Ransomware Groups Exploit Legit IT Tools to Bypass Antivirus

New research from Seqrite explains the 'dual-use dilemma,' where ransomware attackers repurpose legitimate IT tools like IOBit Unlocker…...

Ransomware in 2025: Blending in is the strategy

Ransomware attacks aren't smash-and-grab anymore. They're built on access that already looks legitimate -- closer to positioning chess pieces than breaking the door down. That's the big trend that comes through in the ransomware data from the Talos 2025 Year in Review. Once attackers have initial...

How attackers use real IT tools to take over your computer

A new wave of attacks is exploiting legitimate Remote Monitoring and Management RMM tools like LogMeIn Resolve formerly GoToResolve and PDQ Connect to remotely control victims’ systems. Instead of dropping traditional malware, attackers trick people into installing these trusted IT support progra...

2025 Cybersecurity Reality Check: Breaches Hidden, Attack Surfaces Growing, and AI Misperceptions Rising

Bitdefender's 2025 Cybersecurity Assessment Report paints a sobering picture of today's cyber defense landscape: mounting pressure to remain silent after breaches, a gap between leadership and frontline teams, and a growing urgency to shrink the enterprise attack surface. The annual research...

Crypto24 Ransomware Group Blends Legitimate Tools with Custom Malware for Stealth Attacks

Crypto24 is a ransomware group that stealthily blends legitimate tools with custom malware, using advanced evasion techniques to bypass security and EDR technologies...

When legitimate tools go rogue

Late one Tuesday night, Elena's phone buzzed with an alert from her company's SIEM. Her team had set up a rule to flag when certain system tools -- whoami, nltest and nslookup--were run one after another in quick succession. That exact pattern had just triggered on a computer in the Finance...

Fake ChatGPT and InVideo AI Downloads Deliver Ransomware

Cisco Talos uncovers CyberLock ransomware, LuckyGh0$t, and Numero malware masquerading as legitimate software and AI tool installers. Learn…...

5 facts to know about the Royal ransomware gang

When we first introduced the Royal ransomware gang in our November 2022 review, little did we know they'd rapidly evolve into one of the most potent threats in our ongoing monthly threat intelligence briefings. In fact, the Malwarebytes Threat Intelligence team has tracked down a staggering 195...

Fileless attacks: How attackers evade traditional AV and how to stop them

When you hear about malware, theres a good chance you think of sketchy executables or files with extensions like .DOCX or .PDF that, once opened, execute malicious code. These are examples of file-based attacks--and while they can be bad, theyre nothing compared to their fileless cousins. As the...

Batloader Malware Abuses Legitimate Tools, Uses Obfuscated JavaScript Files in Q4 2022 Attacks

We discuss the Batloader malware campaigns we observed in the last quarter of 2022, including our analysis of Water Minyades-related events This is the intrusion set we track behind the creation of Batloader...

Threat Actors Target AWS EC2 Workloads to Steal Credentials

We found malicious samples attempting to steal Amazon Elastic Compute Cloud EC2 Workloads' access keys and tokens via typosquatting and the abuse of legitimate tools...

The nature of cyber incidents

Kaspersky provides incident response services and trainings to organizations around the world. In our annual incident response report, we share our observations and statistics based on investigation of real-life incidents. The report contains anonymized data collected by the Kaspersky Global...

Why is Cybersecurity Failing Against Ransomware?

Yes, security is hard – no one is ever 100 percent safe from the threats lurking out there. But how is it that time and time again, companies – big companies – are continuing to fall for ransomware attacks? Why aren’t we getting any better at preventing them? Let’s explore the main reasons why,...

Incident Response Analyst Report 2019

Download full report PDF As an incident response service provider, Kaspersky delivers a global service that results in global visibility of adversaries cyber-incident tactics and techniques used in the wild. In this report, we share our teams conclusions and analysis based on incident responses a...

Microsoft Warns of a New Rare Fileless Malware Hijacking Windows Computers

Watch out Windows users! There's a new strain of malware making rounds on the Internet that has already infected thousands of computers worldwide and most likely, your antivirus program would not be able to detect it. Why? That's because, first, it's an advanced fileless malware and second, it...

New Clues Surface on Shamoon 2's Destructive Behavior

Researchers on Monday reported progress in piecing together some of the missing pieces of the Shamoon 2 puzzle that have been eluding them when it comes to lateral network movement and execution of the Disttrack malware component used in past campaigns. Shamoon 2 uses a combination of legitimate...