Yesterday, the Biden Administration unveiled a new initiative to help improve the cybersecurity stance of the industrial control systems (ICS) that manage the nation’s critical infrastructure. As recent events (like the Colonial Pipeline ransomware incident) have shown, disruptions to critical infrastructure can have serious, potentially even fatal consequences. In short, this … [Read more...]
Breaking Alert: MSP Targeted Ransomware Attack (Kaseya Supply Chain Attack)
Managed Service Providers (MSPs), especially ones using Kaseya VSA, should read this and take action as soon as possible. High-level Summary: On Friday, July 2, some MSPs using the on-premises version of Kaseya VSA suffered ransomware attacks that trickled down to their customers. Kaseya says around 1500 companies (so far), many customers of MSPs, have been affected and the … [Read more...]
Understanding How Rising Cryptocurrency Prices Affect Cybersecurity
In the past few months there has been a dramatic increase in cryptocurrency prices. In fact, the crypto market value topped $2 trillion for the first time in history and bitcoin, the largest form of digital currency, hit a record high of more than $61,000, rallying over 100% in 2021 alone. As a result of growing crypto prices, individual investors and businesses have become … [Read more...]
Deobfuscating a Dropper for a ZLoader Trojan Variant
On March 18th, 2021, the DNSWatch Tailored Analysis Team received an email from an internal WatchGuard employee who deemed the email as suspicious. The initial email included an attachment with the title Attachment_57904. A DNSWatch Analyst performed an initial assessment of the file in search of any malicious indicators or behaviors only to discover that the file was a heavily … [Read more...]
Alleged Acer REvil Ransomware Infection Breaks Record with $50+ Million Demand
The REvil ransomware group has come to prominence recently by infecting networks around the world with ransomware and demanding large sums of money from their victims. The group commonly posts proof of their successful ransomware efforts on their blog, called Happy Blog, where one of their most recent victims, Acer, has appeared on the list. Acer has yet to confirm the … [Read more...]
