REvil is back – the group behind the Kaseya ransomware attack resurfaced. Their website went dark on July 13.. and researchers are now confirming their blog and infrastructure are back online. Accounts by BlackFrog indicate the group was responsible for more than 23% of the attacks they tracked in August.
Crowdstrike released a report Wednesday which gives direction on how the threat actors are operating, shifting more from state sponsored attacks to local cybercrime. From CyberScoop: From July 2020 to June of this year, Russian state-backed hacking outfits accounted for only a tiny sliver of nation-sponsored attacks aimed at commercial enterprises detected by the cyber firm’s threat hunting service, at 1% compared to China’s 69%. The Russian based hacking group Wizard Spider, meanwhile, was responsible for double the number of detected attempted intrusions of any other gang during the same period. The company noted state-sponsored attacks have shifted from commercial organizations to geopolitical targets.
The FBI is also noting a large increase in sextortion attacks, which are threats to publish sexual images unless victims paid a fee. The Federal Trade Commission, meanwhile, is seeking a its first ban on “stalker ware” filing a complaint against SpyFone, which is an app marketed to monitor loved one’s internet activity. The company is accused of selling real-time access to illegally harvested data, and failing to enact basic security measures to safeguard the data it collects.
Specific vulnerabilities to focus on – Microsoft has issued a warning about malicious Office files, a 100 percent reliable zero day. The company advises disabling ActiveX controls in Internet Explorer to render it inactive and has issued guidance on how to do so.
Survey data from HP Wolf Security — 91% of those surveyed said that they have felt “pressured” to compromise security due to the need for business continuity during the COVID-19 pandemic. 76% of respondents said that security had taken a backseat, and furthermore, 83% believe that working from home has created a “ticking time bomb” for corporate security incidents.
A key quote from Microsoft President Brad Smith from his new book: “It’s impossible to avoid the grave conclusion that the sharing of cybersecurity threat intelligence today is even more challenged than it was for terrorist threats before 9/11”
The opponent – or the competition, as we should be redefining them – is adapting and changing. They are both ramping up further based on continued success and refining their targets.
I wish I had new advice here – it’s the framing right now I focus on. Thinking about that HP Wolf data… if this was viewed in a competitive lens rather than a cost management one, would the same choices have been made? Or can they be reexamined now? And is that the opportunity? Would love to hear from you, listener.

