Malware, Phishing and Ransomware

The pandemic tested the business resilience of every organisation. Small and medium sized enterprises (SMEs) had to maximise their digital footprint to keep operational, service their customers and survive. Just as companies are starting to return to some semblance of new normal, another threat is on the horizon. The pandemic has fuelled an increase in cybercrime that shows no signs of abating. Small and medium sized enterprises caught in the cross hairs The speed with...

On 16 April 2022, the ContiNews ransomware PR site posted the gang's newest victim: the Ministry of Finance of Costa Rica. Three days later, the post was updated with a sample of the stolen data, and a threat to continue attacks against Costa Rican agencies unless the government paid a requested ransom of $10 million. On April 21, the post was updated to include the URLs of two more compromised government departments - the Ministry...

DomainTools has announced the availability of DomainTools Iris Detect, an innovative new product designed to discover and monitor domain names spoofing brands, trademarks, or other domains with unprecedented speed, accuracy, and comprehensiveness. Building on the world’s largest databases of domain registration and Domain Name System (DNS) data developed by DomainTools and Farsight Security, the discovery engine underpinning Iris Detect identifies some 350,000 new domains every day—far more than any other technology available. In fact, in a 12-hour period earlier...

The nefarious minds behind a dangerous malware called BotenaGo have uploaded the source code to GitHub on October 16th 2021, according to new research by AT&T Alien Labs. This could mean hackers around the world, who now have access to this source code, will have the ability to create their own versions of the malware and adapt it to their own attack objectives. There is concern BotenaGo malware 'variants' will begin to surface quickly and...

Being struck by ransomware has been compared to having a heart attack. It’s something that stalks everyone in theory and yet when it happens the shock of the experience is always a surprise. For the first seconds, minutes - and sometimes hours - organisations are on their own. It’s a moment of unexpected trauma which many organisations find paralysing, something attackers plan for. This makes the attack’s effects even worse. Eventually a growing number call...

By the time you have finished reading this sentence, an organisation somewhere in the world will have fallen victim to a ransomware attack and had at least some of its corporate data encrypted. Globally, on average, the criminals behind ransomware attacks hit a new organisation every 10 seconds, but less than five years ago, it was every 40. Recently, Colonial Pipeline, a major US fuel company made headlines after falling victim to such an attack...

A new cybersecurity coalition, which is backed by IT Security Guru, has launched this week in a move to fight back against ransomware. The coalition is part of a new movement headed by managed security service provider Talion, called #RansomAware, which encourages organisations to come clean on ransomware and speak up about the attacks they are facing. Today businesses are facing a tidal wave of ransomware attacks and recent data from Cybereason has revealed that...

Shortly after hitting Colonial Pipeline, Darkside developers announced they would be closing operations. Nevertheless, researchers at AT&T Alien Labs have observed evidence that the group has completed a Linux version of its malware that is targeting ESXi servers hosting VMware virtual machines. To this point, the authors announced the Darkside 2.0 version with Linux capabilities.   "Linux and UNIX servers have always been a preferred option for servers and data centers, likely due to the...

As one of the unfortunate benefactors from the changing business behaviours of the pandemic, ransomware attack trends continue to evolve. During the last year, malicious actors have attacked anything from healthcare organisations and medical trials, to education and the public sector, and even business supply chains. The gravity of the threats of ransomware was exemplified by the attack that shut down the cross-country gas pipeline system Colonial Pipeline; the largest U.S. fuel pipeline, leading to...

Capcom has released the final update on their investigation into the major ransomware attack they suffered last year. The investigation has found that the attackers accessed the company through an outdated VPN device. Through this avenue, the attackers were able to access the companies network, as well as any compromised devices in the network. The attack took place in November 2020, when Capcom was targeted by the Ragnar Locker ransomware. The attack resulted in Capcom...