Open-source technologies and communities are a big part of the Rapid7 ethos, and that’s not by chance – it’s by design. Rapid7 believe that their Metasploit, AttackerKB, and Velociraptor initiatives help create a strong threat intelligence foundation as well as a secure digital future for all. Unfortunately, the same open-source tools that help security teams prioritize risk and enhance security outcomes can be misused by threat actors for nefarious purposes.
For example, Rapid7 researchers are aware that the digital forensics and incident response (DFIR) tool Velociraptor has been observed being leveraged by threat actors to execute a ransomware campaign. Rapid7 has implemented detections for this and other Velociraptor-related misuse, and is not impacted by this incident.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- FBI: Ranzy Locker ransomware hit at least 30 US companies this year
October 26, 2021
The FBI said on Monday that Ranzy Locker ransomware operators had compromised at least 30 US companies this year from various industry sectors. “Unknown cyber criminals using Ranzy Locker ransomware had compromised more than 30 US businesses as of July 2021,” the FBI said in a TLP: WHITE flash alert. “The victims include the construction subsector of ...
- What To Expect in a Ransomware Negotiation
October 26, 2021
We all know the risk of a ransomware attack. Headlines of the latest victims might haunt the dreams of chief information security officers (CISOs) and security operations centers (SOCs) due to the multi-extortion models used by modern ransomware groups. We wanted to get a better understanding of what victims go through during the aftermath and recovery ...
- Money launderers for Russian hacking groups arrested in Ukraine
October 26, 2021
The Ukrainian cybercrime police force has arrested members of a group of money launderers and hackers at the request of U.S. intelligence services. In a press release by Ukraine’s SSU, law enforcement says the individuals engaged in large-scale international operations where they laundered tens of millions of USD for various hacking groups. To engage with their “clients,” ...
- Kaspersky APT trends report Q3 2021
October 26, 2021
The SolarWinds incident reported last December stood out because of the extreme carefulness of the attackers and the high-profile nature of their victims. The evidence suggests that the threat actor behind the attack, DarkHalo (aka Nobelium), had spent six months inside OrionIT’s networks to perfect their attack. In June, more than six months after DarkHalo had ...
- Almost 100 Organizations in Brazil Targeted with Banking Trojan
October 26, 2021
Up to 100 organizations in Brazil have been targeted with a banking Trojan since approximately late August 2021, with the most recent activity seen in early October. This campaign appears to be a continuation of activity that was published about by researchers at ESET in 2020. The attackers appeared to be undeterred by exposure and Symantec, ...
- NOBELIUM targeting delegated administrative privileges to facilitate broader attacks
October 25, 2021
The Microsoft Threat Intelligence Center (MSTIC) has detected nation-state activity associated with the threat actor tracked as NOBELIUM, attempting to gain access to downstream customers of multiple cloud service providers (CSP), managed service providers (MSP), and other IT services organizations (referred to as “service providers” for the rest of this blog) that have been granted ...