurance company were hit by a latest ransomware attack known as Avaddon. Attackers seized 3TB of data, impacting IT operations in Thailand, Malaysia, Hong Kong and the Philippines, taking hold of sensitive information like medical records and hospital data. What is Avaddon ransomware …

Close Bitnami banner
Bitnami