BASHLITE

Cryptominers & Botnets: Darktrace End of Year Threat Report Sees Shifting Threats as MaaS and RaaS Dominate

Retrieved on: 
Tuesday, February 6, 2024
Hive, Crime, Growth, Army, Attack, Government, Research, Microsoft Teams, SharePoint, Darktrace, Swiss Armed Forces, BASHLITE, Microsoft, Communication, Risk, RaaS, Headache, Maas, TEAMS, Infection, Organization, Cryptocurrency

The findings show that as-a-Service attacks continue to dominate the threat landscape, with Malware-as-a-Service (MaaS) and Ransomware-as-a-Service (RaaS) tools making up the majority of malicious tools in use by attackers.

Key Points: 
  • The findings show that as-a-Service attacks continue to dominate the threat landscape, with Malware-as-a-Service (MaaS) and Ransomware-as-a-Service (RaaS) tools making up the majority of malicious tools in use by attackers.
  • Proxy botnets (15% of investigated threats), more sophisticated botnets that use proxies to hide the true source of their activity.
  • In its First 6: Half-Year Threat Report , Darktrace identified Hive ransomware as one of the major Ransomware-as-a-Service attacks at the beginning of 2023.
  • Against this backdrop, the breadth, scope, and complexity of threats facing organizations has grown significantly," comments Hanah Darley, Director of Threat Research, Darktrace.

Global Ransomware Attacks Reach Record High for 2023, According to Corvus Insurance Q4 Ransomware Report

Retrieved on: 
Tuesday, January 30, 2024
Technology, Insurance, Finance, Security, Banking, Professional Services, Business, Software, Networks, Internet, Dark, Dark web, Crime, Pressure, Attack, The Travelers Companies, Transport, CISO, Significance, Law enforcement, Name, BASHLITE, Risk, Cryptocurrency

Corvus Insurance , the leading cyber underwriter powered by a proprietary AI-driven cyber risk platform, today released its Q4 2023 Ransomware Report.

Key Points: 
  • Corvus Insurance , the leading cyber underwriter powered by a proprietary AI-driven cyber risk platform, today released its Q4 2023 Ransomware Report.
  • Corvus Insurance closely monitored ransomware activity during 2023 and recognized early that attacks were occurring at a record-setting pace.
  • As a result of law enforcement’s actions, Q4 attacks dropped by 7 percent from Q3, with 1,278 victims observed on ransomware leak sites.
  • Corvus Insurance, Corvus London Markets, and Corvus Germany are the marketing names used to refer to Corvus Insurance Agency, LLC; Corvus Agency Limited; and Corvus Underwriting GmbH.

July 2023’s Most Wanted Malware: Remote Access Trojan (RAT) Remcos Climbs to Third Place while Mobile Malware Anubis Returns to Top Spot

Retrieved on: 
Wednesday, August 9, 2023
Educational research, Trojan, Fruit, Remote desktop software, Rat, URI, Directory, C&C, Microsoft Office, Microsoft Windows, SPAM, Health care, Google Store, Intelligence, Microsoft, Check Point, Android, Research, Apache, Maas, Anubis, Organization, UAC, SAN, HTTP, RAT, Form, BASHLITE, CPR, SMS, Online shopping, Video game, Mobile phone, Surveying, Remco

Researchers found that Remcos moved to third place after threat actors created fake websites last month to spread malicious downloaders carrying the RAT.

Key Points: 
  • Researchers found that Remcos moved to third place after threat actors created fake websites last month to spread malicious downloaders carrying the RAT.
  • Meanwhile, mobile banking Trojan Anubis knocked relative newcomer SpinOk from top spot on the mobile malware list, and Education/Research was the most impacted industry.
  • Remcos is a RAT first seen in the wild in 2016 and is regularly distributed through malicious Microsoft documents or downloaders.
  • Last month Anubis took first place in the most prevalent Mobile malware, followed by SpinOk and AhMyth.

