Open-source technologies and communities are a big part of the Rapid7 ethos, and that’s not by chance – it’s by design. Rapid7 believe that their Metasploit, AttackerKB, and Velociraptor initiatives help create a strong threat intelligence foundation as well as a secure digital future for all. Unfortunately, the same open-source tools that help security teams prioritize risk and enhance security outcomes can be misused by threat actors for nefarious purposes.
For example, Rapid7 researchers are aware that the digital forensics and incident response (DFIR) tool Velociraptor has been observed being leveraged by threat actors to execute a ransomware campaign. Rapid7 has implemented detections for this and other Velociraptor-related misuse, and is not impacted by this incident.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Singapore law firm Shook Lin & Bok hit by cyber attack; allegedly paid ransom
May 5, 2024
Singapore law firm Shook Lin & Bok was hit by a ransomware attack in April, and the incident is now under investigation by the local authorities. In response to queries from The Straits Times, the firm said in a statement on May 2 that the incident was discovered on April 9, and it immediately engaged a ...
- U.K., U.S. and Canadian cyber authorities warn of pro-Russia hacktivist attacks on OT systems
May 3, 2024
The U.K.’s National Cyber Security Centre (NCSC) and other international cyber authorities, including the Federal Bureau of Investigation (FBI), have warned about pro-Russia hacktivist attacks targeting providers of operational technology. OT is hardware and software that interacts with the physical environment and includes smart water metres, automated irrigation systems, dam monitoring systems, smart grids and IoT ...
- Graph: Growing number of threats leveraging Microsoft API
May 2, 2024
An increasing number of threats have begun to leverage the Microsoft Graph API, usually to facilitate communications with command-and-control (C&C) infrastructure hosted on Microsoft cloud services. The technique was most recently used in an attack against an organization in Ukraine, where a previously undocumented piece of malware used the Graph API to leverage Microsoft OneDrive for ...
- Watch out for tech support scams lurking in sponsored search results
May 2, 2024
A campaign using sponsored search results is targeting home users and taking them to tech support scams. Sponsored search results are the ones that are listed at the top of search results and are labelled “Sponsored”. They’re often ads that are taken out by brands who want to get people to click through to their website. ...
- Scaly Wolf’s new loader: the right tool for the wrong job
May 2, 2024
The BI.ZONE Threat Intelligence team has uncovered a fresh campaign by the group targeting Russian and Belarusian organizations. The threat actors are distributing phishing emails under the guise of a federal agency. The emails have a legitimate document as an attachment. It aims to lull the recipient’s vigilance and prompt them to open the other file, ...
- UnitedHealth data breach caused by lack of multifactor authentification
May 1, 2024
Hackers breached the computer system of a UnitedHealth Group subsidiary and released ransomware after stealing someone’s password, CEO Andrew Witty testified Wednesday on Capitol Hill. The cybercriminals entered through a portal that didn’t have multifactor authentification (MFA) enabled. During an hourslong congressional hearing, Witty told lawmakers that the company has not yet determined how many patients ...