Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Zloader returns from hiatus, VexTrio brokers malware for over 60 affiliates, and Kasseika ransomware launches BYOVD attacks.

New data for Q4 of 2023 reveals a sizable shift in the cyber threat landscape, with serious implications regarding ransomware and social engineering attacks targeting both the largest and smallest organizations worldwide. The good news is that ransoms continue to decline – according to the most recent Quarterly Ransomware Report from ransomware response vendor Coveware.

While most end users are well-acquainted with the dangers of traditional phishing attacks, such as those delivered via email or other media, a large proportion are likely unaware that Microsoft Teams chats could be a phishing vector. Most Teams activity is intra-organizational, but Microsoft enables External Access by default, which allows members of one organization to add users outside the organization to their Teams chats.

The Play ransomware group is one of the most successful ransomware syndicates today. All it takes is a quick peek with a disassembler to know why this group has become infamous. This is because reverse engineering the malware would be a Sisyphean task full of anti-analysis techniques. That said, it might come as a surprise that the malware crashes quite frequently when running.

Check Point’s review of ransomware shows that the percent of organizations worldwide hit by this greatest of cyberthreats rose by a whopping 33% in 2023. In 2022, 1 in 13 organizations globally had been the victim of a ransomware attack. According to the latest Check Point Research, that ratio worsened to just 1 in 10 in 2023. That represents 60,000 attempted attacks per organization throughout the year.

With the digitalization of patient data, the healthcare industry has significantly improved and transformed healthcare processes. This shift to digital data has brought many benefits, like improved quality of care, reduction in errors, and improved communication. However, the shift to digitalization has also led to the exponential collection of data, which is primarily unstructured. To put things in perspective, a typical healthcare and life sciences organization manages over 32.6 million sensitive files.

AZORult stealer was first discovered in 2016 and is regarded as a high-risk Trojan-type virus created to collect private data. Over time,the AZORult stealer evolved into a free, open-source program. We discovered advertising with instructions for installing the stealer in “TheJavaSea” and “Nulled” within the prominent Darknet forums. AZORult, one of the most dominant stealers, has taken the place of honor among the top 5 stealers worldwide in the last couple of years.

When it comes to the evolving cybersecurity landscape of 2024, ransomware presents a unique challenge for professionals. Emerging threats underscore the need to revisit defense strategies and grasp the legal ramifications of successful ransomware attacks.

Researchers at Malwarebytes warn that a malvertising campaign is targeting Chinese-speaking users with phony ads for encrypted messaging apps. The ads impersonate apps that are restricted in China, such as Telegram or LINE. “The threat actor is abusing Google advertiser accounts to create malicious ads and pointing them to pages where unsuspecting users will download Remote Administration Trojan (RATs) instead,” Malwarebytes says.

A pair of round number milestones has made me deeply reflective about my life and that of Rubrik. In October, I turned 50. And ten years ago today, my Co-Founders and I started Rubrik. I want to talk more about the second landmark first because it’s not just a personal watershed but a notable one as well for our customers, partners, colleagues, and investors. Let me take you back to Monday, January 27, 2014, which seems like yesterday and long ago at the same time.