May 2023’s Most Wanted Malware: New Version of Guloader Delivers Encrypted Cloud-Based Payloads

Retrieved on: 
Friday, June 9, 2023
Educational research, Trojan, Remote desktop software, Google Drive, URI, Directory, C&C, Education, Microsoft Outlook, Microsoft Windows, Health care, OS, Google Store, Intelligence, Microsoft, Check Point, Android, Brain, Apache, Research, Computer, Form book, Maas, Organization, Google Chrome, SAN, DLL, HTTP, Firefox, RAT, Form, SMS, Software, Cryptocurrency, Online shopping, Video game, Mobile phone, Anubis, BASHLITE, Office

Researchers reported on a new version of shellcode-based downloader GuLoader, which was the fourth most prevalent malware last month.

Key Points: 
  • Researchers reported on a new version of shellcode-based downloader GuLoader, which was the fourth most prevalent malware last month.
  • With fully encrypted payloads and anti-analysis techniques, the latest form can be stored undetected in well-known public cloud services, including Google Drive.
  • The payloads are fully encrypted and stored undetected in renowned public cloud services, including Google Drive.
  • It has recently been seen abusing a dynamic link library (DLL) hijacking flaw in the Windows 10 WordPad program to infect computers.

April 2023’s Most Wanted Malware: Qbot Launches Substantial Malspam Campaign and Mirai Makes its Return

Retrieved on: 
Thursday, May 11, 2023
Trojan, Engineering education research, Remote desktop software, URI, Directory, Prevalence, C&C, Cybercrime, Microsoft Outlook, Internet of things, Microsoft Windows, Health care, OS, Google Store, Denial-of-service attack, Intelligence, Microsoft, Check Point, Android, Research, Apache, Maas, Anubis, Organization, Google Chrome, IOT, SAN, Medusa, Firefox, HTTP, Form, RAT, BASHLITE, PDF, CPR, SMS, Software, Cryptocurrency, Arms industry, Online shopping, Video game, Mobile phone, Surveying

Last month, researchers uncovered a substantial Qbot malspam campaign distributed through malicious PDF files attached to emails seen in multiple languages.

Key Points: 
  • Last month, researchers uncovered a substantial Qbot malspam campaign distributed through malicious PDF files attached to emails seen in multiple languages.
  • Researchers found instances of the malspam being sent in multiple different languages, which means organizations can be targeted worldwide.
  • Last month also saw the return of Mirai, one of the most popular IoT malwares.
  • This latest campaign follows an extensive report published by Check Point Research (CPR) on the prevalence of IOT attacks .

March 2023’s Most Wanted Malware: New Emotet Campaign Bypasses Microsoft Blocks to Distribute Malicious OneNote Files

Retrieved on: 
Monday, April 10, 2023
Trojan, Engineering education research, Remote desktop software, C&C, Health care, OS, Google Store, Intelligence, Microsoft OneNote, Microsoft, Check Point, Android, Research, Apache, Maas, Anubis, Organization, SAN, HTTP, RAT, Form, BASHLITE, CPR, SMS, Arms industry, Online shopping, Inspection, Mobile phone, Surveying, Emotet

Last month, researchers uncovered a new malware campaign for Emotet Trojan, which rose to become the second most prevalent malware last month.

Key Points: 
  • Last month, researchers uncovered a new malware campaign for Emotet Trojan, which rose to become the second most prevalent malware last month.
  • As reported earlier this year, Emotet attackers have been exploring alternative ways to distribute malicious files since Microsoft announced they will block macros from office files .
  • In the latest campaign, the attackers have adopted a new strategy of sending spam emails containing a malicious OneNote file.
  • The attackers then use the gathered information to expand the reach of the campaign and facilitate future attacks.

February 2023’s Most Wanted Malware: Remcos Trojan Linked to Cyberespionage Operations Against Ukrainian Government

Retrieved on: 
Thursday, March 9, 2023
RAR, Disclosure, CPR, Maas, Apache, Ukrtelecom, Android, Check Point, Intelligence, Russo-Ukrainian War, Health care, URI, SAN, BASHLITE, Research, RAT, Educational research, Directory, Denial-of-service attack, Form book, Emotet, Google Store, SMS, OS, Trojan, Anubis, C&C, Form, Organization, Remote desktop software, Arms industry, Online shopping, Mobile phone, Surveying

Meanwhile, Emotet Trojan and Formbook Infostealer climbed the ranking taking second and third place respectively, while Education/Research remained the most targeted industry.

