Open-source technologies and communities are a big part of the Rapid7 ethos, and that’s not by chance – it’s by design. Rapid7 believe that their Metasploit, AttackerKB, and Velociraptor initiatives help create a strong threat intelligence foundation as well as a secure digital future for all. Unfortunately, the same open-source tools that help security teams prioritize risk and enhance security outcomes can be misused by threat actors for nefarious purposes.
For example, Rapid7 researchers are aware that the digital forensics and incident response (DFIR) tool Velociraptor has been observed being leveraged by threat actors to execute a ransomware campaign. Rapid7 has implemented detections for this and other Velociraptor-related misuse, and is not impacted by this incident.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Surprising 3 Million Hacked Toothbrushes Story Goes Viral – Is It True?
February 7, 2024
A news story about the hacking of three million smart toothbrushes to create a massive botnet used to launch a distributed denial of service cyberattack against a Swiss organization has gone viral. However, many in the information security industry, including the author, have trouble finding evidence to support the story. Searching Google reveals that everything from ...
- Every tenth Russian faced cybercriminals in 2023 – Bank of Russia
February 7, 2024
Every tenth Russian respondent experienced cybercrime, with losses not exceeding 20,000 rubles (around $220), according to the published results of a survey conducted by the Bank of Russia in 2023. “Last year, there were more people who faced cybercriminals, with every tenth person becoming a victim. Typically, the loss was less than 20,000 rubles. Victims usually ...
- Known ransomware attacks up 68% in 2023
February 6, 2024
Today, Malwarebytes released its 2024 State of Malware report, detailing six cyberthreats that resource-constrained IT teams should pay attention to in 2024. Top of the list is “Big Game” ransomware, the most serious cyberthreat to businesses all around the world. Big game attacks extort vast ransoms from organizations by holding their data hostage—either with encryption, the ...
- Iran accelerates cyber ops against Israel from chaotic start
February 6, 2024
Since Hamas attacked Israel in October 2023, Iranian government-aligned actors have launched a series of cyberattacks and influence operations (IO) intended to help the Hamas cause and weaken Israel and its political allies and business partners. Many of Iran’s immediate operations after October 7 were hasty and chaotic – indicating it had little or no coordination ...
- AnyDesk confirms cyber attack, revokes certificates as hackers infiltrate systems
February 5, 2024
AnyDesk has confirmed it suffered a cyberattack in which hackers were able to compromise its production systems. In a press release published on the company’s website, the remote access provider said it spotted the attack after seeing “indications of an incident” in some of its systems. Subsequent investigation uncovered compromise in the company’s production systems, it ...
- Python Info-stealer Distributed by Malicious Excel Document
February 5, 2024
In January 2024, FortiGuard Labs obtained an Excel document distributing an info-stealer. From the fingerprints in this attack, it is related to a Vietnamese-based group that was first reported on in August 2023 and again in September. The attack stages before the info-stealer are simple downloaders that increase the difficulty of detection. This article introduces each stage ...