Open-source technologies and communities are a big part of the Rapid7 ethos, and that’s not by chance – it’s by design. Rapid7 believe that their Metasploit, AttackerKB, and Velociraptor initiatives help create a strong threat intelligence foundation as well as a secure digital future for all. Unfortunately, the same open-source tools that help security teams prioritize risk and enhance security outcomes can be misused by threat actors for nefarious purposes.
For example, Rapid7 researchers are aware that the digital forensics and incident response (DFIR) tool Velociraptor has been observed being leveraged by threat actors to execute a ransomware campaign. Rapid7 has implemented detections for this and other Velociraptor-related misuse, and is not impacted by this incident.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- So Unchill: Melting UNC2198 ICEDID to Ransomware Operations
February 25, 2021
Mandiant Advanced Practices (AP) closely tracks the shifting tactics, techniques, and procedures (TTPs) of financially motivated groups who severely disrupt organizations with ransomware. In May 2020, FireEye released a blog post detailing intrusion tradecraft associated with the deployment of MAZE. As of publishing this post, we track 11 distinct groups that have deployed MAZE ransomware. ...
- Security Risks for Audio-centric Social Media Apps
February 24, 2021
The use of audio-only social media apps such as ClubHouse, Riffr, Listen, Audlist, and HearMeOut has been steadily capturing the interest of more and more users over the recent years. But just like any other technology, apps like these are not immune from security risks. Furthermore, most of these risks can be automated, helping attackers ...
- COVID pandemic causes spike in cyberattacks against hospitals, medical companies
February 24, 2021
Cyberattacks against healthcare organizations have doubled during the coronavirus pandemic, research suggests. On Wednesday, IBM released the company’s annual X-Force Threat Intelligence Index, which analyzed data from the previous year to track the evolution of new threats, malware development, and cyberattacks. The 2021 index includes some notable trends, perhaps the most significant being how many threat actors ...
- CISA Alert (AA21-055A): Exploitation of Accellion File Transfer Appliance
February 24, 2021
This joint advisory is the result of a collaborative effort by the cybersecurity authorities of Australia, This activity has impacted organizations globally, including those in Australia, New Zealand, Singapore, the ...
- APT32 state hackers target human rights defenders with spyware
February 23, 2021
Vietnam-backed hacking group APT32 has coordinated several spyware attacks targeting Vietnamese human rights defenders (HRDs) between February 2018 and November 2020. The state hackers also pointed their attacks at a nonprofit (NPO) human rights organization from Vietnam, as Amnesty International’s Security Lab revealed (full report here). The spyware used by the APT32 hackers allowed them to read ...
- Airplane maker Bombardier data posted on ransomware leak site following FTA hack
February 23, 2021
Canadian airplane manufacturer Bombardier has disclosed today a security breach after some of its data was published on a dark web portal operated by the Clop ransomware gang. “An initial investigation revealed that an unauthorized party accessed and extracted data by exploiting a vulnerability affecting a third-party file-transfer application, which was running on purpose-built servers isolated ...