Blog

Threat actors were active as ever during December 2020, ending an already difficult year with a major ramification. TA542 Back with a Vengence  Let’s start with the threat group TA542 (aka Mummy Spider, ATK 104, and Mealybug) that came back after a month and a half break. The group relaunched its Emotet botnet, delivering documents with malicious macros that once enabled, connected to seven malicious domains to download the Emotet payload. Some of the victims included Lithuania's National.

A few days before Christmas, the domain registrar and hosting service GoDaddy came under fire in the press and social media for phish-testing their users with a fake email which made it look like they were getting a US$650 bonus for the holidays.  While the methodology used can and does need to be done better in future, the test itself raises some serious questions for corporate cybersecurity professionals and regular users alike.   Here's What Happened: GoDaddy's cybersecurity team sent an.

Update as of December 17, 2020 A consortium of industry vendors including Microsoft and Google have actively been working to circumvent the ability of SUNBURST to successfully activate and attack. Microsoft was able to gain possession and control over a key domain - avsvmcloud[.]com - which the SUNBURST attack binaries use to get Command and Control (C&C) information. Without this C&C connectivity, the SUNBURST system remains in an inactive state if it has not yet become active within an.

Is It Time For CEOs To Be Personally Liable For Cyber-Physical Security Incidents? In a recent Gartner press release written in an article September 1st Gartner predicts 75% of CEOs will be personally liable for cyber-physical security incidents by 2024. The famous last words “I wasn’t aware” or “ Oh that’s our CISO, they handle this” can no longer be handed that hall pass. What’s that old saying about ignorance of the law? While ignorance is bliss said Cypher in the movie Matrix, we can no.

Threat actors keep stepping up their game in November 2020 PyXie (aka GOLDEN DUPONT) PyXie has conducted successful ransomware campaigns since 2018, counts healthcare, educational, government, and technology organizations and companies among its favorite targets. In its attacks, the group used the Vatet loader which was created by combining and altering the original application of various open-source tools, turning into a highly-effective attack tool. The loader executes payloads such as Cobalt.

During October 2020, there were some major developments in cybercrime, with ransomware groups stepping up their game and new malware strategies being used. In this monthly wrap-up, we will have a closer look at threat actors Egregor and Trickbot, malware GravityRAT, MosaicRegressor, and IPStorm. Egregor Posts Stolen Data Ransomware groups stepped up their game. The Egregor ransomware group started posting stolen data belonging to Barnes & Noble customers on its dark web domain when the US.

Cybersecurity can be a tricky thing. Gaining information about an environment through internal and external testing can take a wide variety of forms and generate an overwhelming amount of data in the process. From Pen-Testing to Vulnerability Scanning, from Incident Response exercises to Breach and Attack Simulation; the details generated on every aspect of a cyber infrastructure can outpace the ability of the humans who have to make decisions to properly and completely ingest and analyze the.

In September 2020, cybercrime caused the death of an innocent victim. A patient suffering from a life-threatening illness had to be turned away from a hospital in the city of Düsseldorf since the systems had been blocked due to a ransomware attack. This forced the ambulance transporting her, to drive to a hospital in the nearby city of Wuppertal. The patient died on the way. The threat actors breached the hospital using a hole in Citrix software. Hospitals remain a popular target, even in.

Editor's note: Due to the sensitive nature of the topic of this post, Cymulate will not be placing our usual advertising information inside and at the end of the post. We stand with the hospital, emergency services workers, and the family of the victim in recognizing the gravity of this issue. Contact information for Cymulate can be found at the top and bottom of every page of our site, and so we will be presenting this post as-is. Unfortunately, the time has come to answer a question I get on.

A moment of candor - at first look I didn’t get the National Institute of Standards and Technology (NIST) Cyber Security Framework. It just looked like a list of sensible things to do. Being in the Cyber industry for more years than I care to mention, I have seen it grow from its infancy. Well, I was fortunate to play around with Checkpoint Firewall-1 when it was released as a set of floppies and ran on Solaris. Alongside the amazing development of the cyber security industry I also witnessed.