Tag: Latest threats

Prometei Botnet Exploits Unpatched Microsoft Exchange Vulnerabilities for Propagation

Security researchers reveal a significant shift in malicious tactics of the Prometei botnet, which is now capable of leveraging the “ProxyLogon” exploit for Windows Exchange servers to penetrate the targeted network and drop cryptojacking malware onto users’ machines. Although the main objective is to mine Monero by exploiting the processing powers of the infected instances, […]

Read More
REvil Ransomware Evolution: New Tactics, Impressive Gains, and High-Profile Targets

The REvil gang stands behind the avalanche of attacks targeting major companies across the US, Europe, Africa, and South America. In March 2021, ransomware operators claimed almost a dozen of intrusions that resulted in sensitive data compromise. The list of victims includes law firms, construction companies, international banks, and manufacturing vendors. As per news reports, […]

Read More
New Hades Ransomware Hits Leading US Vendors

Security researchers uncovered an ongoing malicious campaign targeting big-name US companies with Hades ransomware. At least three US vendors have been hit by an unknown financially-motivated actor since December 2020.  What Is Hades Ransomware? First discovered in late 2020, Hades ransomware is a brand new player in the threat arena. The malware was named after […]

Read More
Conti Ransomware Hits North America and Europe In Double Extortion Attacks

Despite being a relatively new threat in the cybersecurity arena, Conti ransomware already became a big menace for organizations worldwide. Since its emergence in May 2020, security researchers have reported at least 150 successful attacks against retail, manufacturing, construction, and other industries in North America and Western Europe. Notably, Conti operators apply a double extortion […]

Read More
Snatch Ransomware Attack Detection

Ransomware continues to be one of the most serious threats to corporate networks, and Snatch ransomware is one of the most annoying “guests” that emerged relatively recently. The first infections were recorded about two years ago, but serious attacks on organizations began only in April 2019, and since then, the appetites and skills of the […]

Read More
Detection Content: WastedLocker Ransomware

The new WastedLocker ransomware was first spotted in May 2020. It was developed by the high-profile Evil Corp group, which previously used the Dridex trojan to deploy BitPaymer ransomware in attacks targeting government organizations and enterprises in the United States and Europe. Last year, part of the attackers left the group and started their own […]

Read More
Threat Hunting Content: Avaddon Ransomware Detection

A newcomer to the Ransomware scene, Avaddon Ransomware has been actively spread in spam campaigns since the beginning of the month, and the attackers behind it continue to recruit affiliates in underground forums. During one of the detected campaigns, cybercriminals sent over 300,000 malicious emails using Phorphiex/Trik Botnet. Currently, Avaddon is aimed more at individual […]

Read More
Zoom Service Hardening Guide

Intro   This is a practical guide based on Zoom and CheckPoint recommendations crafted with common sense and Zoom usage specific in our Company, aka work from home (WFH) activity as every company in the world now and sales / pre sales activities as a vendor.  Due to the specific nature of our business, in […]

Read More
COVID-19 | Coronavirus Phishing

Introduction COVID-19 / Coronavirus phishing is on the uptick and will likely remain a primary theme/lure for many months to come. This blog post makes recommendations as far as COVID-19 specific phishing and other threats brought on by increased teleworking.

Read More
Security Advisory. Bad Rabbit Ransomware worm.

The research is based on OSINT evidence analysis, local evidence, feedback from attack victims and MITRE ATT&CK methodology used for actor attribution. SOC Prime would like to express gratitude to independent security researchers and specialized security companies who shared the reverse engineering reports and attack analysis on the public sources and their corporate blogs. On […]

Read More