Today's Monthly Member Threat Briefing at 12pm ET will include speakers from the Health-ISAC Security Operations Center, Pfizer Inc. and our intelligence partners: AdvIntel, Splunk, and @Venable. Members can find the link in your Member list server. h-isac.org/hisacevents/h-…

The Week in Ransomware - September 30th 2022 - Emerging from the Shadows - Lawrence Abrams
bleepingcomputer.com/news/security/…

New post: Social Engineering is the news after the Uber attack. The main key to face SE is awareness, but we repeatedly fail to create an effective awareness campaign. I wrote a blog about my approach to awareness - Social Engineering is a 'Why' question.
ohadzaidenberg.com/post/effective…

🔥Breaking Blog: AdvIntel's State of #Emotet aka ' #SpmTools ' Displays Over Million 🌎Compromised Machines Through 2⃣0⃣2⃣2⃣
Insight:

*⃣Emotet infection chain is currently attributed to #Quantum & #BlackCat ransomware chains.

advintel.io/post/advintel-…

Insight:⚡️ #Emotet loader-as-a-service infection metrics globally for 2022 of ~1,300,000 unique bot_ids / top targeted infected by loader (including honeypot activity). Still alive but on a general decline.

The public report is incoming.

The Conti #ransomware brand is dead, but members simply evolved, per usual. The BEST resource I've found RE: Conti's recent changes and where they all went is @advintel's article by Vitali Kremez, Vulnerability, and Marley Smith. Check it out!
for528.com/conti-advintel

⚡️2022 Trend: Call-back phishing campaigns aka 'BazarCall' are the de-facto top method of getting a backdoor on the protected corporate networks.

1⃣Ransomware and extortionists want to talk to the corporate employees over ☎️.
2⃣Targets are just larger & phishing is more complex

“BazarCall” style attack, or call back phishing, is an attack vector that utilizes targeted phishing methodology and that first emerged in 2020/2021 as a tool of Ryuk (later rebranded Conti). advintel.io/post/bazarcall… AdvIntel #letsbecarefuloutthere

This week's trend is social engineering, again, after publishing the great reports by AdvIntel and Cisco Talos Intelligence Group. SE was and will be the primary vector we'll see, simply because it works. Humans execute cyberattacks, the technology is only a tool.

#BazarCall attacks have revolutionized #ransomware operations
securityaffairs.co/wordpress/1343…
#securityaffairs #hacking
AdvIntel Vulnerability Vitali Kremez

⚡️“BazarCall” Advisory: Essential Guide to Attack Vector that Revolutionized Data Breaches

advintel.io/post/bazarcall…

⚡️Published ' #BazarCall Advisory: Essential Guide to Attack Vector that Revolutionized Data Breaches'

📌Post- #Conti targeted phishing tactics derived from the call back phishing method for #ransomware & exfil

1⃣Silent Ransom
2⃣Quantum
3⃣Roy/Zeon

👇
advintel.io/post/bazarcall…

🎁Gift for the community: Post- #Conti #ransomware operation mindmap world. Enjoy!

Message from the Vitali Kremez, CEO: AdvIntel 2022 at #blackhat2022 advintel.io/post/message-f… #CyberSecurity #CyberCrime #DEFCON #DEFCON 30

Message from CEO: It’s been a groundbreaking year for AdvIntel as a company: And as the threat landscape has continually grown more multi-layered, adaptive, and diverse in nature, so too have our collections.

See you in Las Vegas 2022!

advintel.io/post/message-f…

🔥Breaking Blog: Anatomy of Attack: Truth Behind the Costa Rica Government [ #Conti ] #Ransomware 5-Day Intrusion

➡️From initial access to ransomware deployment --> more than 10+ #CobaltStrike sessions with #AteraRMM deployed part of intrusion w/ Rclone

advintel.io/post/anatomy-o…

July's Newsletter features:
Health-ISAC's 2022 EU Summit in Algarve, Portugal; New TOC staff; #CyberRiskManagement Pledge; Information Protection Working Group; Webinar by Ciphertrace, a Mastercard company; Webinars by AdvIntel; Zimperium. Events: American Hospital Association
h-isac.org/july-2022/ #healthit

advintel.io/post/blackcat-…

The ransomware soap opera continues, as the Conti group drops the brand name, having already rebranded, while using its attack on Costa Rica (which it never expected to pay) as smokescreen, AdvIntel
researchers report
bit.ly/3Np0sE7

📚'Breaking Blog: 🐍Hydra with Three Heads: #BlackByte & The Future of #Ransomware Subsidiary Groups'
#DFIR Case Study ⤵️
San Francisco 49ers Intrusion | Adversarial Insight from Cobalt Strike -> BlackByte Story
advintel.io/post/hydra-wit…