Keypoints :
AiTM phishing kits enhance traditional phishing by allowing real-time interception of communications.…Summary:
BlackSuit ransomware, detected by Darktrace since late 2023, has targeted various industries in the US, employing double extortion tactics to demand ransoms exceeding USD 500 million. The ransomware is believed to be a spinoff of Royal ransomware and has affected numerous organizations globally. The article outlines several cases of BlackSuit attacks, detailing methods of infiltration, data exfiltration, and the impact on victims.…Summary:
BlackSuit ransomware has emerged as a significant threat since late 2023, targeting various industries and employing double extortion tactics. With demands exceeding USD 500 million, it has affected numerous organizations globally. The ransomware’s sophisticated methods include exploiting VPN vulnerabilities and utilizing remote management tools for command-and-control activities.…Summary:
Since late 2023, Darktrace has been monitoring BlackSuit ransomware, a sophisticated variant of Royal ransomware that employs double extortion tactics. Targeting various industries, BlackSuit has caused significant disruptions and demanded ransoms exceeding USD 500 million. Darktrace emphasizes the urgent need for enhanced cybersecurity measures to combat such evolving threats.…Short Summary:
The article discusses the rise of Android malware, particularly focusing on banking trojans like Antidot and Triada, which target mobile devices to steal sensitive information. These malware strains employ various tactics to evade detection and compromise user accounts, leading to identity theft and financial loss.…
Short Summary:
This article discusses a vishing attack that targeted a remote employee in the hospitality sector, leading to unauthorized access to the customer’s network. Darktrace’s anomaly-based threat detection successfully identified and mitigated the attack, preventing data loss and reinforcing the importance of robust security measures against social engineering tactics.…
Short Summary:
In the first half of 2024, Darktrace Threat Research observed multiple cyber attack campaigns targeting vulnerabilities in internet-facing systems, particularly focusing on Fortinet’s FortiClient EMS. A critical SQL injection vulnerability (CVE-2023-48788) was exploited, allowing attackers to gain unauthorized access and conduct various malicious activities including reconnaissance, establishing command-and-control, lateral movement, and data exfiltration.…
Short Summary:
Fog ransomware, first detected in May 2024, is a new strain targeting US educational organizations. Darktrace’s investigation revealed a rapid attack cycle, utilizing compromised VPN credentials for initial access, followed by lateral movement, data exfiltration, and encryption of files. The ransomware employs common remote access tools to establish command-and-control communication, complicating detection efforts.…
Short Summary:
The article discusses the rapid exploitation of critical vulnerabilities, particularly focusing on CVE-2024-27198 in TeamCity On-Premises. Following its disclosure, threat actors quickly attempted to exploit this vulnerability, leading to significant security concerns for organizations using TeamCity. Darktrace’s AI capabilities were instrumental in detecting and responding to these exploitation attempts, highlighting the need for faster detection and response mechanisms in cybersecurity.…
Short Summary:
The article discusses the rapid exploitation of critical vulnerabilities, particularly focusing on CVE-2024-27198, a severe authentication bypass vulnerability in TeamCity On-Premises. Following its disclosure, threat actors quickly began exploiting this vulnerability, leading to significant security concerns for organizations using TeamCity. Darktrace’s Cyber AI Analyst detected various malicious activities linked to this vulnerability, including command-and-control (C2) connections and cryptocurrency mining attempts.…
Short Summary:
Darktrace reported the swift exploitation of a critical vulnerability (CVE-2024-27198) in JetBrains TeamCity, highlighting the urgent need for rapid detection and response to prevent supply chain attacks. Following its public disclosure, threat actors quickly attempted to exploit the vulnerability, leading to malicious activities such as unauthorized access and cryptocurrency mining on affected systems.…
WarmCookie, also known as BadSpace [2], is a two-stage backdoor tool that provides functionality for threat actors to retrieve victim information and launch additional payloads. The malware is primarily distributed via phishing campaigns according to multiple open-source intelligence (OSINT) providers.
Backdoor malware: A backdoor tool is a piece of software used by attackers to gain and maintain unauthorized access to a system.…
WarmCookie, also known as BadSpace [2], is a two-stage backdoor tool that provides functionality for threat actors to retrieve victim information and launch additional payloads. The malware is primarily distributed via phishing campaigns according to multiple open-source intelligence (OSINT) providers.
Backdoor malware: A backdoor tool is a piece of software used by attackers to gain and maintain unauthorized access to a system.…
WarmCookie is a backdoor malware strain that allows threat actors to gather sensitive system information, facilitating further cyber attacks against their targets. Between April and June 2024, Darktrace’s Threat Research team investigated instances of WarmCookie on multiple customer networks, read on to learn more about their findings and the tactics used by this threat.…