NCC Group has reported that the Black Basta ransomware group has formed an alliance with QBot for lateral movement across the target network. Additionally, the attackers were spotted using Cobalt Strike beacons during the compromise. QBot is still propagated via malicious emails, users should stay alert while opening attachments from unknown users.
Not only QNAP but Asustor—another NAS devices vendor—underwent DeadBolt attacks in February. The next month, the attackers again shifted to targeting QNAP devices and the number of infections reached 1,146.
IBM X-Force has analyzed multiple ransomware attack investigations and shared multiple insights for attacks that occurred between 2019 and 2021. The average attack time got reduced to 3.85 days in 2021. X-Force disclosed five main security controls to stop the ransomware attack lifecycle, such as implementing MFA and PAM for privileged accounts.
As a part of the extortion routine, the attackers send ransom notes to the employees of the victim firm, threatening to leak the stolen information. The twist is that although there is a deadline for paying the ransom, the hackers do not sit and wait.
With multiple obfuscation layers, the ransomware leverages custom environment variables, as well as the Enable Delayed Expansion function, to evade detection.
Apart from socially engineered emails, attackers are adopting graymail. Graymails are legitimate-looking emails that can bypass spam filters and can enable attackers to identify out-of-office employees.
The operators of these skimmers can steal credit card numbers, expiration dates, CVV codes, customer names, phone numbers, and addresses, which is all they need to perform unauthorized online purchases.
Shields Health Care Group (Shields) suffered a data breach that exposed the data of approximately 2,000,000 people in the United States after hackers breached their network and stole data.
The new Series B investment round was led by Evolution Equity Partners, with participation from Emerald Development Managers, Hannover Digital Investments (HDI), and IQ Capital.
In 2019, the U.S. Treasury issued sanctions against 17 individuals and seven entities of Evil Corp cyber operations for causing financial losses of more than $100 million with the Dridex malware.