Open-source technologies and communities are a big part of the Rapid7 ethos, and that’s not by chance – it’s by design. Rapid7 believe that their Metasploit, AttackerKB, and Velociraptor initiatives help create a strong threat intelligence foundation as well as a secure digital future for all. Unfortunately, the same open-source tools that help security teams prioritize risk and enhance security outcomes can be misused by threat actors for nefarious purposes.
For example, Rapid7 researchers are aware that the digital forensics and incident response (DFIR) tool Velociraptor has been observed being leveraged by threat actors to execute a ransomware campaign. Rapid7 has implemented detections for this and other Velociraptor-related misuse, and is not impacted by this incident.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- North Korea-Backed Spy Group Poses as Reporters in Spearphishing Attacks, Feds Warn
October 28, 2020
The North Korean advanced persistent threat (APT) group known as Kimsuky is actively attacking commercial-sector businesses, often by posing as South Korean reporters, according to an alert from the U.S. Cybersecurity and Infrastructure Security Agency (CISA). Kimsuky (a.k.a. Hidden Cobra) has been operating as a cyberespionage group since 2012 under the auspices of the regime in ...
- Trump Campaign Website Defaced by Cryptocurrency Scam
October 28, 2020
Hackers took over President Trump’s 2020 election campaign website late Tuesday, replacing parts of the site with a cryptocurrency scam before returning it to its original content several minutes later. Journalist Gabriel Lorenzo Greschler was the first to notice the attack while he was doing research for a climate-change article, he wrote in a tweet. The ...
- DDoS attacks in Q3 2020
October 28, 2020
Q3 was relatively calm from a DDoS perspective. There were no headline innovations, although cybercriminals did continue to master techniques and develop malware already familiar to us from the last reporting period. For example, another DDoS botnet joined in the assault on Docker environments. The perpetrators infiltrated the target server, created an infected container, and ...
- APT groups aren’t all from Russia, China, and North Korea
October 28, 2020
Advance persistent threat (APT) hacker groups are often assumed to be state-supported organisations such as China’s APT10 aka Stone Panda, Russia’s APT28 aka Fancy Bear, or Vietnam’s APT32 aka Ocean Lotus. However, these and other groups are often identified and named by cyber intelligence firms with strong links to their national government. FireEye and Crowdstrike in ...
- Enel Group hit by ransomware again, Netwalker demands $14 million
October 27, 2020
Multinational energy company Enel Group has been hit by a ransomware attack for the second time this year. This time by Netwalker, who is asking a $14 million ransom for the decryption key and to not release several terabytes of stolen data. Enel is one of the largest players in the European energy sector, with more ...
- Insikt Group Discovers Global Credential Harvesting Campaign Using FiercePhish Open Source Framework
October 27, 2020
Recorded Future’s Insikt Group discovered a wide-reaching phishing campaign utilizing the FiercePhish open source offensive phishing framework. The campaign, which is hosted on Russian domain infrastructure but does not target users in Russia, is globally harvesting credentials from a variety of organizations in the public and private sectors. This campaign, coordinated using asherintartradingcom, has been ...