This Week in Security News – August 27, 2021 VP, Threat Intelligence
Key takeaways from H1’ 2021 Linux threat report and Google removes fake crypto-mining apps and more. Read More HERE…
Trend Micro Research : Ransomware
LockBit Resurfaces With Version 2.0 Ransomware Detections in Chile, Italy, Taiwan, UK Threats Analyst Threats Analyst Threats Analyst Threats Analyst Threats Analyst Threats Analyst Threats Analyst
The ransomware group LockBit resurfaced in July with LockBit 2.0, with reports indicating an increased number of targeted companies and the incorporation of double extortion features. Our detections followed attack attempts in Chile, Italy, Taiwan, and the UK from July to August. Read More HERE…
Chaos Ransomware: A Proof of Concept With Potentially Dangerous Applications Threats Analyst
Since June 2021, we’ve been monitoring an in-development ransomware builder called Chaos, which is being offered for testing on an underground forum. Read More HERE…
Supply Chain Attacks from a Managed Detection and Response Perspective Threats Analyst Threats Analyst Threats Analyst Threats Analyst
In this blog entry, we will take a look at two examples of supply chain attacks that our Managed Detection and Response (MDR) team encountered in the past couple of months. Read More HERE…
Homeland Security Releases New Cybersecurity Rules
DHS’s second issue requires pipeline operators to implement various cybersecurity measures to protect their operations from cyber attacks. This directive also builds upon the department’s May directive following the Colonial Pipeline attack. Read More HERE…
Nefilim Ransomware Attack Through a MITRE Att&ck Lens
Follow the story of Company X as they suffer an attack from the notorious modern ransomware family, Nefilim, and their affiliates, to learn how you can better mitigate against the common tactic and techniques used in these attacks. Read More HERE…
Bash Ransomware DarkRadiation Targets Red Hat- and Debian-based Linux Distributions Threat Researcher
We investigate how certain hacking tools are used to move laterally on victims’ networks to deploy ransomware. These tools contain reconnaissance/spreader scripts, exploits for Red Hat and CentOS, binary injectors, and more. In this blog, we focus on analyzing the worm and ransomware script. Read More HERE…
How Enterprises can Deflect Million-Dollar Ransomware Demands
Blue-chip businesses are not the only ones that have been hit hard by the recent ransomware strikes. We outline some best practices and countermeasures to avert any shakedowns at the hands of cybercriminals. Read More HERE…
The U.S. EO on Ransomware: What Does it Mean? – Part 2
The White House is urging companies to do more to stem the tide of ransomware attacks now that they are starting to impact critical infrastructure and supply chains. It is a good start, but what will be the implication of this to U.S. businesses? Read More HERE…
DarkSide on Linux: Virtual Machines Targeted Threats Analyst
We focus on the behavior of the DarkSide variant that targets Linux. We discuss how it targets virtual machine-related files on VMware ESXI servers, parses its embedded configuration, kills virtual machines (VMs), encrypts files on the infected machine, collects system information, and sends it to the remote server. Read More HERE…