Collaborate Disseminate
ToddyCat APT and WinDealer man-on-the-side attack, Spring4Shell and other vulnerabilities, ransomware trends and our in-depth analysis of the TTPs of the eight most widespread ransomware families. Continue reading IT threat evolution Q2 2022
Recent changes to Microsoft automation capabilities may be forcing cybercrime operators to adapt.
The post Group behind Emotet botnet malware testing new methods to get around Microsoft security appeared first on CyberScoop.
Conti — one of the most ruthless and successful Russian ransomware groups — publicly declared during the height of the COVID-19 pandemic that it would refrain from targeting healthcare providers. But new information confirms this pledge was always a lie, and that Conti has launched more than 200 attacks against hospitals and other healthcare facilities since first surfacing in 2018 under the name “Ryuk.” Continue reading Conti’s Ransomware Toll on the Healthcare Industry
Emotet was disrupted in January 2021 and returned in November. This report provides technical description of its active modules and statistics on the malware’s recent attacks. Continue reading Emotet modules and recent attacks
With just a few weeks until the April 15 deadline for US individuals and businesses to file their tax returns, scammers are as busy as ever.
Read more in my article on the Tripwire State of Security blog. Continue reading As tax deadlines approach, Emotet malware disguises itself in an IRS email
Researchers at Cofense say the operators behind the Emotet botnet “have upped their game” for 2022’s tax season.
The post Emotet’s tax-season phishing is back with new tricks appeared first on CyberScoop.
Continue reading Emotet’s tax-season phishing is back with new tricks
Earlier this week, a Ukrainian security researcher leaked almost two years’ worth of internal chat logs from Conti, one of the more rapacious and ruthless ransomware gangs in operation today. Tuesday’s story examined how Conti dealt with its own internal breaches and attacks from private security firms and governments. In Part II of this series we’ll explore what it’s like to work for Conti, as described by the Conti employees themselves. Continue reading Conti Ransomware Group Diaries, Part II: The Office
The operators of TrickBot have essentially shut down the notorious malware, multiple reports say, but evidence suggests the gang has begun using other platforms or folded operations into another cybercrime group altogether. Researchers at Intel471 and AdvIntel noted a sharp dip in recent TrickBot activity in separate reports Thursday, even though the command-and-control infrastructure for the malware remains operational. Intel471 said “it’s likely that the Trickbot operators have phased Trickbot malware out of their operations in favor of other platforms,” probably Emotet — a development researchers have been tracking for months. AdvIntel’s Yelisey Boguslavskiy, meanwhile, said in his report that TrickBot’s operators had been subsumed into Conti, a Russia-linked cybercrime group known for offering “ransomware as a service” packages to its affiliates. Researchers previously had noted TrickBot connections with Conti. “In name, at least, this means that TrickBot’s four-year saga is now coming to a close — the liaison that […]
The post TrickBot malware suddenly got quiet, researchers say, but it’s hardly the end for its operators appeared first on CyberScoop.
This report provides insight into 2021 financial threat trends and statistics, including data on banking malware for Windows and Android, banking, payment system and e-shop phishing, etc. Continue reading Financial cyberthreats in 2021
Dear blog readers,I’ve decided to share a recently obtained Emotet botnet C&C server IPs for the purpose of empowering everyone with the necessary technical information on their way to track down and monitor the botnet including to possibly assist … Continue reading Profiling the Emotet Botnet C&C Infrastructure – An OSINT Analysis