Ransomware and malware, such as GuLoader, have been very active in campaigns against security. GuLoader is used to deliver malware with the help of cloud services such as Google Drive. The delivery of malware through cloud drives is one of the fastest-growing trends of 2020. Be informed and read on these InfoSec articles.

For more articles, check out our #onpatrol4malware blog.


GuLoader? No, CloudEyE.

Source: Checkpoint

GuLoader has been very actively distributed in 2020 and is used to deliver malware with the help of cloud services such as Google Drive. The delivery of malware through cloud drives is one of the fastest growing trends of 2020. Read more.


VALAK INSIGHTS: Valak Malware and the Connection to Gozi Loader ConfCrew

Source: SentinelLABS

Valak uses multi-stage, script-based malware utilized in campaigns reminiscent of Gozi ConfCrew. The overlapping campaign structure has led to some sandbox reports misidentifying Valak as Gozi. Read more.

malicious Microsoft Office documents

TA410: The Group Behind LookBack Attacks Against U.S. Utilities Sector Returns with New Malware

Source: Proofpoint

At the same time as the LookBack campaigns, Proofpoint researchers identified a new, additional malware family named FlowCloud that was also being delivered to U.S. utilities providers. Read more.

malicious Microsoft Office documents

Dark Basin: Uncovering a Massive Hack-For-Hire Operation

Source: The Citizen Lab

Dark Basin is a hack-for-hire group that has targeted thousands of individuals and hundreds of institutions. Targets include advocacy groups and journalists, elected and senior government officials, hedge funds, and multiple industries. Read more.

malicious Microsoft Office documents

Gamaredon group grows its game

Source: WeLiveSecurity

Active APT group adds cunning remote template injectors for Word and Excel documents. ESET researchers have discovered several previously undocumented post-compromise tools used by the highly active Gamaredon threat group in various malicious campaigns. Read more.


New Ransomware-as-a-Service Tool ‘Thanos’ Shows Connections to ‘Hakbit’

Source: Recorded Future

Insikt Group uncovered a new family of ransomware for sale on Exploit Forum called Thanos, developed by a threat actor with the alias “Nosophoros.” Read more.


Tor2Mine is up to their old tricks — and adds a few new ones

Source: Cisco Talos

Cisco Talos has identified a resurgence of activity by Tor2Mine, a cryptocurrency mining group that was likely last active in 2018. Tor2Mine is deploying additional malware to harvest credentials and steal more money. Read more.


Imperva Takes on its Largest Recorded Account Takeover Attack on a Single Company

Source: Imperva

Over the course of 60 hours from midnight on October 28, ATO team’s monitoring systems detected more than 44 million ATO attempts on the login page of a particular online banking service. Read more.

malicious Microsoft Office documents

Power company Enel Group suffers Snake Ransomware attack

Source: Bleeping Computer

European energy company giant Enel Group suffered a ransomware attack that impacted its internal network. The incident is the work of EKANS (SNAKE) ransomware operators, the group that also targeted Honda. Read more.


TAU Threat Analysis: Relations to Hakbit Ransomware

Source: Carbon Black

During a recent investigation into Hakbit ransomware, TAU (Threat Analysis Unit) decided to hit the “pause” button and take some time out to investigate this particular ransomware variant. Read more.

malicious Microsoft Office documents

Cobalt: tactics and tools update

Source: Positive Technologies

The PT Expert Security Center (PT ESC) has been monitoring the Cobalt group since 2016. Currently the group targets financial organizations around the world. Two years ago their attacks caused over $14 million in damage. Read more.