SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: Ransomware families LockBit, Maze headline ransomware dominance
Description: Cisco Talos Incident Response (CTIR) observed ransomware dominating the threat landscape over the past quarter, according to a new report. Infections involved a wide variety of malware families including LockBit and Maze, among others. Sixty-six percent of all ransomware attacks this quarter involved the red-teaming framework Cobalt Strike, suggesting that ransomware actors are increasingly relying on the tool as they abandon commodity trojans. CTIR reports a rise in ransomware actors engage in data exfiltration and even observed the new cartel formed by Maze and other ransomware operations in action.
Snort SIDs: 54910 - 54917 (Protect against the LockBit ransomware)
Title: Emotet starts using new Word lure document
Description: The Emotet botnet continues to evolve, and now uses a Microsoft Word template to spread its malware. Known as "Red Dawn," the new infection method involves the user downloading a Word file, and then the file prompts them to enable macros to read the document. If enabled, the macros then download Emotet onto the victim's machine. Emotet spam emails try to entice users with information on COVID-19, financial documents or package tracking.
Snort SIDs: 54900, 54901