Key Points: 
  • Meanwhile, Emotet Trojan and Formbook Infostealer climbed the ranking taking second and third place respectively, while Education/Research remained the most targeted industry.
  • The ongoing attacks are believed to be linked to cyberespionage operations due to the behavior patterns and offensive capabilities of the incidents.
  • However, the latest campaign used a more traditional route of attack, using phishing scams to obtain user information and extract data.
  • It’s important that all organizations and government bodies follow safe security practices when receiving and opening emails.

January 2023’s Most Wanted Malware: Infostealer Vidar Makes a Return while Earth Bogle njRAT Malware Campaign Strikes

Retrieved on: 
Monday, February 13, 2023
NjRAT, HTTP, Organization, Check Point, Microsoft Windows, Google Store, OS, Microsoft Outlook, DVR, BASHLITE, URL, CPR, Microsoft, Disclosure, Software, RAT, Educational research, Remote desktop software, Research, SMS, Google Chrome, Intelligence, Health care, AnyDesk, Android (operating system), SAN, SSL, Trojan, Anubis, Firefox, Android, PuTTY, Cryptocurrency, Online shopping, Mobile phone, Surveying

In January, infostealer Vidar was seen spreading through fake domains claiming to be associated with remote desktop software company AnyDesk.

Key Points: 
  • In January, infostealer Vidar was seen spreading through fake domains claiming to be associated with remote desktop software company AnyDesk.
  • Researchers also identified a major campaign dubbed Earth Bogle delivering the njRAT malware to targets across the Middle East and North Africa.
  • njRAT came in at number ten on the top malware list, having dropped off after September 2022.
  • “Once again, we’re seeing malware groups use trusted brands to spread viruses, with the aim of stealing personal identifiable information.

December 2022’s Most Wanted Malware: Glupteba Entering Top Ten and Qbot in First Place

Retrieved on: 
Friday, January 13, 2023
Injection, RAT, BASHLITE, URI, OS, Education, Botnet, TeamViewer, Anubis, Check Point, Research, Trojan, CPR, Directory, HTTP, Remote desktop software, Organization, Fuel injection, SMS, Health care, Intelligence, Software, Monolithic kernel, SAN, CPU, Disclosure, Google Store, Android, Engineering education research, Mobility as a service, Cryptocurrency, Mobile phone, Online shopping, Surveying, Emotet

Last month saw Glupteba Malware, an ambitious blockchain-enabled Trojan botnet, return to the top ten list for the first time since July 2022, moving into eighth place.

Key Points: 
  • Last month saw Glupteba Malware, an ambitious blockchain-enabled Trojan botnet, return to the top ten list for the first time since July 2022, moving into eighth place.
  • Although Google managed to cause major disruption to Glupteba operations in December 2021, it seems to have sprung back into action.
  • This means that a Glupteba infection could lead to a ransomware infection, data breach, or other security incidents.
  • Glupteba is also designed to steal user credentials and session cookies from infected machines.

November 2022’s Most Wanted Malware: A Month of Comebacks for Trojans as Emotet and Qbot Make an Impact

Retrieved on: 
Tuesday, December 13, 2022
Trojan, Microsoft Outlook, SAN, Law enforcement, USB, Research, Google Store, Google Chrome, Prevalence, Software, URI, Disclosure, HTTP, Hydra, Point, Intelligence, Firefox, Engineering education research, Android, Remote desktop software, Health care, Microsoft, Directory, Organization, Anubis, CPR, Check Point, SMS, TeamViewer, Mobility as a service, RAT, Weapon, Cryptocurrency, Video game console, Online shopping, Mobile phone, Surveying, Emotet, BASHLITE
Key Points: