{ "id": "e08612d7-7d51-4e3d-9e87-d5e38452ec4a", "created_at": "2026-04-06T00:08:06.976579Z", "updated_at": "2026-04-10T03:34:44.511405Z", "deleted_at": null, "sha1_hash": "bc8c5c3d6d9703e1134e79bbfbdc4aaa0cbf30e6", "title": "Cybereason Blog | Cybersecurity News and Analysis", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 99941390, "plain_text": "Cybereason Blog | Cybersecurity News and Analysis\r\nBy Cybereason\r\nArchived: 2026-04-05 14:51:22 UTC\r\nHome\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 1 of 106\n\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 2 of 106\n\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 3 of 106\n\nTycoon 2FA Phishing Kit Analysis\r\nIn this Threat Alert, Cybereason analyzes Tycoon 2FA phishing kit, a sophisticated phishing-as-a-service platform\r\ndesigned to bypass two-factor authentication.\r\nNovember 3, 2025 / 7 minute read\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 4 of 106\n\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 5 of 106\n\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 6 of 106\n\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 7 of 106\n\nDeploying NetSupport RAT via WordPress \u0026 ClickFix\r\nIn this Threat Alert, Cybereason analyzes malicious WordPress websites and the methods and tools used by threat\r\nactors to deploy the NetSupport Remote Access Tool (RAT) payload.\r\nJuly 7, 2025 / 5 minute read\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 8 of 106\n\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 9 of 106\n\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 10 of 106\n\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 11 of 106\n\nThe Curious Case of PlayBoy Locker\r\nIn this Threat Analysis report, Cybereason investigates the PlayBoy Locker, the new Ransomware-as-a-Service,\r\nand how to defend against it.\r\nMarch 25, 2025 / 5 minute read\r\nAre you keeping pace with Cyber Security AI innovation?\r\nAI is changing the landscape of detection methodology. In order to stay ahead of adversaries, Greg Day breaks\r\ndown how cybersecurity vendors need leverage AI within their threat detection, prevention \u0026 response.\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 12 of 106\n\nMarch 17, 2025 / 5 minute read\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 13 of 106\n\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 14 of 106\n\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 15 of 106\n\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 16 of 106\n\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 17 of 106\n\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 18 of 106\n\n2025 Predictions by Greg Day\r\nAt pace, gather enough evidence to understand what was occurring, the first goal being to contain the threat and\r\nminimize its impact on the business.\r\nDecember 11, 2024 / 3 minute read\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 19 of 106\n\nInsourcing versus Outsourcing\r\nwhat should your own cybersecurity staff do in-house and what should be taken as an outcome based service?\r\nNovember 8, 2024 / 5 minute read\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 20 of 106\n\nMalicious Life Podcast: Operation Snow White, Part 2\r\nScientology spies were trained in all covert operations techniques: surveillance, recruiting agents, infiltrating\r\nenemy lines, and blackmail. However, a suspicious librarian and a determined FBI agent brought the largest single\r\nspy operation in US government history to an end.\r\nOctober 23, 2024 /\r\nTHREAT ANALYSIS: Beast Ransomware\r\nIn this Threat Analysis report, Cybereason investigates the Ransomware-as-a-Service (RaaS) known as Beast and\r\nhow to defend against it through the Cybereason Defense Platform.\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 21 of 106\n\nOctober 18, 2024 / 5 minute read\r\nCUCKOO SPEAR Part 2: Threat Actor Arsenal\r\nIn this report, Cybereason confirms the ties between Cuckoo Spear and APT10 Intrusion Set by tying multiple\r\nincidents together and disclosing new information about this group’s new arsenal and techniques.\r\nOctober 4, 2024 / 13 minute read\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 22 of 106\n\nMalicious Life Podcast: Operation Snow White, Part 1\r\nIn 1963, the FDA raided the headquarters of a budding new and esoteric religion - The Church of Scientology. In\r\nresponse to this and similar incidents to come, the church's founder - an eccentric science fiction author named L.\r\nRon Hubbard - would go on to lead the single largest known government infiltration operation in United States\r\nhistory.\r\nOctober 1, 2024 /\r\nThe Great Debate: On-Premise vs. Cloud based EDR\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 23 of 106\n\nShould businesses prioritize cloud-based or on-premise cybersecurity solutions, or are CIOs being influenced by a\r\nvariety of strategic factors and opting for a hybrid approach?\r\nSeptember 18, 2024 / 7 minute read\r\nMalicious Life Podcast: Infighting and Treason in Russia’s Cyber World\r\nOn Dec. 5, 2016, two senior Russian Intelligence officers and two civilians were arrested and accused of treason.\r\nA few weeks later, when Western journalists were finally able to speak with the men’s lawyers, they learned that\r\nthe case was based on events that were, oddly enough, already widely known. This made the arrests even more\r\npeculiar.\r\nSeptember 17, 2024 /\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 24 of 106\n\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 25 of 106\n\nMalicious Life Podcast: SNAP Fraud: Getting Rich by Stealing from the Poor\r\nSNAP - better known as food stamps - goes back to the Great Depression. The physical stamps were replaced with\r\nEBT cards in the 1990s, but since these cards are without the secure EMV chip technology, enterprising criminals\r\nfound innovative ways to drain funds meant for low-income families.\r\nSeptember 5, 2024 /\r\nMalicious Life Podcast: The Hollywood Con Queen, Part 2\r\nNicole Kotsianas, an investigator with K2 Intelligence, made it her personal mission to hunt down the Hollywood\r\nCon Queen, who cruelly tormented her victims and shattered their dreams. Nicole's efforts bore unexpected fruits,\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 26 of 106\n\nwhen she discovered that the Con Queen was actually… a man.\r\nAugust 27, 2024 /\r\nMalicious Life Podcast: The Hollywood Con Queen, Part 1\r\nIn 2015, two aspiring script writers flew to Indonesia to meet with executives of a large Chinese film corporation.\r\nIt was a trap: the Hollywood Con Queen not only coned them out of tens of thousands of dollars, she also cruelly\r\nruined their friendship. Two years later, a corporate investigator working for a big shot Hollywood producer, made\r\na discovery that put her on the trail of this master of deceit.\r\nAugust 14, 2024 /\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 27 of 106\n\nCapability vs. Usability\r\nSome CISOs I know work on a premise that for every one new technology deployed, two should be removed. I\r\nwonder if we tried to apply a similar principle to the operational aspects of cybersecurity, how far we could\r\nprogress.\r\nAugust 1, 2024 / 5 minute read\r\nMalicious Life Podcast: The Doomed Queen’s Secret Ciphers\r\nDiscover how George Lasry, a modern codebreaker, uncovered the secrets of Mary, Queen of Scots, hidden in the\r\nFrench National Library for over 400 years. This episode delves into the painstaking process and the historical\r\nimpact of decoding these ancient messages, revealing the hidden motives and desperate actions of a doomed\r\nqueen.\r\nJuly 31, 2024 /\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 28 of 106\n\nMalicious Life Podcast: Why Did People Write Viruses In The 80s \u0026 90s?\r\nWhy did people write malware in the pre-internet days? Back then, there was no way to make money by writing\r\nmalware. So why write them in the first place? The lack of a financial motivation meant that virus authors had a\r\nplethora of other motives - and this diverse mix of motives had, as we shall hear, an interesting effect on the\r\ndesign and style of viruses created at that period.\r\nJuly 15, 2024 /\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 29 of 106\n\nHardening of HardBit\r\nIn this Threat Analysis report, Cybereason Security Services investigates HardBit Ransomware version 4.0, a new\r\nversion observed in the wild.\r\nJuly 10, 2024 / 14 minute read\r\nMalicious Life Podcast: Section 230: The Law that Makes Social Media Great, and Terrible\r\nSection 230 is the pivotal law that has enabled the rise of social media -while sparking heated debates over its\r\nimplications. In this episode, we're charting the history of Section 230, from early landmark legal battles, to\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 30 of 106\n\nmodern controversies, and exploring its complexities and the proposed changes that could redefine online speech\r\nand platform responsibility.\r\nJune 26, 2024 /\r\nI am Goot (Loader)\r\nIn this Threat Analysis report, Cybereason Security Services investigate the rising activity of the malware\r\nGootLoader. GootLoader is a malware loader known to abuse JavaScript to download post-exploitation\r\nmalware/tools and persist within the infected machine.\r\nJune 25, 2024 / 11 minute read\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 31 of 106\n\nMalicious Life Podcast: What Happened at Uber?\r\nIn 2016, Joe Sullivan, former CISO of Facebook, was at the peak of his career. As Uber's new CISO, he and his\r\nteam had just successfully prevented data from a recent breach from leaking to the internet. But less than a year\r\nlater, Sullivan was unexpectedly fired from Uber, and three years later, the US Department of Justice announced\r\ncriminal charges against him. So, what happened at Uber?\r\nJune 11, 2024 /\r\nMalicious Life Podcast: The Nigerian Prince\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 32 of 106\n\nIn this episode of ML, we're exploring the history of the well-known Nigerian Prince scam, also known as 419 or\r\nadvanced fee scam, from its roots in a Parisian prison during the French Revolution, to the economic and social\r\nreason why this particular scam became so popular with African youth. Also, will AI make such scams more\r\ndangerous - or, counter intuitively, go against the interests of scammers?\r\nMay 28, 2024 /\r\nMalicious Life Podcast: Unmasking Secrets: The Rise of Open-Source Intelligence\r\nDive into the world of open-source intelligence (OSINT) in this episode, where we uncover how ordinary citizens\r\nuse publicly available data to unravel some of the most complex global mysteries. From tracking conflicts in real-time to exposing the truth behind high-profile incidents like the downing of Malaysia Airlines flight MH17,\r\ndiscover how OSINT is revolutionizing the field of investigative journalism and transforming how we perceive\r\nand verify information. \r\nMay 17, 2024 /\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 33 of 106\n\nMalicious Life Podcast: The Source Code of Malicious Life\r\nA few weeks ago we had a listener’s meetup in New York, and as part of that meetup, I gave a talk in which I\r\ndiscussed how Malicious Life came to be - a story that goes back to my days as a ship's captain in the Israeli Navy\r\n- and then about how me and Nate craft the stories that you hear every other week. That last part, I hope, might\r\nalso be beneficial to those of you, our listeners, who find themselves giving talks about technically complex ideas,\r\ncyber-related or not. The storytelling ideas and techniques I laid out in the talk are universal, and you’ll find them\r\nin blockbuster movies as well as podcast episodes. \r\nMay 1, 2024 /\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 34 of 106\n\nMalicious Life Podcast: The Y2K Bug Pt. 2\r\nIn the waning years of the 20th century, amid growing anxieties about the turn of the millennium, one man, Robert\r\nBemer, observed the unfolding drama from his remote home on King Possum Lake. A revered figure in\r\ncomputing, Bemer had early on flagged a significant, looming issue known as the Y2K bug, which threatened to\r\ndisrupt global systems as calendars rolled over to the year 2000. This episode delves into Bemer's life during this\r\ncritical period, exploring his predictions, the ensuing global frenzy to avert disaster, and the disparate views on\r\nwhether the billions spent in prevention were justified or merely a response to a misunderstood threat.\r\nApril 23, 2024 /\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 35 of 106\n\nMalicious Life Podcast: The Y2K Bug Pt. 1\r\nIn the 1950s and 60s - even leading into the 1990s - the cost of storage was so high, that using a 2-digit field for\r\ndates in a software instead of 4-digits could save an organization between $1.2-$2 Million dollars per GB of data.\r\nFrom this perspective, programming computers in the 1950s to record four-digit years would’ve been outright\r\nmalpractice. But 40 years later, this shortcut became a ticking time bomb which one man, computer scientist Bob\r\nBemer, was trying to diffuse before it was too late.\r\nApril 1, 2024 /\r\nThreat Alert: The Anydesk Breach Aftermath\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 36 of 106\n\nAnyDesk, one of the world’s leading providers of Remote Management and Monitoring (RMM) software,\r\nconfirmed they had identified a compromise of production systems.\r\nMarch 22, 2024 / 3 minute read\r\nMalicious Life Podcast: Can You Bomb a Hacker?\r\nThe 2008 Russo-Georgian War marked a turning point: the first time cyberattacks were used alongside traditional\r\nwarfare. But what happens when the attackers aren't soldiers, but ordinary citizens? This episode delves into the\r\nethical and legal implications of civilian participation in cyberwarfare, examining real-world examples from\r\nUkraine and beyond.\r\nMarch 19, 2024 /\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 37 of 106\n\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 38 of 106\n\nMalicious Life Podcast: Kevin Mitnick, Part 2\r\nIn 1991, Kevin Mitnick was bouncing back from what was probably the lowest point of his life. He began to\r\nrebuild his life: he started working out and lost a hundred pounds, and most importantly - he was finally on the\r\npath towards ditching his self-destructive obsession of hacking.\r\nMarch 1, 2024 /\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 39 of 106\n\nAnnouncing Cybereason On-Prem\r\nMany of our customers choose Cybereason On-Prem to simplify their data and critical infrastructure compliance\r\nwith the flexibility to deploy in on-prem server rooms, private data centers or private cloud environments.\r\nFebruary 20, 2024 / 2 minute read\r\nMalicious Life Podcast: Kevin Mitnick, Part 1\r\nFor Kevin Mitnick - perhaps the greatest social engineer who ever lived - hacking was an obsession: even though\r\nit ruined his marriage, landed him in scary correction facilities and almost cost him his sanity in solitary\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 40 of 106\n\nconfinement, Mitnick wasn't able to shake the disease that compelled him to keep breaking into more and more\r\ncommunication systems. \r\nFebruary 19, 2024 /\r\nTHREAT ALERT: Ivanti Connect Secure VPN Zero-Day Exploitation\r\nCybereason issues Threat Alerts to inform customers of emerging impacting threats, including critical\r\nvulnerabilities such as the Ivanti Connect Secure VPN Zero-Day exploitation. Cybereason Threat Alerts\r\nsummarize these threats and provide practical recommendations for protecting against them.\r\nFebruary 6, 2024 / 9 minute read\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 41 of 106\n\nMalicious Life Podcast: SIM Registration: Security, or Surveillance?\r\nRight now, hundreds of thousands of people in the southern African country of Namibia are faced with a choice.\r\nAt the end of next month, their phone service is going to be shut off permanently: to prevent that from happening,\r\nthey’ll have to give up their data privacy. As a result, nearly two million Namibian citizens are facing a data\r\nprivacy problem which may haunt them for years to come - and hundreds of thousands more are set to join them,\r\nor else they’ll lose their phone service for good. All of which raises the question: was making everybody register\r\ntheir SIM cards a good idea in the first place?\r\nFebruary 5, 2024 /\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 42 of 106\n\nTHREAT ALERT: DarkGate Loader\r\nThe execution of DarkGate Loader ultimately leads to execution of post-exploitation tools such as Cobalt Strike\r\nand Meterpreter. This Threat Alert provides an overview of an attack involving DarkGate Loader.\r\nJanuary 29, 2024 / 2 minute read\r\nMalicious Life Podcast: The Mariposa Botnet\r\nIn 2008, The 12 million PCs strong Mariposa Botnet infected almost half of Fortune 100 company - but the three\r\nmen who ran it were basically script kiddies who didn't even knew how to code.\r\nJanuary 22, 2024 /\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 43 of 106\n\nWhat’s on the Smartest Cybersecurity Minds for 2024?\r\nI had the huge privilege of being on the program committee for the RSA Conference 2024, reviewing the always\r\npopular track: Hackers and Threats, which were a great indicator of the challenges we should expect to see in the\r\ncoming year.\r\nJanuary 16, 2024 / 3 minute read\r\nMalicious Life Podcast: The Real Story of Citibank’s $10M Hack\r\nValdimir Levin is often presented as \"the first online bank robber,\" and appeares on many lists of the \"Top 10\r\nGreatest Hackers.\" But a few veteran Russian hackers cliam that Levin's infamous hack had been mangled by the\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 44 of 106\n\njournlists who wrote about it. What's the truth behind the 1994 $10.7 million Citibank hack?…\r\nJanuary 9, 2024 /\r\nMalicious Life Podcast: How to Hack Into Satellites\r\nAbout a year ago, six academics from Ruhr University Bochum and the CISPA  Helmholtz Center for Information\r\nSecurity set out to survey engineers and developers on the subject of satellite cybersecurity. But most of these\r\nengineers were very reluctant to share any details about their satellites and their security aspects. Why were\r\nsatellite engineers so reticent to talk about cybersecurity? What was so secretive, so wrong with it, that they didn’t\r\nfeel they could answer even general questions, anonymously? Because let’s be clear: if there’s something wrong\r\nwith the security of satellites, that’d be a serious problem.\r\nDecember 27, 2023 /\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 45 of 106\n\nTHREAT ALERT: CITRIXBLEED (CVE-2023-4966)\r\nCybereason issues Threat Alerts to inform customers of emerging threats, including critical vulnerabilities such as\r\nCitrixBleed. Cybereason Threat Alerts summarize these threats and provide practical recommendations for\r\nprotecting against them.\r\nDecember 18, 2023 / 3 minute read\r\nMalicious Life Podcast: Moonlight Maze\r\nWhen investigators discovered in 1996 that US military networks were being extensively hacked, they didn't\r\nrealize they were witnessing the birth of what would become Russia's formidable Turla APT espionage group. We\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 46 of 106\n\nuncover the 20-year metamorphosis of this original group of hackers into one of the most sophisticated and\r\ndangerous state-sponsored threats that's still active today.\r\nDecember 11, 2023 /\r\nMalicious Life Podcast: Volt Typhoon\r\nIn August 2021, a port in Houston, Texas, was attacked. Over the following months, a series of attacks occurred in\r\nvarious locations, reminiscent of a serial killer's pattern. Targets included telecommunications companies,\r\ngovernment agencies, power plants, and water treatment facilities. How did Volt Typhoon manage to evade\r\nauthorities and analysts for such an extended period?\r\nNovember 28, 2023 /\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 47 of 106\n\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 48 of 106\n\nTHREAT ALERT: INC Ransomware\r\nCybereason issues Threat Alerts to inform customers of emerging impacting threats, including new ransomware\r\nactors such as the emergent group INC Ransom. Cybereason Threat Alerts summarize these threats and provide\r\npractical recommendations for protecting against them.\r\nNovember 20, 2023 / 3 minute read\r\nMalicious Life Podcast: Is NSO Evil? Part 2\r\nBy the time Forbidden Stories published its “Pegasus Project” in 2021, NSO was already knee deep in what was\r\nprobably the worst PR disaster ever suffered by a cybersecurity company - and then, in November 2021, came the\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 49 of 106\n\nfateful blow: the US Dept. of Commerce added NSO to its “Entity List.” Is NSO to blame for its troubles? Could\r\nthe company have acted differently to prevent its downfall?\r\nNovember 13, 2023 /\r\nMalicious Life Podcast: Is NSO Evil? Part 1\r\nNSO Group, creator of the infamous Pegasus spyware, is widely regarded as a vile, immoral company: a sort of\r\n21st century soldier of fortune, a mercenary in the service of corrupt and evil regimes. Yet among its many clients\r\nare many liberal democracies, including the US, Germany, the Netherlands and Spain, to name but a few. So, is\r\nNSO really as evil as many think it is?\r\nOctober 30, 2023 /\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 50 of 106\n\nEU Network Information Security\r\nIt's not surprising that in the last couple of months the requests of “are you EU Network Information Security\r\nDirective (NISD) v2 compliant?” are starting to come in.  What would seem like a simple GRC yes no question is\r\nin fact complex.\r\nOctober 25, 2023 / 3 minute read\r\n2023 Extended Detection \u0026 Response (XDR) Buyer’s Guide\r\nTo support cyber defenders to achieve tangible business benefits and deliver effective security outcomes,\r\nCybereason has developed a comprehensive Extended Detection \u0026 Response (XDR) Buyer’s Guide.\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 51 of 106\n\nOctober 24, 2023 / 1 minute read\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 52 of 106\n\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 53 of 106\n\nMalicious Life Podcast: Operation Kudo\r\nIn 1981, during the G7 Summit in Quebec, French president Francois Mitterand handed President Raegan a top\r\nsecret collection of documents, called Farewell Dossier. The information found in the dossier allowed the US to\r\ndevise a cunning plan - the very first supply chain attack, if you will - to bring a firey end to one of largest\r\nindustrial espionage campaigns in history.\r\nSeptember 20, 2023 /\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 54 of 106\n\nThe Cybersecurity Capability the Industry Nearly Forgot\r\nHow do we secure the Private Infrastructure Protection (PIP) space? By providing virtualized containers, allowing\r\ncustomers to re-use their own hardware and making it easier to add in new capabilities as the cyber security world\r\nevolves.\r\nSeptember 13, 2023 / 4 minute read\r\nMalicious Life Podcast: Can We Stop the AI Cyber Threat?\r\nMuch of the cybersecurity software in use today utilizes AI, especially things like spam filters and network traffic\r\nmonitors. But will all those tools be enough to stop the proliferation of malware that will come from generative\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 55 of 106\n\nAI-driven cyber attacks? The potential of AI to disrupt cyberspace is far greater than any solutions we’ve come up\r\nwith thus far, which is why some researchers are looking beyond the traditional answers, towards more aggressive\r\nmeasures.\r\nSeptember 4, 2023 /\r\nMalicious Life Podcast: Is Generative AI Dangerous?\r\nEvery so often, the entire landscape of cybersecurity shifts, all at once: The latest seismic shift in the field\r\noccurred just last year. So in this episode of Malicious Life we’re going to take a look into the future of\r\ncybersecurity: at how generative AI like ChatGPT will change cyberspace, through the eyes of five research teams\r\nbreaking ground in the field. We’ll start off simple, and gradually build to increasingly more complex, more\r\nfuturistic examples of how this technology might well turn against us, forcing us to solve problems we’d never\r\nconsidered before. – check it out...\r\nAugust 22, 2023 /\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 56 of 106\n\nTHREAT ANALYSIS: Assemble LockBit 3.0\r\nLockBit 2.0 ransomware attackers are constantly evolving and making detection, investigation, and prevention\r\nmore complex by disabling EDR and other security products and deleting the evidence to stifle forensics\r\nattempts...\r\nAugust 21, 2023 / 4 minute read\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 57 of 106\n\nMalicious Life Podcast: Why aren't there more bug bounty programs?\r\nOn the face of it, there's an obvious economic incentive for both vendors and security researchers to collaborate on\r\ndisclosing vulnerabilities safely and privately. Yet bug bounty programs have gained prominence only in the past\r\ndecade or so, and even today only a relatively small portion of vendors have such programs at place. Why is that?\r\n– check it out...\r\nAugust 8, 2023 /\r\nMalicious Life Podcast: The Voynich Manuscript\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 58 of 106\n\nThe constant battle between those who wish to encrypt data and those who wish to break these ciphers has made\r\nmodern encryption schemes extremely powerful. Subsequently, the tools and methods to break them became\r\nequivalently sophisticated. Yet, could it be that someone in the 15th century created a cipher that even today’s\r\nmost brilliant codebreakers and most sophisticated and advanced tools - cannot break?...\r\nJuly 25, 2023 /\r\nMalicious Life Podcast: Roman Seleznev: Did the Punishment Fit the Crime?\r\nIn 2019, Roman Seleznev, a 34 years-old Russian national, was sentenced to 27 years in prison: A sentence that’d\r\nmake any criminal quiver. Seleznev's deeds had a horrendous effect on the 2.9 million individuals whose credit\r\ncards he stole and sold to cyber criminals for identity theft and financial crimes. On one hand, it’s hard to imagine\r\nany nonviolent computer crime worth 27 years in prison. But then what is an appropriate sentence for such a man\r\nas Seleznev? – check it out...\r\nJuly 10, 2023 /\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 59 of 106\n\nCybereason's New Unified MalOp Dashboard\r\nTo help SOC teams stay ahead of the curve, Cybereason introduced a unified dashboard designed to provide\r\nadditional insights into emerging threats, operational metrics and provide insights to continuously improve SOC\r\nprocesses and procedures.\r\nJuly 7, 2023 / 2 minute read\r\nMalicious Life Podcast: Sony BMG's Rootkit Fiasco\r\n\"We made a mistake and Sony paid a terrible price.” A terrible price indeed: an arrogant and ill-advised decision to\r\ninclude a rootkit in its music CDs cost Sony BMG a lot of money - and painted it as a self-centered, self-serving\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 60 of 106\n\ncompany that cares more about its bottom line than its customers. Why did Sony BMG make such a poor\r\ndecision? – check it out...\r\nJune 27, 2023 /\r\nMalicious Life Podcast: Ad Fraud, Part 2\r\n\"What makes ad fraud so successful, and so prevalent, and why can’t we stop it? The answer isn’t technical at all.\r\nIt’s not hard to understand. But it’s a harsh reality that many people are simply not willing to face. – check it out...\r\nJune 9, 2023 /\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 61 of 106\n\nMalicious Life Podcast: Ad Fraud, Part 1\r\nRight now, a man named Aleksandr Zhukov is sitting in jail for one of the most financially ruinous schemes ever\r\ninvented for the internet. Zhukov is guilty. He was caught and convicted under a mountain of evidence against\r\nhim. Except the deeper you look into it, the deeper the well goes. In this episode, we’ll learn how Aleksandr\r\nZhukov defrauded some of the biggest American corporations for millions of dollars. And we’ll ask the question\r\nthat hardly anyone else is willing to acknowledge: Was this clever, successful, guilty cybercriminal merely a fall\r\nguy for everybody else playing his twisted game?. – check it out...\r\nMay 30, 2023 /\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 62 of 106\n\nMalicious Life Podcast: The Economics Of Cybersecurity\r\nThe numbers can’t be any clearer: a DDoS attack costs less than a hundred dollars, while the price tag for\r\nmitigating it might reach tens if not hundreds of thousands of dollars. A single well crafted phishing email can\r\neasily circumvent cyber defenses which cost millions of dollars to set up. How can we change the extreame cost\r\nasymmetry between attackers and defenders in cyberspace?. – check it out...\r\nMay 15, 2023 /\r\nMalicious Life Podcast: The Reason You Don’t Have Data Privacy\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 63 of 106\n\nWe’ve all experienced the creepiness of modern data trafficking, but that kind of daily annoyance is the surface of\r\na much bigger issue: Big Tech companies such as Amazon \u0026 Microsoft are lobbying policymakers to veto laws\r\nthat harm their business, and often hide their lobbying behind industry coalitions or organizations with names that\r\nare vague and seemingly harmless. Will current and future privacy laws actually protect your information, or will\r\nthey protect the companies collecting your information? – check it out...\r\nMay 1, 2023 /\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 64 of 106\n\nMalicious Life Podcast: How Entire Countries Can Lose the Internet\r\nDisruptions to the world’s internet cables happen more often than you think: Whether it be ship anchors or animals\r\nor saboteurs, cut a few wires in the right places and at nearly the speed of light you can disrupt or shut off the\r\ninternet for broad populations of people at a time. It is an immense power that runs through these lines -- a power\r\nthat can be sabotaged or, in the right hands, weaponized. – check it out...\r\nApril 17, 2023 /\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 65 of 106\n\nMalicious Life Podcast: Olympic Destroyer\r\nIn the midst of 35,000 exhilarated spectators eagerly chanting the time-honored countdown to kick off the 2018\r\nPyeongchang Winter Olympics, a sinister malware crept through the games' network, threatening to disrupt the\r\nhighly-anticipated event. The obvious question in everyone’s minds was - who was responsible for the attack?\r\nWho was vile enough to launch such a potentially destructive attack against an event which, more than anything,\r\nsymbolizes peace and global cooperation? – check it out...\r\nApril 3, 2023 /\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 66 of 106\n\nMalicious Life Podcast: The Lawerence Berkeley Hack, Part 2\r\nOn May 23rd, 1989, Karl Koch - a 23 years old West German hacker who worked for the KGB - took a drive,\r\nfrom which he would never return: Nine days later his charred remains were found by the police in a remote\r\nforest. Was Koch assasinated by the US or the Sovient Union, or is there another, more 'mystical' explanation for\r\nhis death? – check it out...\r\nMarch 20, 2023 /\r\n5 Steps to More Effective Ransomware Response\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 67 of 106\n\nInvesting in technology can give companies a false sense of security when it comes to ransomware. Here are 5\r\nsteps to more effective ransomware response.\r\nMarch 15, 2023 / 3 minute read\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 68 of 106\n\nMalicious Life Podcast: The Lawerence Berkeley Hack, Part 1\r\nFour decades ago, three quarters would’ve gone a lot further than they do today. With that kind of loose change\r\nyou could’ve picked up some milk from the grocery store, or over half a gallon of gas, or a bus ticket. But that\r\ndoesn’t explain why, on one fateful day in 1986, a systems administrator at the Lawrence Berkeley National\r\nLaboratory in California made such an issue over 75 missing cents. – check it out...\r\nMarch 8, 2023 /\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 69 of 106\n\nMalicious Life Podcast: Russian Propaganda, Explained [ML B-Side]\r\nIn this B-Side episode, our Senior Producer Nate Nelson interviewed Dr. Bilyana Lilly - CISSP, a leader in\r\ncybersecurity and information warfare with over fifteen years of managerial, technical, and research experience,\r\nand author of \"Russian Information Warfare\" - about the Russian use of instant messaging and social media\r\nplatforms such as Telegram and Twitter in their war efforts. Dr. Lilly discusses who they are targeting and the real-world impact their propaganda has on various populations. – check it out...\r\nFebruary 28, 2023 /\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 70 of 106\n\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 71 of 106\n\nMalicious Life Podcast: Operation Ivy Bells\r\nIn the early 1970's, US intelligence pointed at the possibility that the Russians have laid an underwater\r\ncommunication cable between two important naval bases in the Far East. The dangerous mission of installing a\r\nlistening device on that cable was given to the navy most secretive and unusual submarine. – check it out...\r\nFebruary 20, 2023 /\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 72 of 106\n\nRansomware Shifting to the Cloud\r\nWe are already seeing ransomware that scans for cloud-based collaboration points. And while you may think the\r\nrisks are the same, that's not the case.\r\nFebruary 14, 2023 / 4 minute read\r\nMalicious Life Podcast: Why Do NFTs Disappear? [ML BSide]\r\nWhat happens when an NFT marketplace goes under, and disappears? You would imagine that the users’ NFTs are\r\nperfectly safe: after all, the blockchain itself is still there, right? But that’s not how things work in the real world. \r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 73 of 106\n\nFebruary 13, 2023 /\r\nMalicious Life Podcast: The (Other) Problem with NFTs\r\nFinancial markets make good targets for criminals - after all, that's where the big money is. Surprisingly, many of\r\nthese criminals are not your run-of-the-mill black hat hacker, but brokers registered with the SEC: genuine finance\r\nindustry professionals – check it out...\r\nFebruary 6, 2023 /\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 74 of 106\n\nYou Should Be Afraid of SIM Swaps\r\nIf SIM swap stories ever make the news, almost uniformly, they focus on people who lost a lot of money. But SIM\r\nswaps also take a psychological toll...\r\nJanuary 31, 2023 /\r\nFBI vs. REvil [ML BSide]\r\nNate Nelson speaks with Rich Murray, who leads the FBI’s North Texas Cyber unit, about how the Federal Bureau\r\nof Investigations dealt with dealt with another attack by REvil\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 75 of 106\n\nJanuary 24, 2023 /\r\nCyberbunker, Part 2\r\nSpamhaus's decision to add Cyberbunker to its list of Spam sources led the Stophaus coalition to initiate a DDoS\r\nattack later dubbed “The attack that almost broke the Internet.”\r\nJanuary 20, 2023 /\r\n7 Requirements for a Successful XDR Strategy\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 76 of 106\n\nIf you’re a security practitioner wondering where to start your XDR journey, here’s a look at the fundamental\r\nbuilding blocks of a successful XDR strategy.\r\nJanuary 19, 2023 / 3 minute read\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 77 of 106\n\nCyberbunker, Part 1\r\nSven Kamphuis and Herman Johan Xennt are quite dissimilar... and in 1996, their unlikely partnership coalesced\r\naround a mutual deep hatred towards authority...\r\nJanuary 11, 2023 /\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 78 of 106\n\nHow Netflix Learned Cloud Security [ML B-Side]\r\n2011 was a pivotal year for Netflix: the now hugely successful company was then in the midst of a formidable\r\ntransformation, changing from a mail-based DVD rental service to the modern streaming service that it is today\r\nJanuary 3, 2023 /\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 79 of 106\n\nRoyal Rumble: Analysis of Royal Ransomware\r\nRoyal ransomware has become one of the most prolific ransomware groups in 2022. Read our threat analysis to\r\nlearn how Royal ransomware operations work, how they evade anti-ransomware defenses, and how you can\r\noutsmart them.\r\nDecember 14, 2022 / 7 minute read\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 80 of 106\n\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 81 of 106\n\nThe Problem With Kernel-Mode Anti-Cheat Software [ML B-Side]\r\nNobody likes cheaters, especially in video games. That's why EA and other publishers are implementing kernel-mode anti-cheat software in their games. Yet some people warn that installing such kernel-level systems is\r\nextremely dangerous. In this episode of Malicious Life, we examine why.