Cyber Threats and Mitigations: Key Insights from Q1 2024
Secureworks
Cybersecurity by security experts for security experts. We are in the fight with you!
Learning from Incident Response: January - March 2024
Despite disruptive law enforcement action against LockBit operator GOLD MYSTIC and an exit scam conducted by ALPHV (also known as BlackCat) operator GOLD BLAZER during the quarter, ransomware attacks continued to pose a significant threat to organizations. The number of victims listed on leak sites rose each month of the quarter, suggesting that disruption to one operation may simply lead to affiliates moving to other groups. Cyber insurers also noted the elevated Q1 2024 ransomware activity.
One essential mitigation in any ransomware engagement is to block the attacker’s re-entry to the network; for example, by removing external access to appliances or hosts. In the ALPHV incident, the threat actor attempted to re-enter the environment the day after deploying the ransomware. The intent may have been to destroy logs and other forensic artifacts to complicate analysis and recovery. Attackers may also try to establish persistent access, leaving the victim susceptible to a future attack.
Read the report for more on this: Learning from Incident Response January - March 2024
Untangling the Web of Social Engineering Attacks
What should businesses and organizations know about social engineering attacks and how can they best ensure they defend against them? Stacy Leidwinger VP of Marketing, Secureworks and Rafe Pilling, Director, Counter Threat Unit Research at Secureworks shared insights on this. Watch the video above as they discuss the June 14th arrest of?the alleged?member of the cybercriminal group Scattered Spider, known to Secureworks as GOLD HARVEST and its ramifications. This group is believed to be behind major attacks including the hack on MGM. It is predominately interested in data theft and fraud and focuses on social engineering techniques to facilitate these attacks.
How To Detect And Mitigate Gold Tahoe Attacks
Threat actors like Clop operator GOLD TAHOE can exploit file transfer services to gain access to an organization’s shared files. Some of these may come from third parties, as for example in the Zellis payroll compromise, which formed part of the MOVEit Transfer attacks.
This infographic provides helpful steps you can take to detect and mitigate the risk posed by GOLD TAHOE. Threat Group - Gold Tahoe
Stay abreast of?the latest threat group definitions and profiles published by the Secureworks? Counter Threat Unit? (CTU) Research Team here: Cyber Threat Group Profiles: Their Objectives, Aliases, and Malware Tools