Monthly Archives: November 2020

The double extortion technique: the Campari case

The double extortion technique: the Campari case

In recent weeks the Campari group has suffered a serious ransomware attack of the so-called “double extortion” technique. The damage would amount to two terabytes of stolen data, with attached the threat to publish it if the company does not pay $15 million. The attack and the reaction of the company The ransom was carried out by the Ragnar Locker criminal group that, using the same technique, struck Capcom about a month ago, threatening the publication or auctioning of data. The nature of the information stolen from Campari remains confidential, even if the well-known Italian company has admitted the possibility of a loss – not quantified – of personal data […]

Cybersecurity and the implementation of smart working

Cybersecurity and the implementation of smart working

Faced with the unexpected health crisis, institutions and companies around the world are trying to facilitate the implementation of smart working through the dispersion of adequate rules and procedures. The widespread training of people involved in teleworking is urgent if we are to avert the real risk of cyber-attacks, for profit or political destabilization, aimed at public, corporate or personal networks and systems. The introduction of digital devices in the workplace such as smartphones and tablets has undoubtedly increased productivity, while exposing companies to a greater risk of  cyber-attacks. A threat that is all the more tangible and probable the more time employees spend working on these devices, especially remotely. […]

QNodeService stepped up its features while operated in widespread credential-theft campaigns

QNodeService stepped up its features while operated in  widespread credential-theft campaigns

Since mid-year 2020, a new piece of malware emerged in the cyber threat landscape. It seems to be linked to the crimeware matrix due its main purpose and use, which is exfiltration of browsers and email services credentials against a fairly extensive range of potential targets. The group that operates this threat is currently unknown for us (internally tracked as RedMoon) but we know that it likely operates, at least for malware samples involving Italian assets, from a West Asia country and we noted it seems to be very focused on keeping their detection rates as low as possible. A variant of this threat was originally spotted by @malwrhunterteam on […]

Trying not to walk in the dark woods. A way out of the Maze

Trying not to walk in the dark woods. A way out of the Maze

After numerous ransomware attacks since its appearance in May 2019, the popular Maze Team recently claimed the end of its criminal activity through a press release on its Dedicated Leak Site. The Maze Team is responsible for the development and maintenance of Maze Ransomware, one of the most advanced and infamous piece of malware in today’s threat landscape, and has been the first adversary to adopt the Double Extortion technique, which allows attackers to maximize their chance of making profit asking ransom payment both from operation recovering and from avoiding the disclosure of stolen data. Indeed, while for a period of time other threat actors had only threatened to release […]

Enisa report 2020: the pandemic’s effect on cybersecurity

Enisa report 2020: the pandemic’s effect on cybersecurity

Enisa (the European Union Agency for Cybersecurity) has recently published the eighth edition of its Threat Landscape Report (ETL) on cyber threats registered in the period between January 2019 and April 2020, describing the evolution of the current cybersecurity scenario in Europe and emphasizing in particular the serious effects of the Coronavirus pandemic on the sector. Overview of the Enisa 2020 report The new ETL-Enisa Threat Landscape 2020 report was produced with the support of the European Commission and EU Member States. The content of the ETL report is primarily based on literature available from open sources, such as articles, expert opinions, intelligence reports, security incident analysis and research reports, […]

Utilizzando il sito, accetti l'utilizzo dei cookie da parte nostra. maggiori informazioni

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close