\r\nDecember 8, 2022 /\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 82 of 106\n\nThreat Analysis: MSI - Masquerading as a Software Installer\r\nLearn how threat actors are embedding malicious binaries and scripts in legitimate Microsoft Windows\r\nInstallation (.msi) files to take over machines they're targeting with elevated privileges. Find out how to detect this\r\nsophisticated attack technique.\r\nDecember 5, 2022 / 16 minute read\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 83 of 106\n\nFBI, CISA Issue Warning on Cuba Ransomware\r\nThe FBI and CISA issued a joint advisory on Cuba ransomware actors. The advisory is the latest in the\r\ngovernment’s #StopRansomware campaign.\r\nDecember 2, 2022 / 2 minute read\r\nNine Cybersecurity Predictions for 2023\r\nCybereason VP and EMEA Field CISO Greg Day anticipates 2023 will bring more cloud credential attacks,\r\nincreased use of deepfakes in blended attacks, attacks between smart devices, and more.\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 84 of 106\n\nDecember 1, 2022 / 3 minute read\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 85 of 106\n\nThe Russian Business Network\r\nFind out how the Russian Business Network, a once legitimate ISP, became the largest player in the Russian\r\ncybercrime world and a key component of Putin's attacks on democracy and misinformation campaigns in this\r\nepisode of the Malicious Life podcast.\r\nNovember 25, 2022 /\r\nWhat Can Chess Grandmasters Teach Us About Cyber\r\nFind out what cybersecurity professionals can learn from MMA wrestlers and Chess Grand Champions about peak\r\nperformance in this episode of Malicious Life, featuring Chris Cochran and Ron Eddings, the co-founders of\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 86 of 106\n\nHacker Valley Media.\r\nNovember 24, 2022 /\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 87 of 106\n\nMalicious Life Podcast: LabMD vs. The FTC\r\nOne day in 2008, Michael Daugherty got a call from cybersecurity company TiVera, saying private medical data\r\nof some 9000 LabMD patients had been discovered online. When Michael refused to pay for TiVersa's hefty\r\n\"consultation fee\", a ten-year legal battle began that led to the demise of LabMD, but also cost the FTC dearly.\r\nNovember 18, 2022 /\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 88 of 106\n\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 89 of 106\n\nTHREAT ANALYSIS REPORT: DLL Side-Loading Widely (Ab)Used\r\nThis Threat Analysis Report explores widely used DLL Side-Loading attack techniques, outlines how threat actors\r\nleverage these techniques, describes how to reproduce an attack, and reports on how defenders can detect and\r\nprevent these attacks...\r\nOctober 26, 2022 / 13 minute read\r\nOperationalizing MITRE ATT\u0026CK: A New Wave is Here\r\nThe Tidal Platform makes it efficient to research adversary techniques using MITRE ATT\u0026CK, and now\r\nCybereason has joined the Tidal Product Registry to deliver a visual view of our out-of-the-box detection\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 90 of 106\n\ncapabilities...\r\nOctober 19, 2022 / 2 minute read\r\nMalicious Life Podcast: Hacking Stock Markets Part 2\r\nFinancial markets make good targets for criminals - after all, that's where the big money is. Surprisingly, many of\r\nthese criminals are not your run-of-the-mill black hat hacker, but brokers registered with the SEC: genuine finance\r\nindustry professionals – check it out...\r\nOctober 18, 2022 /\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 91 of 106\n\nIndicators of Behavior and the Diminishing Value of IOCs\r\nIOBs describe the subtle chains of malicious activity derived from correlating enriched telemetry from across all\r\nnetwork assets - but unlike backward-looking IOCs, IOBs offer a proactive means to leverage real-time telemetry\r\nto identify attack activity earlier, and they offer more longevity value than IOCs...\r\nOctober 12, 2022 / 4 minute read\r\nWhy NGAV Displaced Traditional Antivirus Tools\r\nNGAV can work to prevent the early stages of a ransomware attack that precede the delivery of the ransomware\r\npayload, and offers further protection by also assuring that payload is not detonated on the target machine in the\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 92 of 106\n\ncase where the first stages of the attack were not detected...\r\nOctober 11, 2022 / 4 minute read\r\nMalicious Life Podcast: Vishing Voice Scams\r\nRachel Tobac is a hacker and CEO of SocialProof Security, where she helps people and companies keep their data\r\nsafe by training and pentesting them on social engineering threats like Vishing and the many psychological tricks\r\nattackers employ to hack people – check it out...\r\nOctober 11, 2022 /\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 93 of 106\n\nCybersecurity Accountability Regulation? Your Opinion Matters…\r\nCISOs and CSOs are already on the hook and are the first ones to take the fall for breaches regardless of whether\r\nthey fought for additional investments in people, processes, and technology. But what about accountability for the\r\nC-Suite and BOD?\r\nOctober 6, 2022 / 1 minute read\r\nContainer Escape: All You Need is Cap (Capabilities)\r\nContainer Escape is considered the 'Holy Grail' of the container attack world - it allows an attacker to escape from\r\na container to the underlying host, and by doing so the attacker can move laterally to other containers from the\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 94 of 106\n\nhost or perform actions on the host itself...\r\nOctober 5, 2022 / 9 minute read\r\nLeveraging Indicators of Behavior for Early Detection\r\nThe key to early detection of advanced operations such as the SolarWinds attacks is in leveraging Indicators of\r\nBehavior (IOBs) to level-up to a more efficient and effective Operation-Centric approach to detecting the whole of\r\nan attack as opposed to responding to individual, uncorrelated alerts...\r\nOctober 5, 2022 / 4 minute read\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 95 of 106\n\nBlue Teaming on macOS with eslogger\r\nIn this edition of the Blue Team Chronicles, we assess the capabilities of eslogger, a new built-in macOS tool, and\r\nshow how defenders can use this tool to better understand malicious activities on macOS and build new detection\r\napproaches...\r\nOctober 4, 2022 / 8 minute read\r\nMalicious Life Podcast: Hacking Stock Markets Part 1\r\nSome stock traders are willing to go to great lengths to get information before anyone else, even hacking into\r\ntrading technologies to gain an unfair advantage and make a fortune along the way–check it out...\r\nOctober 4, 2022 /\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 96 of 106\n\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 97 of 106\n\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 98 of 106\n\nCloud Authentication: A Guide to Choosing the Right Solution\r\nAuthentication is one of the main elements of a cloud application, as it provides the ability to control access to\r\nyour application. Need to pick an authentication solution and don't know where to start? This write-up will guide\r\nyou in choosing an authentication solution that will suit your needs...