Each morning I receive Cyber Threat Intelligence briefings - they outline current threats, attacks,etc.. that are occurring. I usually don't see many of these reported in the news, some come from online sources, news reports, government investigations/reports.
There are a few things that I thought you all would be interested in.
1) Snatch ransomware is becoming a favorite of Russian hackershttps://www.zdnet.com/article/snatch-ra ... irus-apps/
The authors of the Snatch ransomware are using a never-before-seen trick to bypass antivirus software and encrypt victims' files without being detected.
The trick relies on rebooting an infected computer into Safe Mode, and running the ransomware's file encryption process from there.
The reason for this step is that most antivirus software does not start in Windows Safe Mode, a Windows state meant for debugging and recovering a corrupt operating system.
However, the Snatch crew discovered that they could use a Windows registry key to schedule a Windows service to start in Safe Mode. This service would run their ransomware in Safe Mode without the risk of being detected by antivirus software, and having its encryption process stopped.
2) Russian hacking against Ukrainehttps://www.cyberscoop.com/gamaredon-ap ... -foritnet/
A suspected Russian hacking campaign that’s resulted in attacks against Ukrainian military and government agencies also has affected journalists, law enforcement and nongovernmental organizations, according to new findings.
Gamaredon, a hacking group that has been active since 2013 and mostly haunted Ukrainian government targets, has broadened its reach within that country, the threat intelligence company Anomali said in research published Dec. 5.