Photo credit: www.csoonline.com
The landscape of cybersecurity continues to evolve, with several malware programs emerging as significant threats. Among these, GootLoader has gained attention as a JavaScript downloader and dropper. Additionally, WIREFIRE, a Python web shell specifically targeting Ivanti Pulse Secure appliances, has been noted. Other prominent threats include SystemBC, known for its proxy tunneling capabilities and a custom communication protocol that enables it to execute further payloads from a command-and-control (C2) server. Meanwhile, ransomware variants such as Akira, RansomHub, LockBit, and Basta have been increasingly prevalent.
Weak and Compromised Credentials as Catalysts for Ransomware and Cloud Security Breaches
Ransomware’s penetration into organizations has often been facilitated by brute-force attacks, which accounted for 26% of incidents recorded by Mandiant last year. These attacks frequently utilize password spraying techniques and exploit default credentials. Other prominent vectors include stolen credentials and exploits, each responsible for 21% of attacks, alongside previously compromised systems resulting in sold access at 15%, and third-party compromises at 10%.
In the realm of cloud security breaches, phishing remains a dominant threat vector, implicated in 39% of compromises. Stolen credentials accounted for 35% of these incidents. Other tactics such as SIM swapping and voice phishing each represented 6% of attacks. Alarmingly, over two-thirds of cloud compromises led to data theft, while 38% of these breaches had financial motives, with data extortion, business email compromise, ransomware, and cryptocurrency fraud emerging as primary objectives.
Source
www.csoonline.com