Open-source technologies and communities are a big part of the Rapid7 ethos, and that’s not by chance – it’s by design. Rapid7 believe that their Metasploit, AttackerKB, and Velociraptor initiatives help create a strong threat intelligence foundation as well as a secure digital future for all. Unfortunately, the same open-source tools that help security teams prioritize risk and enhance security outcomes can be misused by threat actors for nefarious purposes.
For example, Rapid7 researchers are aware that the digital forensics and incident response (DFIR) tool Velociraptor has been observed being leveraged by threat actors to execute a ransomware campaign. Rapid7 has implemented detections for this and other Velociraptor-related misuse, and is not impacted by this incident.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Industrial Remote Access: Why It’s Not Something to Fear
February 18, 2021
Increased uptime? Check. Better access to outside expertise? Check. Improved first-time-fix rate? Check. These are just some of the benefits of industrial remote access. Yet many customers are reluctant to embrace remote access. Not only that, but incidents such as the breach at the Oldsmar water utility might increase organizations’ reluctance to use remote access. Using Oldsmar ...
- Shining a Light on SolarCity: Practical Exploitation of the X2e IoT Device
February 17, 2021
In 2019, Mandiant’s Red Team discovered a series of vulnerabilities present within Digi International’s ConnectPort X2e device, which allows for remote code execution as a privileged user. Specifically, Mandiant’s research focused on SolarCity’s (now owned by Tesla) rebranded ConnectPort X2e device, which is used in residential solar installations. Mandiant performs this type of work both ...
- Manufacturing Cybersecurity Case Studies
February 17, 2021
Manufacturing is a large industry that plays an important role in the world economy and is closely linked to our daily lives. They produce a variety of products, such as automobiles and semiconductors, industrial equipment, steel, oil, cement, food and pharmaceuticals. Each company has a different environment and different cybersecurity challenges. Trend Micro classifies their ...
- Rising healthcare breaches driven by hacking and unsecured servers
February 17, 2021
2020 was a bad year for healthcare organizations in the U.S., which had to deal with a record-high number of cybersecurity incidents on the backdrop of the COVID-19 pandemic. Hacking and IT incidents affected the industry to a larger extent last year, accounting for more than 67% of all breaches and exposed the personal data of ...
- Masslogger Swipes Microsoft Outlook, Google Chrome Credentials
February 17, 2021
Cybercriminals are targeting Windows users with a new variant of the Masslogger trojan, which is spyware designed to swipe victims’ credentials from Microsoft Outlook, Google Chrome and various instant-messenger accounts. Researchers uncovered the campaign targeting users in Italy, Latvia and Turkey starting in mid-January. When the Masslogger variant launched its infection chain, it disguised its malicious ...
- U.S. Accuses North Korean Hackers of Stealing Millions
February 17, 2021
The U.S. Department of Justice has indicted three North Korean computer programmers for their alleged participation in widespread, destructive cyberattacks as part of the advanced persistent threat (APT) known as Lazarus Group. The indictment broadens the scope of crimes that the DoJ has linked to Lazarus Group (and by extension, to North Korea). The feds also ...