Open-source technologies and communities are a big part of the Rapid7 ethos, and that’s not by chance – it’s by design. Rapid7 believe that their Metasploit, AttackerKB, and Velociraptor initiatives help create a strong threat intelligence foundation as well as a secure digital future for all. Unfortunately, the same open-source tools that help security teams prioritize risk and enhance security outcomes can be misused by threat actors for nefarious purposes.
For example, Rapid7 researchers are aware that the digital forensics and incident response (DFIR) tool Velociraptor has been observed being leveraged by threat actors to execute a ransomware campaign. Rapid7 has implemented detections for this and other Velociraptor-related misuse, and is not impacted by this incident.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Russian Authorities Arrest 96 in Major Money Laundering Operation
October 3, 2024
In a coordinated effort against cybercrime-related money laundering, Russian authorities have made nearly 100 arrests in connection with an extensive criminal operation involving cryptocurrency exchanges and illegal financial activities. The arrests were part of a nationwide crackdown tied to the UAPS payment system and the Cryptex cryptocurrency exchanges, both of which have been linked to cybercriminals ...
- News agency AFP notifies French authorities of potential data breach
October 2, 2024
Agence France-Presse (AFP), one of the world’s largest news organizations, has notified French regulators of a potential data breach following a cyberattack last week. The AFP, which has an editorial presence in 260 cities across 150 countries, said in a brief statement on Saturday that it detected an “attack on its systems” that affected part of ...
- Key Group: another ransomware group using leaked builders
October 1, 2024
Key Group, or keygroup777, is a financially motivated ransomware group primarily targeting Russian users. The group is known for negotiating with victims on Telegram and using the Chaos ransomware builder. The first public report on Key Group’s activity was released in 2023 by BI.ZONE, a cybersecurity solutions vendor: the attackers drew attention when they left an ...
- Global Cyber Attacks to Double from 2020 to 2024
October 1, 2024
On the first day of Cybersecurity Awareness Month in the U.S., research has revealed that the number of significant global cyber attacks in 2024 will be double that of 2020. A new report from insurer QBE, Connected Business: digital dependency fuelling risk, predicts that organisations will be hit by 211 disruptive and destructive cyber attacks this ...
- UK unmasks LockBit ransomware affiliate as high-ranking hacker in Russia state-backed cybercrime gang
October 1, 2024
The U.K.’s National Crime Agency has linked a long-standing affiliate of the LockBit ransomware group to the notorious Russia-backed Evil Corp, a cybercrime gang with links to the Russian government. The NCA said on Tuesday that it had unmasked the LockBit affiliate, known as “Beverley,” as Russian national Aleksandr Ryzhenkov, who British authorities believe to be ...
- Breaking Boundaries: Investigating Vulnerable Drivers and Mitigating Risks
September 30, 2024
Have you ever wondered why there are so many vulnerable drivers and what might be causing them to be vulnerable? Do you want to understand why some drivers are prone to crossing security boundaries and how we can stop that? Vulnerable drivers not only put the system where they are installed at risk, but they can ...