The Active Adversary Playbook 2022
Credit to Author: Tilly Travers| Date: Tue, 07 Jun 2022 11:02:43 +0000
Cyberattacker behaviors, tactics and tools seen on the frontline of incident response during 2021
Read moreCredit to Author: Tilly Travers| Date: Tue, 07 Jun 2022 11:02:43 +0000
Cyberattacker behaviors, tactics and tools seen on the frontline of incident response during 2021
Read moreCredit to Author: Gabor Szappanos| Date: Tue, 29 Mar 2022 11:26:28 +0000
In the wake of December 2021 exposure of a remote code execution vulnerability (dubbed “Log4Shell”) in the ubiquitous Log4J Java logging library, we tracked widespread attempts to scan for and exploit the weakness—particularly among cryptocurrency mining bots. The vulnerability affected hundreds of software products, making it difficult for some organizations to assess their exposure. One […]
Read moreCredit to Author: Pieter Arntz| Date: Fri, 18 Mar 2022 22:58:48 +0000
Exotic Lily is the name given to a group of cybercriminals that specialized as an initial access broker, serving groups like Conti and Diavol ransomware.
The post Meet Exotic Lily, access broker for ransomware and other malware peddlers appeared first on Malwarebytes Labs.
Read moreCredit to Author: BrianKrebs| Date: Wed, 12 Jan 2022 05:17:31 +0000
In a great many ransomware attacks, the criminals who pillage the victim’s network are not the same crooks who gained the initial access to the victim organization. More commonly, the infected PC or stolen VPN credentials the gang used to break in were purchased from a cybercriminal middleman known as an initial access broker. This post examines some of the clues left behind by Wazawaka, the handle chosen by a major access broker in the Russian-speaking cybercrime scene.
Read more