An In-Depth Look at Ransomware Gangs, LockFile and LockBit 2.0

LockFile

Executive Summary Ransomware gang attacks have been the talk of the year with the most recent attacks being from LockFile and LockBit 2.0. In April 2021, LockFile discovered a Microsoft Exchange Server vulnerability and took advantage of that discovery by successfully compromising hundreds of Exchange servers across the U.S and Asia. In 2020, the Australian […]

Flash Notice – Microsoft Issues Warning for Remote Code Execution Vulnerability

LockFile

Overview On September 7, 2021, Microsoft released a statement warning of targeted attacks attempting to exploit a remote code vulnerability found in Office 365 and Office 2019 on Windows 10. The vulnerability involves a zero-day remote code execution in MSHTML, which is Internet Explorers main HTML component. CVE-2021-40444 is a vulnerability that becomes exploited when […]

Threat Actor Profile – “BlackMatter”

LockFile

Who is BlackMatter? Ransomware gangs threaten the security of companies and individuals daily. Over the past year, there has been a surge in ransomware attacks leading to long-lasting destruction. Barracuda researchers found a 64% increase in ransomware attacks, targeting health care, education, and businesses (financial services, infrastructure, travel, etc.). First reported by The Record, BlackMatter […]

Beware of Clever Email Phishing Campaigns

LockFile

TIR-20210816 Executive Summary Phishing email scams are a tried-and-true method for retrieving data, but certain campaigns can be difficult to filter. Two campaigns that come to mind are Photo Copyright and SharePoint phishing campaigns. Not only do these campaigns wreak havoc on their victim’s devices and networks, but they are becoming exceptionally clever as time […]

Flash Notice – The PrintNightmare Continues

LockFile

Overview On Patch Tuesday, Microsoft released yet another patch to address CVE-2021-34481 vulnerability in the PrintSpooler service – a service that runs on every computer participating in the Print Services system for Windows-based print clients. Rather than fixing the code vulnerability, which allowed attackers to install malware on printers and create new accounts, the patch […]

Microsoft Exchange Server Breach is Formally Attributed to China by the U.S

LockFile

Executive Summary The extensive breach of Microsoft Exchange Server earlier this year has been formally attributed to China by the United States and several allies following the indictment of four Chinese nationals.  Three of the individuals named in the indictment are alleged to be intelligence officers with China’s Ministry of State Security (MSS).  This report […]

Flash Notice: SonicWall Warns of Imminent Ransomware Attack Against EOL Products

LockFile

Overview Details SonicWall has released an urgent security bulletin to their customers using unpatched, end-of-life Secure Mobile Access 100 series and Secure Remote Access products. The company indicates that there is an imminent ransomware campaign using stolen credentials targeting these devices running 8.x firmware. Since these firmware versions are considered end-of-life and out of support […]

Summary of the International Institute for Strategic Studies’ Nation-State Cyber Power Assessment

LockFile

Executive Summary This report is a summary of a recent study, conducted by the International Institute for Strategic Studies, assessing the cyber power of 15 different nation-states. Each state was assessed in seven categories: Strategy and doctrine; Governance, command and control; Core cyber-intelligence capability; Cyber empowerment and dependence; Cyber security and resilience; Global leadership in […]

CobaltStrike Overview

LockFile

Executive Summary This report is about the use of the well-known tool CobaltStrike in adversarial campaigns. The tool’s framework is designed for command & control operations with an established capacity and extreme ease of use. The tool can be integrated into the attacker lifecycle easily with minimal development time. CobaltStrike Tactics, Techniques, and Procedures CobaltStrike […]