SamSam Ransomware: Patient, Persistent, Competent and Dangerous

The SamSam ransomware has always been a bit different. Unlike many ransomware infections, its victims are targeted rather than random — and the attacker establishes a presence on the victim network before beginning the encryption process. Victims this year include the City of Atlanta, Allscripts, Adams Memorial Hospital, Colorado Department of Transportation and the Mississippi…

State of Email Security: What Can Stop Email Threats?

A survey of 295 professionals — mostly but not entirely IT professionals — has found that 85% of respondents see email threats bypass email security controls and make it into the inbox; 40% see weekly threats; and 20% have to take significant remediation action on a weekly basis. Email security firm GreatHorn wanted to examine…

How to Achieve Ransomware Recovery — Without Paying Ransom

Without a ransomware recovery strategy, companies sometimes end up paying to retrieve their data after an attack. At the same time, threat actors are growing more sophisticated in their ability to bypass both antivirus and anti-ransomware tools — thus, they’re also growing bolder. To stay ahead of the curve, organizations will need to develop more…

Ransomware Attack Hits Health Firm LabCorp

LabCorp, a company that provides “diagnostic, drug development and technology-enabled solutions for more than 115 million patient encounters per year,” serves hundreds of thousands of customers nationwide and processes tests on more than 2.5 million patient specimens per week. With revenues that topped $10 billion last year, the health company operates a network of more…

Oracle Patches Record 334 Vulnerabilities in July 2018

Oracle this week released its July 2018 set of patches to address a total of 334 security vulnerabilities, the largest number of flaws resolved with a Critical Patch Update (CPU) to date. Over 200 of the bugs may be remotely exploitable without authentication. This month, 23 products from the enterprise security giant were patched, including…

Move Over, Ransomware: Why Cybercriminals Are Shifting Their Focus to Cryptojacking

According to the 2018 IBM X-Force Threat Intelligence Index, the frequency and sophistication of malicious cryptocurrency mining, also called “cryptojacking,” has increased drastically in the past year. This mining is changing malicious actors’ priorities: While they had previously targeted companies’ data and financial assets, they are now seeking to extract value from organizations’ computing resources….

Cybercrime tactics & techniques Q2 2018

A generally slow quarter reflects an overall lull in cybercrime, picking up where Q1 left off with cryptominers continuing to dominate, ransomware continuing to evolve through experimentation, and exploits making a small but significant comeback. In nearly every malware category for both business and consumer detections, we saw a decrease in volume, corroborating our general…

PowerShell Threats Grow Further and Operate in Plain Sight

The preinstalled and versatile Windows PowerShell has become one of the most popular choices in cyber criminals’ arsenals. We have observed an increase of 661 percent in computers where malicious PowerShell activity was blocked from the second half of 2017 to the first half of 2018—a clear indication that attackers are still growing the use…

Timehop Releases New Details About July 4 Breach

Additional information includes PII affected and the authentication issue that led to the breach. Timehop, the company that specializes in “digital nostalgia,” is releasing more information on the July 4 breach that compromised millions of users’ personally identifiable information (PII). New details include the timeline of the attack, the information affected, and the steps the…