Who is the Network Access Broker ‘Wazawaka?’

Credit to Author: BrianKrebs| Date: Wed, 12 Jan 2022 05:17:31 +0000

In a great many ransomware attacks, the criminals who pillage the victim’s network are not the same crooks who gained the initial access to the victim organization. More commonly, the infected PC or stolen VPN credentials the gang used to break in were purchased from a cybercriminal middleman known as an initial access broker. This post examines some of the clues left behind by Wazawaka, the handle chosen by a major access broker in the Russian-speaking cybercrime scene.

Read more

Who Is the Network Access Broker ‘Babam’?

Credit to Author: BrianKrebs| Date: Fri, 03 Dec 2021 21:53:44 +0000

Rarely do cybercriminal gangs that deploy ransomware gain the initial access to the target themselves. More commonly, that access is purchased from a cybercriminal broker who specializes in stealing remote access credentials — such as usernames and passwords needed to remotely connect to the target’s network. In this post we’ll look at the clues left behind by “Babam,” the handle chosen by a cybercriminal who has sold such access to ransomware groups on many occasions over the past few years.

Read more

Protect yourself from BlackMatter ransomware: Advice issued

Credit to Author: Pieter Arntz| Date: Tue, 19 Oct 2021 16:33:10 +0000

Due to an increased activity of the BlackMatter ransomware group against US-based entities, the FBI, CISA, and NSA offer advice to better protect against these attacks.

Categories: Ransomware

Tags:

(Read more…)

The post Protect yourself from BlackMatter ransomware: Advice issued appeared first on Malwarebytes Labs.

Read more

Patch now! Microsoft Exchange is being attacked via ProxyShell

Credit to Author: Pieter Arntz| Date: Mon, 23 Aug 2021 13:21:08 +0000

A new threat actor is using ProxyShell vulnerabilities and PetiPotam attacks to drop the LockFile ransomware.

Categories: Exploits and vulnerabilities

Tags:

(Read more…)

The post Patch now! Microsoft Exchange is being attacked via ProxyShell appeared first on Malwarebytes Labs.

Read more

Patch now! Microsoft Exchange attacks target ProxyShell vulnerabilities

Credit to Author: Pieter Arntz| Date: Mon, 23 Aug 2021 13:21:08 +0000

A new threat actor is using ProxyShell vulnerabilities and PetiPotam attacks to drop the LockFile ransomware.

Categories: Exploits and vulnerabilities

Tags:

(Read more…)

The post Patch now! Microsoft Exchange attacks target ProxyShell vulnerabilities appeared first on Malwarebytes Labs.

Read more

BlackMatter, a new ransomware group, claims link to DarkSide, REvil

Credit to Author: Malwarebytes Labs| Date: Wed, 28 Jul 2021 21:08:21 +0000

BlackMatter is only one of a handful of new ransomware variants that started its operations not long ago.

Categories: Ransomware

Tags:

(Read more…)

The post BlackMatter, a new ransomware group, claims link to DarkSide, REvil appeared first on Malwarebytes Labs.

Read more

How ransomware gangs are connected, sharing resources and tactics

Credit to Author: Malwarebytes Labs| Date: Mon, 12 Apr 2021 11:59:03 +0000

New research by Analyst1 sheds light on the cooperation between some of the ransomware gangs dominating the cybersecurity news.

Categories: Ransomware

Tags:

(Read more…)

The post How ransomware gangs are connected, sharing resources and tactics appeared first on Malwarebytes Labs.

Read more

A week in security (August 3 – 9)

Credit to Author: Malwarebytes Labs| Date: Mon, 10 Aug 2020 15:30:00 +0000

A roundup of cybersecurity news from August 3 – 9, including a look at business email compromises, a new data privacy bill, and the Inter skimming attack.

Categories:

Tags:

(Read more…)

The post A week in security (August 3 – 9) appeared first on Malwarebytes Labs.

Read more