RansomwareHacking is experiencing some interesting and alarming changes. The TrickBot gang appears to be working for the Conti Syndicate. TrickBot is an established botnet developer group that was responsible for the creation and operation of the BazarLoader. Conti has used BazarLoader in the past to deliver ransomware as part phishing campaigns.

Conti Syndicate now has a new tool. Bumblebee is a newly-developed malware loader. Cyberreason's seasoned malware reverse engineer Eli Salem is responsible for this new malware loader. Salem claims that Bumblebee's techniques are very similar to those of BazarLoader. This suggests that they were created by the same team. This points back to TrickBot.

TrickBot's developers created a new toy specifically for the Conti Syndicate. Proofpoint security researchers and other organizations have seen evidence that other groups are choosing Bumblebee over IcedID and BazarLoader (both very similar).

BazarLoader is a similar structure, but Bumblebee seems to be more advanced.

Worse, there is evidence that Bumblebee actively develops new features and capabilities every update.

The malicious code supports multiple command and control servers as of the April 19th update. Recently, the development team added an encryption layer to make it harder to track communications between command-and-control servers.

It is unclear what this means for the larger picture. There seems to be a growing degree of cooperation and coordination within the hacking community lately. This should alarm just about everyone.

Preventive action is needed to ensure your company is not open to attack. What can you do? Contact Integrated Technology Systems today. We can analyze your cyber security protocols and show you how to be secure in today's hyper active environment.

Malware is more likely to be spread by users who do not have Internet Explorer updates.

internet explorer hackCybersecurity researchers have found a new campaign of malware. The Exploit Kit is an attack method that has been in decline over the past months.

Exploit kits were once all the rage. Flash Player used to be a target of Exploit Kit-based attacks, but that is long gone. The Exploit Kit's popularity has dropped significantly.

However, someone is trying to make it come back. This is possible because a growing number users don't prioritize updating browser software. Internet Explorer users who still depend on it are especially vulnerable because they don't receive security updates.

RIG EK is the latest campaign. An Internet Explorer flaw that can cause memory corruption on specially designed websites. Once they have a victim, the group deploys a malware strain called RedLine. This is a powerful but inexpensive info stealer. This malware strain is particularly popular in Russian-speaking hacking forums.

Once RedLine has been installed, hackers will steal all data from the victim's device. They will focus on the stored payment card information and cryptocurrency wallet information.

RIG EK doesn't do much new. The hackers behind the campaign have discovered new ways to inject life into old techniques that were rarely seen in the threat landscape. This makes it a real threat.

It might be time to change your browser update policy if your company hasn't prioritized browser updates in the past. It's time to stop using Internet Explorer. You'll have fewer headaches if you do not want to.

Is keeping up with software patches and updates a seemingly endless chore? Our managed IT services team can help your company stay current and secure your data.  Call us today - the consultation is free and could prevent future problems.

Integrated Technology Systems
6 East 45th Street, Suite 400
New York, NY 10017