IT threat evolution Q2 2022

ToddyCat APT and WinDealer man-on-the-side attack, Spring4Shell and other vulnerabilities, ransomware trends and our in-depth analysis of the TTPs of the eight most widespread ransomware families. Continue reading IT threat evolution Q2 2022

Group behind Emotet botnet malware testing new methods to get around Microsoft security

Recent changes to Microsoft automation capabilities may be forcing cybercrime operators to adapt.

The post Group behind Emotet botnet malware testing new methods to get around Microsoft security appeared first on CyberScoop.

Continue reading Group behind Emotet botnet malware testing new methods to get around Microsoft security

Conti’s Ransomware Toll on the Healthcare Industry

Conti — one of the most ruthless and successful Russian ransomware groups — publicly declared during the height of the COVID-19 pandemic that it would refrain from targeting healthcare providers. But new information confirms this pledge was always a lie, and that Conti has launched more than 200 attacks against hospitals and other healthcare facilities since first surfacing in 2018 under the name “Ryuk.” Continue reading Conti’s Ransomware Toll on the Healthcare Industry

Emotet’s tax-season phishing is back with new tricks

Researchers at Cofense say the operators behind the Emotet botnet “have upped their game” for 2022’s tax season.

The post Emotet’s tax-season phishing is back with new tricks appeared first on CyberScoop.

Continue reading Emotet’s tax-season phishing is back with new tricks

Conti Ransomware Group Diaries, Part II: The Office

Earlier this week, a Ukrainian security researcher leaked almost two years’ worth of internal chat logs from Conti, one of the more rapacious and ruthless ransomware gangs in operation today. Tuesday’s story examined how Conti dealt with its own internal breaches and attacks from private security firms and governments. In Part II of this series we’ll explore what it’s like to work for Conti, as described by the Conti employees themselves. Continue reading Conti Ransomware Group Diaries, Part II: The Office

TrickBot malware suddenly got quiet, researchers say, but it’s hardly the end for its operators

The operators of TrickBot have essentially shut down the notorious malware, multiple reports say, but evidence suggests the gang has begun using other platforms or folded operations into another cybercrime group altogether. Researchers at Intel471 and AdvIntel noted a sharp dip in recent TrickBot activity in separate reports Thursday, even though the command-and-control infrastructure for the malware remains operational. Intel471 said “it’s likely that the Trickbot operators have phased Trickbot malware out of their operations in favor of other platforms,” probably Emotet — a development researchers have been tracking for months. AdvIntel’s Yelisey Boguslavskiy, meanwhile, said in his report that TrickBot’s operators had been subsumed into Conti, a Russia-linked cybercrime group known for offering “ransomware as a service” packages to its affiliates. Researchers previously had noted TrickBot connections with Conti. “In name, at least, this means that TrickBot’s four-year saga is now coming to a close — the liaison that […]

The post TrickBot malware suddenly got quiet, researchers say, but it’s hardly the end for its operators appeared first on CyberScoop.

Continue reading TrickBot malware suddenly got quiet, researchers say, but it’s hardly the end for its operators

Financial cyberthreats in 2021

This report provides insight into 2021 financial threat trends and statistics, including data on banking malware for Windows and Android, banking, payment system and e-shop phishing, etc. Continue reading Financial cyberthreats in 2021