Unlike other ransomware groups, this ransomware family doesn’t have an active leak site; instead it prefers to direct the impacted victim to negotiations through TOX chat and onion-based messenger instances.
Recently, during December 2021, Unit 42 researchers received various Dridex samples, which were exploiting XLL and XLM 4.0 in combination with Discord and OneDrive to download the final payload.
It employs two distinctive anti-analysis techniques. The first is API function hashing, a known trick to obfuscate which functions are called. The second is an opaque predicate, a technique used for control flow obfuscation.
Containers can escape regardless of whether they run Java applications, or whether their underlying host runs Bottlerocket, AWS's hardened Linux distribution for containers.
Most organizations are unprepared for an attack through the exploitation of weak IAM policies. Adversaries target cloud IAM credentials and are ultimately able to collect these credentials as part of their standard operating procedures.
Researchers have identified a new version of SolarMarker, a malware family known for its infostealing and backdoor capabilities, mainly delivered through search engine optimization (SEO) manipulation to convince users to download malicious documents.
A large number of IP cameras and surveillance systems used in enterprise networks were recently discovered to be vulnerable to remote code execution and information leakage due to CVE-2021-28372.
An attacker could have exploited these issues to escalate privileges and become a "shadow administrator" with the ability to covertly exfiltrate secrets, deploy malware or cryptominers, and disrupt workloads.
As early as December 21, 2021, researchers from Palo Alto Networks' Unit 42 observed a new infection method for the highly prevalent malware family Emotet involving thread hijacking.
Researchers found that 80% of the 320 honeypots were compromised within 24 hours and all of the honeypots were compromised within a week, with some of them facing hundreds of attacks.
Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.