Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Ransomeware can be a company’s worst nightmare. It’s not simply “getting a virus” or “clicking on a malicious email.” It is a systematic plan created by hackers to take your private information. Once they have a foothold in your private data, they use their position to blackmail you into submitting a payment. Technology to prevent ransomware has gotten better but attackers have gotten smarter and more methodical.

Criminal gangs are constantly improving their ways of delivering malicious code to victims. The delivery of this code is fundamental in order to subsequently install payloads that maximize the effect of exploitation and allows them to move laterally, and install further crimeware to quickly reap profits such as crypto mining, ransomware, data exfiltration, or even more sophisticated payloads such as banking fraud web injects.

The AEC industry is very familiar with good risk management. Whether it is managing safety risk, financial risk, legal risk, or project risk, AEC firms are adept at identifying, prioritizing and mitigating risk. Today, the risk of ransomware seems high, with a steady stream of news stories about the latest company to fall victim to an attack. But is it high for everyone in every industry?

AT&T Alien Labs™ has recently observed the presence of a new remote access trojan (RAT) malware in its threat analysis systems. The malware, known as FatalRAT, appears to be distributed via forums and Telegram channels, hidden in download links that attempt to lure the user via software or media articles.

The Splunk Threat Research team has researched two of the current payloads involved in these heinous campaigns against healthcare and first responder organizations such as Conti & REvil. In the first blog, we explored the REvil ransomware group and in this blog, we will explore Conti.

Given the spate of recent ransomware attacks, the latest of which occurred shortly before Independence Day, this topic is likely at the top of mind for most organizations. Understanding the fundamentals of security, and the most common ways ransomware gets installed, is a must if a company hopes to truly lay the groundwork required to build and operationalize their security program.

Major sporting events, like the World Cup or the Olympics, are usually targets of cybercriminals that take advantage of the event’s popularity. During the 2018 World Cup, for example, an infected document disguised as a “game prediction” delivered malware that stole sensitive data from its victims, including keystrokes and screenshots.