\r\nSeptember 29, 2022 / 5 minute read\r\nWebinar October 13th 2022: Ten Considerations for More Efficient Security\r\nJoin us on October 13th to hear from-the-field tips on how to create world-class efficiencies, including ways to\r\nfind efficiencies within your tech stack, tips on how to recruit and manage a successful team, practical tips any\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 99 of 106\n\nteam can take to reduce event burden, how the Cybereason Defense Platform can create a 10x boost in efficiencies\r\nand more...\r\nSeptember 29, 2022 / 1 minute read\r\nMalicious Life Podcast: What It’s Like to Fight LulzSec\r\nAs their name implies, LulzSec was known for trolling their victims:, and while their childish behavior might have\r\nfooled some people into thinking that LulzSec was harmless, the story you’re about to hear will show they were\r\nanything but – check it out...\r\nSeptember 28, 2022 /\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 100 of 106\n\nDefending Against Supply Chain and Ransomware Attacks\r\nAttacks on organizations that originate from third-party partners and service providers are expected to rise in the\r\ncoming years as attackers look for weak links in software supply chains in an effort to “attack one to attack all...\"\r\nSeptember 27, 2022 / 4 minute read\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 101 of 106\n\nNext Generation Antivirus Prevention Redefined\r\nTraditional antivirus tools from legacy vendors spot the easy stuff but struggle to prevent novel threats from\r\ncausing damage. That is why Cybereason is announcing its latest prevention technologies to detect and block all\r\nthreats from commodity malware to the never before seen...\r\nSeptember 22, 2022 / 1 minute read\r\nHow XDR Reduces the Total Cost of Security Operations\r\nAI-driven XDR solution unifies telemetry analysis to optimize efficacy, improves operational efficiency at scale,\r\nand eliminates detection blind spots by generating deeply contextual correlations from endpoints, identity\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 102 of 106\n\nmanagement, workspaces, application suites, the cloud and more...\r\nSeptember 21, 2022 / 3 minute read\r\nWebinar October 26th 2022: NGAV Redefined\r\nIn this webinar we will hear from Cybereason CTO and co-founder Yonatan Striem-Amit about how threats are\r\nchanging; Tim Amey, Field CTO about how Cybereason prevention layers stop malware in its tracks; and Cody\r\nQueen, Product Marketing Manager share the latest prevention tools developed by Cybereason to stop the most\r\nnovel attack techniques...\r\nSeptember 21, 2022 / 1 minute read\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 103 of 106\n\nCyber Defenders Council: Is it Time for Cybersecurity Regulation?\r\nThe report showcases best practices that Council members have used to align business executives around a\r\ncommon understanding of cyber risk and also explores a potentially controversial solution to the business-cybersecurity alignment gap: cybersecurity accountability regulation...\r\nSeptember 20, 2022 / 2 minute read\r\nPreparing Your Organization for a Ransomware Attack\r\nYou cannot defend against RansomOps in traditional ways because it’s not a traditional threat, and a focus on\r\ndetecting the ransomware executable alone is risky because that is the tail-end of a longer attack sequence, where\r\nthe adversary already has unfettered access to your network...\r\nSeptember 20, 2022 / 4 minute read\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 104 of 106\n\nMalicious Life Podcast: King Kimble - Kim DotCom\r\nThe US government says that Kim Schmitz, better known as Kim DotCom, is the leader of a file sharing crime\r\nring. He sees himself as an internet freedom fighter: a fugitive on the run from vindictive overly-powerful\r\ngovernments. Can King Kimble escape the wrath of the USA? Check it out...\r\nSeptember 19, 2022 /\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 105 of 106\n\nRansomware Head to Head: Don't Follow the CRWD\r\nWhen ransomware threatens to shut down your business, the most critical measures of success is the ability to\r\ndetect malicious activity in real time...\r\nSeptember 15, 2022 / 4 minute read\r\nSource: https://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nhttps://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees\r\nPage 106 of 106\n\n https://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees \nMalicious Life Podcast: LabMD vs. The FTC \nOne day in 2008, Michael Daugherty got a call from cybersecurity company TiVera, saying private medical data\nof some 9000 LabMD patients had been discovered online. When Michael refused to pay for TiVersa's hefty\n\"consultation fee\", a ten-year legal battle began that led to the demise of LabMD, but also cost the FTC dearly.\nNovember 18, 2022 / \n Page 88 of 106", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://www.cybereason.com/blog/lockbit-ransomware-wants-to-hire-your-employees" ], "report_names": [ "lockbit-ransomware-wants-to-hire-your-employees" ], "threat_actors": [ { "id": "8aaa5515-92dd-448d-bb20-3a253f4f8854", "created_at": "2024-06-19T02:03:08.147099Z", "updated_at": "2026-04-10T02:00:03.685355Z", "deleted_at": null, "main_name": "IRON HUNTER", "aliases": [ "ATK13 ", "Belugasturgeon ", "Blue Python ", "CTG-8875 ", "ITG12 ", "KRYPTON ", "MAKERSMARK ", "Pensive Ursa ", "Secret Blizzard ", "Turla", "UAC-0003 ", "UAC-0024 ", "UNC4210 ", "Venomous Bear ", "Waterbug " ], "source_name": "Secureworks:IRON HUNTER", "tools": [ "Carbon-DLL", "ComRAT", "LightNeuron", "Mosquito", "PyFlash", "Skipper", "Snake", "Tavdig" ], "source_id": "Secureworks", "reports": null }, { "id": "846522d7-29cb-4a0c-8ebe-ffba7429e2d7", "created_at": "2023-06-23T02:04:34.793629Z", "updated_at": "2026-04-10T02:00:04.971054Z", "deleted_at": null, "main_name": "Volt Typhoon", "aliases": [ "Bronze Silhouette", "Dev-0391", "Insidious Taurus", "Redfly", "Storm-0391", "UAT-5918", "UAT-7237", "UNC3236", "VOLTZITE", "Vanguard Panda" ], "source_name": "ETDA:Volt Typhoon", "tools": [ "FRP", "Fast Reverse Proxy", "Impacket", "LOLBAS", "LOLBins", "Living off the Land" ], "source_id": "ETDA", "reports": null }, { "id": "ec14074c-8517-40e1-b4d7-3897f1254487", "created_at": "2023-01-06T13:46:38.300905Z", "updated_at": "2026-04-10T02:00:02.918468Z", "deleted_at": null, "main_name": "APT10", "aliases": [ "Red Apollo", "HOGFISH", "BRONZE RIVERSIDE", "G0045", "TA429", "Purple Typhoon", "STONE PANDA", "Menupass Team", "happyyongzi", "CVNX", "Cloud Hopper", "ATK41", "Granite Taurus", "POTASSIUM" ], "source_name": "MISPGALAXY:APT10", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "d90307b6-14a9-4d0b-9156-89e453d6eb13", "created_at": "2022-10-25T16:07:23.773944Z", "updated_at": "2026-04-10T02:00:04.746188Z", "deleted_at": null, "main_name": "Lead", "aliases": [ "Casper", "TG-3279" ], "source_name": "ETDA:Lead", "tools": [ "Agentemis", "BleDoor", "Cobalt Strike", "CobaltStrike", "RbDoor", "RibDoor", "Winnti", "cobeacon" ], "source_id": "ETDA", "reports": null }, { "id": "ba9fa308-a29a-4928-9c06-73aafec7624c", "created_at": "2024-05-01T02:03:07.981061Z", "updated_at": "2026-04-10T02:00:03.750803Z", "deleted_at": null, "main_name": "BRONZE RIVERSIDE", "aliases": [ "APT10 ", "CTG-5938 ", "CVNX ", "Hogfish ", "MenuPass ", "MirrorFace ", "POTASSIUM ", "Purple Typhoon ", "Red Apollo ", "Stone Panda " ], "source_name": "Secureworks:BRONZE RIVERSIDE", "tools": [ "ANEL", "AsyncRAT", "ChChes", "Cobalt Strike", "HiddenFace", "LODEINFO", "PlugX", "PoisonIvy", "QuasarRAT", "QuasarRAT