LockBit Takedown and Resurgence

What Happened? In a coordinated effort by National Crime Agency, Europol and multiple other internation law enforcement agencies dealt a significant blow to the operations of the LockBit ransomware group. Dubbed Operation Cronos, this multi-agency initiative led to the seizure of LockBit's dark w...

BlackCat’s Resurgence Despite Law Enforcement Disruptions

Summary: Blackcat, a sophisticated Ransomware-as-a-Service operation, infiltrates networks using advanced social engineering and remote access tools, offering triple extortion tactics and cyber remediation advice for ransom payment, and resurged after a December 2023 disruption, causing widesprea...

FBI Warns U.S. Healthcare Sector of Targeted BlackCat Ransomware Attacks

The U.S. government is warning about the resurgence of BlackCat aka ALPHV ransomware attacks targeting the healthcare sector as recently as this month. "Since mid-December 2023, of the nearly 70 leaked victims, the healthcare sector has been the most commonly victimized," the government said in a...

ZLoader’s Resurgence after Two Years in the Shadows

Summary: Zloader is a highly sophisticated Trojan originating from the leaked Zeus source code. Notable for its adaptive nature, the malware continuously evolved through each campaign since its debut in August 2015. After nearly two years of dormancy, Zloader reemerged with new iterations. Threat...

Ransomware Attacks are on the Rise

After a recent dip, ransomware attacks are back on the rise. According to data released by NCC Group, the resurgence is being led by old ransomware-as-a-service RaaS groups. With data gathered by “actively monitoring the leak sites used by each ransomware group and scraping victim details as they...

Hackers Targeting VoIP Servers By Exploiting Digium Phone Software

VoIP phones using Digium's software have been targeted to drop a web shell on their servers as part of an attack campaign designed to exfiltrate data by downloading and executing additional payloads. "The malware installs multilayer obfuscated PHP backdoors to the web server's file system,...

It’s business as usual for REvil ransomware

After the FBS arrested 14 of its members in January, and a subsequent lull in action, the REvil ransomware gang appears to be back. We say "appears" because its still unclear whether the groups operations have indeed restarted. To the trained eye, REvils movements seem out of sorts. When REvils o...

Emotet Botnet's Latest Resurgence Spreads to Over 100,000 Computers

The insidious Emotet botnet, which staged a return in November 2021 after a 10-month-long hiatus, is once again exhibiting signs of steady growth, amassing a swarm of over 100,000 infected hosts for perpetrating its malicious activities. "While Emotet has not yet attained the same scale it once...

Sextortion Rears Its Ugly Head Again

A new French-language sextortion campaign is making the rounds, researchers warn. As noted by Sophos researchers in a Monday report, sextortion is one of the oldest tricks in the book, but its popularity has waned in recent years due to effective cybersecurity, law enforcement crackdowns and the...

Emotet Re-emerges with Help from TrickBot

Emotet has recently reemerged after being taken down less than a year ago by global law enforcement as coordinated by Europol and Eurojust. The takedown was achieved after law enforcement compromised a command-and-control system, and then pushed a specially crafted update to Emotet agents that...

Mekotio Banking Trojan Resurges with Tweaked Code, Stealthy Campaign

The Mekotio Latin American banking trojan is bouncing back after several of the gang that operates it were arrested in Spain. More than 100 attacks in recent weeks have featured a new infection routine, indicating that the group continues to actively retool. “The new campaign started right after...

HTTP/2 Request Smuggling

HTTP Request Smuggling also known as an HTTP Desync Attack has experienced a resurgence in security research recently, thanks in large part to the outstanding work by security researcher James Kettle. His 2019 Blackhat presentation on HTTP Desync attacks exposed vulnerabilities with different...

A week in security (July 12 – July 18)

Last week on Malwarebytes Labs: DNS-over-HTTPS takes another small step towards global domination Nope, that isn’t Elon Musk, and he isn’t offering a free Topmist Dust watch either Four in-the-wild exploits, 13 critical patches headline bumper Patch Tuesday Is crypto’s criminal rollercoaster...

Trickbot Malware Rebounds with Virtual-Desktop Espionage Module

The Trickbot trojan is in resurgence mode, with its operators filling out infrastructure globally and releasing an updated version of its “vncDll” module, used for monitoring and intelligence gathering, researchers said. According to an analysis this week from Bitdefender, there has been “a...

Emotet: A Year in the Life of a Malware

Overview Emotet malware has been around since 2014, but 2020 saw a resurgence of attacks. In September 2020, Emotet affected 14% of organizations worldwide. So, what is Emotet? And why is it so dangerous? Emotet is a sophisticated trojan that is most commonly used as a dropper for other malware...

CISA: LokiBot Stealer Storms Into a Resurgence

The U.S. Cybersecurity and Infrastructure Security Agency CISA is warning that the LokiBot info-stealing trojan is seeing a surge across the enterprise landscape. The uptick started in July, according to the agency, and activity has remained “persistent” ever since. LokiBot targets Windows and...

Japan, France, New Zealand Warn of Sudden Uptick in Emotet Trojan Attacks

Cybersecurity agencies across Asia and Europe have issued multiple security alerts regarding the resurgence of email-based Emotet malware attacks targeting businesses in France, Japan, and New Zealand. "The emails contain malicious attachments or links that the receiver is encouraged to download,...

Malware Moves: The Rise of LookBack – And Return of Emotet

Malware activity for various families continues to ebb and flow; with a popular malware called LookBack recently discovered in a slew of campaigns, and Emotet and other malware variants that were quiet over the summer set to make a dangerous comeback. Researchers believe that nation-state actors...

Emotet is back after a summer break

By Colin Grady, William Largent, and Jaeson Schultz. Emotet is still evolving, five years after its debut as a banking trojan. It is one of the world's most dangerous botnets and malware droppers-for-hire. The malware payloads dropped by Emotet serve to more fully monetize their attacks, and ofte...

Forrester: Ransomware Set to Resurge As Firms Pay Off Attacks

SAN FRANCISCO – Ransomware may be poised to return as a top scourge for companies, as more and more of them pay up after an attack in an effort to minimize the cost of recovery. That’s just one insight gleaned from an interview at RSA Conference 2019 last week with Josh Zelonis, senior analyst at...