Over the past month, the Varonis Network forensics team analyzed the activity observed in incident response, network forensics investigations, and malware reverse engineering.
The main attack vectors in October were: ransomware (43%), malware (15%), brute force (14%), criminal groups and APT attacks (14%), compromising business correspondence (14%).
In addition, the company has highlighted several specific malicious programs that are worth paying special attention to. The first is Ryuk, a type of ransomware program used for targeted attacks.
Ryuk modifications have two main methods of infection: phishing aimed at specific employees within the organization, and using pre-obtained accounts to access devices within the victim’s company via remote desktop.
Another dangerous “malware” analysts call Silent Librarian or COBALT DICKENS or TA407, which uses methods of spear phishing and attacks universities.
The purpose of this software is to steal research data. Silent Librarian is based in Iran and is most likely funded by the Iranian government. Experts also draw attention to the Latin American banking Trojan Mekotio. Mekotio’s feature set changes frequently, and what’s more, several flavors are being developed at the same time. Basically, the Trojan spreads through spam mailings and uses several download stages.