Open-source technologies and communities are a big part of the Rapid7 ethos, and that’s not by chance – it’s by design. Rapid7 believe that their Metasploit, AttackerKB, and Velociraptor initiatives help create a strong threat intelligence foundation as well as a secure digital future for all. Unfortunately, the same open-source tools that help security teams prioritize risk and enhance security outcomes can be misused by threat actors for nefarious purposes.
For example, Rapid7 researchers are aware that the digital forensics and incident response (DFIR) tool Velociraptor has been observed being leveraged by threat actors to execute a ransomware campaign. Rapid7 has implemented detections for this and other Velociraptor-related misuse, and is not impacted by this incident.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- US Cyber Command, DHS, and FBI expose new North Korean malware
February 14, 2020
US Cyber Command, the Department of Homeland Security, and the Federal Bureau of Investigations have exposed today a new North Korean hacking operation. Authorities have published security advisories detailing six new malware families that are currently being used by North Korean hackers. According to the Twitter account of the Cyber National Mission Force (CNMF), a subordinate unit ...
- Wireshark Tutorial: Examining Qakbot Infections
February 13, 2020
Qakbot is an information stealer also known as Qbot. This family of malware has been active for years, and Qakbot generates distinct traffic patterns. This Wireshark tutorial reviews a recent packet capture (pcap) from a Qakbot infection. Understanding these traffic patterns can be critical for security professionals when detecting and investigating Qakbot infections. Note: This tutorial assumes you have ...
- Emotet Now Spreads via Wi-Fi
February 13, 2020
A new strain of Emotet was found spreading through wireless internet connections, deviating from the email spam campaigns that the malware commonly utilizes as a means of propagation. According to researchers from Binary Defense, this new loader type takes advantage of the wlanAPI interface to spread from an infected device to an unsecure Wi-Fi network. Emotet was discovered by Trend ...
- An In-Depth Technical Analysis of CurveBall (CVE-2020-0601)
February 13, 2020
The first Microsoft patch Tuesday of 2020 contained fixes for CVE-2020-0601, a vulnerability discovered by the United States’ National Security Agency (NSA) that affects how cryptographic certificates are verified by one of the core cryptography libraries in Windows that make up part of the CryptoAPI system. Dubbed CurveBall or “Chain of Fools,” an attacker exploiting this vulnerability could potentially create ...
- New Cyber Espionage Campaigns Targeting Palestinians: The Spark and Pierogi Campaigns
February 13, 2020
Over the last several months, the Cybereason Nocturnus team has been tracking recent espionage campaigns targeting the Middle East. These campaigns are specifically directed at entities and individuals in the Palestinian territories. This investigation shows multiple similarities to previous attacks attributed to a group called MoleRATs (aka The Gaza Cybergang), an Arabic-speaking, politically motivated group that has operated ...
- Knock, Knock – Who’s There?
February 11, 2020
Following our research from Evil Twins and Windows Linux Subsystem, interoperability between different WSL versions was something that caught our attention. The protocol and mechanism to do file management from/to WSL is a must for Blue and Red Teams whose research will provide new ways to execute known techniques to achieve tactics such as Persistence, Defense ...