In the past 2 weeks, CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have released a joint Cybersecurity Advisory (CSA) alerting organizations of increased Conti ransomware attacks. Also, following a recent Incident Response, McAfee Enterprise‘s Advanced Threat Research (ATR) team worked with its Professional Services IR team to support a case that initially started as a malware incident but ultimately turned out to be a long-term cyber-attack.

For more articles, check out our #onpatrol4malware blog.

CISA, FBI, and NSA Release Joint Cybersecurity Advisory on Conti Ransomware

Source: CISA

CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have released a joint Cybersecurity Advisory (CSA) alerting organizations of increased Conti ransomware attacks. Read more.

Hide and Seek | New Zloader Infection Chain Comes With Improved Stealth and Evasion Mechanisms

Source: Sentinel Labs

ZLoader (also known as Terdot) was first discovered in 2016 and is a fork of the infamous Zeus banking trojan. It is still under active development. Read more.

Operation ‘Harvest’: A Deep Dive into a Long-term Campaign

Source: McAfee

Following a recent Incident Response, McAfee Enterprise‘s Advanced Threat Research (ATR) team worked with its Professional Services IR team to support a case that initially started as a malware incident but ultimately turned out to be a long-term cyber-attack. Read more.

Protecting from ransomware

Source: certnz

Ransomware attacks are becoming increasingly common with attackers using more sophisticated methods to try and get their hands on your data. This guide looks at how ransomware attacks happen and recommends steps you and your IT provider can take to help protect your business. Read more.

Vermilion Strike: Linux and Windows Re-implementation of Cobalt Strike

Source: WeLiveSecurity

In August 2021, Intezer discovered a fully undetected ELF implementation of Cobalt Strike’s beacon, which we named Vermilion Strike. Read more.

Cobalt Strike: Detect this Persistent Threat

Source: Intezer

This blog explains Cobalt Strike and practical steps to take if you believe that you are being targeted by Cobalt Strike or already compromised. They demonstrate some real-world examples of Cobalt Strike delivery and steps to detect each. Read more.