Authored by: Tony Cole, CTO, Attivo Networks – I recently spoke with Authority Magazine on the topic of ransomware, and one of the questions they asked me about was how today’s organizations can best prepare for and defend against ransomware attacks. It’s a topic that many experts are concerned with today—particularly as both the volume and severity of ransomware attacks are continuing to grow at an alarming rate. It’s also a difficult question to answer, since there are no easy “one-size-fits-all” solutions to the problem. Protecting against ransomware requires organizations to understand the ..read more

Written by: Vikram Navali, Senior Technical Product Manager – Threat actors often target remote services to gain unauthorized access to internal systems and launch ransomware attacks. Once inside the victim’s network, their goal is to exploit remote services, move laterally and gain access to remote systems primarily targeting Domain Controllers, file shares, and similarly high-value servers. According to the DFIR 2021 Year In Review report (dated March 7, 2022), 27% of lateral movement techniques resulted in interactive connections usage such as AnyDesk, RDP, VNC, etc. Common Scenarios o ..read more

Authored by: Carolyn Crandall, Chief Security Advocate – CyberRisk Alliance (CRA) published a new report titled “State of Ransomware: Invest now or pay later.” The report, highlighted new findings from a January 2022 research study on the continuing escalation of ransomware attacks and what organizations are doing about it. The report states that ransomware gangs are becoming “increasingly brazen,” due in no small part to the fact that attackers are finding it easier than ever to access networks via compromised credentials. The findings note that employees can “easily be tricked into clicking ..read more

Written by: Vikram Navali, Senior Technical Product Manager – Cyberattacks are playing a critical role in the Russia-Ukraine conflict. With the recent incidents of HermeticWiper malware and a series of distributed denial-of-service (DDoS) attacks, it appears groups from both Russia and Ukraine are targeting their security systems. A Ukrainian cyber security researcher recently leaked sensitive data of the Conti ransomware gang. Soon after, the group behind the Conti ransomware gang posted a warning on a website.  The gang has publicly announced its full support for th ..read more

Written by: Vikram Navali – Senior Technical Product Manager, As the Ukraine-Russia conflict is gathering attention from everyone worldwide, a massive data-wiping malware called HermeticWiper hit multiple organizations in Ukraine. According to ESET researchers, threat actors have been in preparation for a couple of months before they could launch a full-fledged attack. Background of the HermeticWiper Malware Attack As per Cisco’s Threat advisory report, the deployment of the destructive HermeticWiper malware began on Feb. 23, 2022. HermeticWiper is a malware type that can erase all the data fr ..read more

Written By: Virkram Navali, Senior Technical Product Manager – Ransomware attacks keep showing up in daily cyber-threat bulletins. The State of Ransomware report from BlackFog shows a 17% increase in ransomware attacks in 2021 compared to 2020. The BlackFog’s reports also forecast a rise in ransomware attacks, and newer forms will become more sophisticated and disruptive. Today’s ransomware attacks have many forms, often combining multiple advanced techniques with real-time attack activities. According to Verizon’s Data Breach Investigations Report 2021, 70% of complex malware attack ..read more

Authored by: Carolyn Crandall, Chief Security Advocate, Attivo Networks – In November 2021, security professionals first observed a new strain of ransomware known as BlackCat (or ALPHV), targeting organizations across multiple industries worldwide. The group running BlackCat operates within the “ransomware-as-a-service” (RaaS) business model like other common ransomware groups. They effectively license their software to cybercriminals to use in ransomware attacks for a percentage of the final ransom payment. BlackCat has proven to be highly virulent and has already victimized dozens of enterpr ..read more

Written by: Carolyn Crandall, Chief Security Advocate – Chris Krebs, former director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and co-founder of Krebs Stamos Group, is a prolific speaker and we had the pleasure of having him join Tony Cole, Attivo Networks CTO for a recent webinar.  The November 3rd event was well attended with hundreds of professionals from around the world tuning in.  The discussion was fantastic and offered may soundbites to reflect back upon. This blog definitely won’t replace listening to the session, but will give a recap of the event ..read more

Cyber risk to industrial sectors has grown and accelerated dramatically, led by ransomware impacting industrial processes and new activity from adversaries targeting Industrial Control Systems (ICS).  According to a Dragos ICS Cybersecurity 2020 report, most of its services clients had no visibility into their ICS environments and many of their customers did not monitor for threat activity inside their ICS networks. Most companies have invested heavily in perimeter defenses, but in-network detection gaps remain, which leaves risk and exposure to attack. Internal network monitoring re ..read more

Authored by: Gorgang Joshi and Chandan S – A credential-based attack occurs when an attacker steals credentials, extends privileges, and compromises critical data. Credential theft is the first stage of a lateral movement attack and stopping the attack early in the process can make a material impact on the success and damages incurred by an attacker. RedLine Stealer malware was found to be used by attackers extensively to harvest saved credentials from applications such as browsers and windows credential manager. Several fake installers of renowned software have been reported for dropping the ..read more