Author: Admin

What is REvil? REvil is an ambitious criminal ransomware-as-a-service (RAAS) enterprise that first came to prominence in April 2019, following the demise of another ransomware gang GandCrab. The REvil group is also known sometimes by other names such as Sodin and Sodinokibi. There’s been plenty of ransomware before. What makes REvil so special? REvil has gained a reputation for attempting to extort far larger payments from its corporate victims than that typically seen in other…

By Andrew Loschmann, Chief Operating Officer, Field Effect Advancing your cyber security capabilities as you scale is an obvious need. But if you’re resourced like many infosec departments, either very lean or running solo, it’s always easier said than done. And as the pandemic throws more on your plate — there are often big expectations to meet, yet skilled talent and budget may be lacking. If you’re feeling like you’re wearing multiple hats, rushing from one emergency to the next, or…

The US Department of Justice has reportedly launched a new ransomware task force, after an infamous threat group claimed to have stolen Apple trade secrets via a supplier. The REvil (Sodinokibi) group is reported to have posted a blog to its dark web-hosted naming and shaming site in which it claims to have compromised the network of Taiwanese supplier Quanta Computer. As the firm refused to pay the $50 million ransom, REvil is now putting the…

A threat prevention firm is claiming to have access to 1.3 million breached RDP servers and their credentials, which were put up for sale on a popular dark web site. New York-headquartered Advanced Intelligence is offering a new free service enabling concerned organizations to check if their RDP servers were part of the trove. Ultimate Anonymity Services (UAS) has been running for around five years on the dark web, specializing in providing access to RDP…

Security researchers have discovered that a persistent cryptocurrency mining botnet is exploiting still-unpatched Microsoft Exchange servers to grow globally. Dubbed “Prometei,” the botnet was first reported on in July 2020 and is thought to have been around since 2016, according to Cybereason Nocturnus. However, the research team found a new development in that the threat actors behind it have been exploiting Microsoft Exchange vulnerabilities CVE-2021-27065 and CVE-2021-26858 to penetrate victim networks, steal credentials and install…

In the previous blog post about multi-cloud we talked about multi-cloud and what the impact it has to the I&O organization. And for most I&O organizations it is a journey to move from traditional IT management to a cloud operating model for multiple clouds. In this blog post we will look into the evolution of cloud over time. We’ll dive into the two evolutionary steps that most enterprises go through in their cloud journey. Cloud…