Blog

Blog

Increase in Ransomware Demand Amounts Driven by Ryuk, Sodinokibi

The Ryuk and Sodinokibi ransomware families both contributed to an increase in the ransom amounts demanded by attackers over the past quarter. Coveware found that the average ransom amount demanded by ransomware attacks in Q1 2020 was $111,605. This amount was a third higher than what it had been in the final quarter of the previous year. It was...
Blog

COVID-19 Scam Roundup – May 4, 2020

Malicious actors continue to abuse coronavirus 2019 (COVID-19) as a lure to profit off of innocent people. Indeed, Arkose Labs found that 26.5% of all transactions recorded in Q1 2020 were fraud and abuse attempts—a 20% increase over the previous quarter and the highest attack rate ever observed by the security firm's researchers. It's therefore...
Blog

Phishers Increasingly Incorporating reCaptcha API into Campaigns

Security researchers observed that digital attackers are increasingly incorporating the reCaptcha API into their phishing campaigns. Barracuda Networks explained that malicious actors are starting to outfit their phishing attempts with reCaptcha walls so that they can shield their landing pages from automated URL analysis tools as well as add a...
Blog

Newly-discovered Android malware steals banking passwords and 2FA codes

Security researchers at Cybereason are warning of a new mobile banking trojan that steals details from financial apps and intercepts SMS messages to bypass two-factor authentication mechanisms. According to experts who have examined the code of the malware, known as EventBot, it differs substantially from previously known Android malware -...
Blog

Chegg Confirmed Data Breach of Employee Records

American education technology company Chegg confirmed a data breach in which malicious actors stole some of its employee records. As reported by TechCrunch, digital attackers succeeded in stealing 700 records associated with current and former Chegg employees. Those records contained individuals'...
Blog

National Poetry Month – Cybersecurity Edition

April is National Poetry Month, a time when we can celebrate poets and their craft. To join in the celebrations, we at the State of Security asked employees at Tripwire and in the wider infosec community to create and share some of their favorite cybersecurity-related poems with us. Here are some of our favorites from Twitter: https://twitter.com...
Blog

The MITRE ATT&CK Framework: Credential Access

There’s no doubt about it, attackers want your credentials more than anything, especially administrative credentials. Why burn a zero-day or risk noisy exploits when you can just log in instead? If you were to break into a house, would you rather throw a brick through a window or use a key to the front door? https://www.youtube.com/watch?v...
Blog

Cloud Under Pressure: Keeping AWS Projects Secure

Amazon Web Services (AWS) allow organizations to take advantage of numerous services and capabilities. As the number of available options under the cloud infrastructure of the company grows, so too do the security risks and the possible weaknesses. AWS Project owners need to take extra precautions by following some platform-specific advice. Amazon...
Blog

Operators of Shade Ransomware Publish 750K Decryption Keys

The operators of Shade ransomware published the decryption keys for 750,000 of their victims in an effort to help them recover their data. The authors of Shade used a GitHub post to make decryption keys available to all of its remaining victims (approximately 750,000). They also used the posting to provide a bit of context about their decision: We...
Blog

Zero-Day Flaw Allowed Attackers to Achieve RCE on Firewalls

British security firm Sophos determined that malicious actors had abused a zero-day vulnerability to achieve remote code execution (RCE) on some of its firewall products. According to Sophos, the attack chain began when digital attackers exploited a zero-day SQL injection vulnerability to achieve RCE on some firewall products. They abused this...
Blog

COVID-19 Scam Roundup – April 27, 2020

The coronavirus 2019 (COVID-19) scam onslaught continues. Per Threatpost, digital attackers ramped up their activity over Q1 2020 to the extent that they were sending approximately 1.5 million coronavirus-themed attack emails by the middle of April. How can we then be surprised by ZDNet's reporting that the number of digital crime reports received...
Blog

OSINT – Using Threat Intelligence to Secure Your Organisation

In my first article on Cyber Security Threat Intelligence Analysts, (CTI analysts) we covered what a CTI analyst is and discussed how they can bridge the gaps between IT, Security, and the Business. We discussed how this is beneficial to the maturity of the business, but what exactly did we mean by this? In the second article of our CTI analyst...
Blog

New Phishing Campaign Spoofed Skype to Steal Users' Credentials

A phishing campaign leveraged malicious emails to spoof video calling platform Skype in order to steal users' account credentials. Cofense observed that the campaign began with an attack email that appeared to originate from Skype. Specifically, the attackers crafted the sending email address to read as "67519-81987[@]skype.[REDACTED EMAIL]." But a...
Blog

Expert Thoughts on How Infosec Pros Can Make the Most of Working From Home

We find ourselves in strange times. In response to the ongoing coronavirus epidemic, organizations have swiftly closed their offices and mandated that all employees begin working from home. This development has created security challenges with which many organizations are still grappling. That’s not the only impact COVID-19 has had on security....
Blog

VictoryGate Monero-Mining Botnet Spread via Infected USB Devices

A previously undocumented botnet called "VictoryGate" propagated via infected USB devices in order to perform Monero-mining functionality. Slovakian security firm ESET revealed that it had sinkholed several command-and-control (C&C) domains so that it could monitor VictoryGate's activity. Through this process, the company learned that VictoryGate...
Blog

Maze Ransomware – What You Need to Know

What's this Maze thing I keep hearing about? Maze is a particularly sophisticated strain of Windows ransomware that has hit companies and organizations around the world and demanded that a cryptocurrency payment be made in exchange for the safe recovery of encrypted data. There's been plenty of ransomware before. What makes Maze so special? Like...
Blog

DoppelPaymer Ransomware Struck City in Los Angeles County

DoppelPaymer ransomware allegedly struck a U.S. coastal city in Los Angeles County by stealing its unencrypted data and then encrypting its devices. As reported by Bleeping Computer, the operators of DoppelPaymer updated their "Dopple Leaks" leak site with a post entitled "City of Torrance, CA." This post contained numerous links to files that...
Blog

Oil and Gas Sectors Targeted by AgentTesla Infostealer Campaigns

Digital attackers used spearphishing campaigns to target oil and gas companies with samples of the AgentTesla infostealer family. In the first campaign spotted by Bitdefender, malicious actors sent out emails that appeared to originate from Egyptian state oil company Engineering for Petroleum and Process Industries (Enppi). Those emails invited...