Loader", "RedLeaves" ], "source_id": "Secureworks", "reports": null }, { "id": "a97cf06d-c2e2-4771-99a2-c9dee0d6a0ac", "created_at": "2022-10-25T16:07:24.349252Z", "updated_at": "2026-04-10T02:00:04.949821Z", "deleted_at": null, "main_name": "Turla", "aliases": [ "ATK 13", "Belugasturgeon", "Blue Python", "CTG-8875", "G0010", "Group 88", "ITG12", "Iron Hunter", "Krypton", "Makersmark", "Operation Epic Turla", "Operation Moonlight Maze", "Operation Penguin Turla", "Operation Satellite Turla", "Operation Skipper Turla", "Operation Turla Mosquito", "Operation WITCHCOVEN", "Pacifier APT", "Pensive Ursa", "Popeye", "SIG15", "SIG2", "SIG23", "Secret Blizzard", "TAG-0530", "Turla", "UNC4210", "Venomous Bear", "Waterbug" ], "source_name": "ETDA:Turla", "tools": [ "ASPXSpy", "ASPXTool", "ATI-Agent", "AdobeARM", "Agent.BTZ", "Agent.DNE", "ApolloShadow", "BigBoss", "COMpfun", "Chinch", "Cloud Duke", "CloudDuke", "CloudLook", "Cobra Carbon System", "ComRAT", "DoublePulsar", "EmPyre", "EmpireProject", "Epic Turla", "EternalBlue", "EternalRomance", "GoldenSky", "Group Policy Results Tool", "HTML5 Encoding", "HyperStack", "IcedCoffee", "IronNetInjector", "KSL0T", "Kapushka", "Kazuar", "KopiLuwak", "Kotel", "LOLBAS", "LOLBins", "LightNeuron", "Living off the Land", "Maintools.js", "Metasploit", "Meterpreter", "MiamiBeach", "Mimikatz", "MiniDionis", "Minit", "NBTscan", "NETTRANS", "NETVulture", "Neptun", "NetFlash", "NewPass", "Outlook Backdoor", "Penquin Turla", "Pfinet", "PowerShell Empire", "PowerShellRunner", "PowerShellRunner-based RPC backdoor", "PowerStallion", "PsExec", "PyFlash", "QUIETCANARY", "Reductor RAT", "RocketMan", "SMBTouch", "SScan", "Satellite Turla", "SilentMoon", "Sun rootkit", "TTNG", "TadjMakhal", "Tavdig", "TinyTurla", "TinyTurla Next Generation", "TinyTurla-NG", "Topinambour", "Tunnus", "Turla", "Turla SilentMoon", "TurlaChopper", "Uroburos", "Urouros", "WCE", "WITCHCOVEN", "WhiteAtlas", "WhiteBear", "Windows Credential Editor", "Windows Credentials Editor", "Wipbot", "WorldCupSec", "XTRANS", "certutil", "certutil.exe", "gpresult", "nbtscan", "nbtstat", "pwdump" ], "source_id": "ETDA", "reports": null }, { "id": "a88747e2-ffed-45d8-b847-8464361b2254", "created_at": "2023-11-01T02:01:06.605663Z", "updated_at": "2026-04-10T02:00:05.289908Z", "deleted_at": null, "main_name": "Volt Typhoon", "aliases": [ "Volt Typhoon", "BRONZE SILHOUETTE", "Vanguard Panda", "DEV-0391", "UNC3236", "Voltzite", "Insidious Taurus" ], "source_name": "MITRE:Volt Typhoon", "tools": [ "netsh", "PsExec", "ipconfig", "Wevtutil", "VersaMem", "Tasklist", "Mimikatz", "Impacket", "Systeminfo", "netstat", "Nltest", "certutil", "FRP", "cmd" ], "source_id": "MITRE", "reports": null }, { "id": "de5630ec-93e0-4ef5-9ac3-fe422789e03d", "created_at": "2024-11-01T02:00:52.730802Z", "updated_at": "2026-04-10T02:00:05.330644Z", "deleted_at": null, "main_name": "INC Ransom", "aliases": [ "INC Ransom", "GOLD IONIC" ], "source_name": "MITRE:INC Ransom", "tools": [ "PsExec", "Nltest", "Rclone", "AdFind", "esentutl", "INC Ransomware" ], "source_id": "MITRE", "reports": null }, { "id": "49b3063e-a96c-4a43-b28b-1c380ae6a64b", "created_at": "2025-08-07T02:03:24.661509Z", "updated_at": "2026-04-10T02:00:03.644548Z", "deleted_at": null, "main_name": "BRONZE SILHOUETTE", "aliases": [ "Dev-0391 ", "Insidious Taurus ", "UNC3236 ", "Vanguard Panda ", "Volt Typhoon ", "Voltzite " ], "source_name": "Secureworks:BRONZE SILHOUETTE", "tools": [ "Living-off-the-land binaries", "Web shells" ], "source_id": "Secureworks", "reports": null }, { "id": "04b07437-41bb-4126-bcbb-def16f19d7c6", "created_at": "2022-10-25T16:07:24.232628Z", "updated_at": "2026-04-10T02:00:04.906097Z", "deleted_at": null, "main_name": "Stone Panda", "aliases": [ "APT 10", "ATK 41", "Bronze Riverside", "CTG-5938", "CVNX", "Cuckoo Spear", "Earth Kasha", "G0045", "G0093", "Granite Taurus", "Happyyongzi", "Hogfish", "ITG01", "Operation A41APT", "Operation Cache Panda", "Operation ChessMaster", "Operation Cloud Hopper", "Operation Cuckoo Spear", "Operation New Battle", "Operation Soft Cell", "Operation TradeSecret", "Potassium", "Purple Typhoon", "Red Apollo", "Stone Panda", "TA429", "menuPass", "menuPass Team" ], "source_name": "ETDA:Stone Panda", "tools": [ "Agent.dhwf", "Agentemis", "Anel", "AngryRebel", "BKDR_EVILOGE", "BKDR_HGDER", "BKDR_NVICM", "BUGJUICE", "CHINACHOPPER", "ChChes", "China Chopper", "Chymine", "CinaRAT", "Cobalt Strike", "CobaltStrike", "DARKTOWN", "DESLoader", "DILLJUICE", "DILLWEED", "Darkmoon", "DelfsCake", "Derusbi", "Destroy RAT", "DestroyRAT", "Ecipekac", "Emdivi", "EvilGrab", "EvilGrab RAT", "FYAnti", "Farfli", "Gen:Trojan.Heur.PT", "Gh0st RAT", "Ghost RAT", "GreetCake", "HAYMAKER", "HEAVYHAND", "HEAVYPOT", "HTran", "HUC Packet Transmit Tool", "Ham Backdoor", "HiddenFace", "Impacket", "Invoke the Hash", "KABOB", "Kaba", "Korplug", "LODEINFO", "LOLBAS", "LOLBins", "Living off the Land", "MiS-Type", "Mimikatz", "Moudour", "Mydoor", "NBTscan", "NOOPDOOR", "Newsripper", "P8RAT", "PCRat", "PlugX", "Poison Ivy", "Poldat", "PowerSploit", "PowerView", "PsExec", "PsList", "Quarks PwDump", "Quasar RAT", "QuasarRAT", "RedDelta", "RedLeaves", "Rubeus", "SNUGRIDE", "SPIVY", "SharpSploit", "SigLoader", "SinoChopper", "SodaMaster", "Sogu", "TIGERPLUG", "TVT", "Thoper", "Trochilus RAT", "UpperCut", "Vidgrab", "WinRAR", "WmiExec", "Wmonder", "Xamtrav", "Yggdrasil", "Zlib", "certutil", "certutil.exe", "cobeacon", "dfls", "lena", "nbtscan", "pivy", "poisonivy", "pwdump" ], "source_id": "ETDA", "reports": null }, { "id": "a97fee0d-af4b-4661-ae17-858925438fc4", "created_at": "2023-01-06T13:46:38.396415Z", "updated_at": "2026-04-10T02:00:02.957137Z", "deleted_at": null, "main_name": "Turla", "aliases": [ "TAG_0530", "Pacifier APT", "Blue Python", "UNC4210", "UAC-0003", "VENOMOUS Bear", "Waterbug", "Pfinet", "KRYPTON", "Popeye", "SIG23", "ATK13", "ITG12", "Group 88", "Uroburos", "Hippo Team", "IRON HUNTER", "MAKERSMARK", "Secret Blizzard", "UAC-0144", "UAC-0024", "G0010" ], "source_name": "MISPGALAXY:Turla", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "d11c89bb-1640-45fa-8322-6f4e4053d7f3", "created_at": "2022-10-25T15:50:23.509601Z", "updated_at": "2026-04-10T02:00:05.277674Z", "deleted_at": null, "main_name": "Turla", "aliases": [ "Turla", "IRON HUNTER", "Group 88", "Waterbug", "WhiteBear", "Krypton", "Venomous Bear", "Secret Blizzard", "BELUGASTURGEON" ], "source_name": "MITRE:Turla", "tools": [ "PsExec", "nbtstat", "ComRAT", "netstat", "certutil", "KOPILUWAK", "IronNetInjector", "LunarWeb", "Arp", "Uroburos", "PowerStallion", "Kazuar", "Systeminfo", "LightNeuron", "Mimikatz", "Tasklist", "LunarMail", "HyperStack", "NBTscan", "TinyTurla", "Penquin", "LunarLoader" ], "source_id": "MITRE", "reports": null }, { "id": "ba3fff0c-3ba0-4855-9eeb-1af9ee18136a", "created_at": "2022-10-25T15:50:23.298889Z", "updated_at": "2026-04-10T02:00:05.316886Z", "deleted_at": null, "main_name": "menuPass", "aliases": [ "menuPass", "POTASSIUM", "Stone Panda", "APT10", "Red Apollo", "CVNX", "HOGFISH", "BRONZE RIVERSIDE" ], "source_name": "MITRE:menuPass", "tools": [ "certutil", "FYAnti", "UPPERCUT", "SNUGRIDE", "P8RAT", "RedLeaves", "SodaMaster", "pwdump", "Mimikatz", "PlugX", "PowerSploit", "ChChes", "cmd", "QuasarRAT", "AdFind", "Cobalt Strike", "PoisonIvy", "EvilGrab", "esentutl", "Impacket", "Ecipekac", "PsExec", "HUI Loader" ], "source_id": "MITRE", "reports": null }, { "id": "4ed2b20c-7523-4852-833b-cebee8029f55", "created_at": "2023-05-26T02:02:03.524749Z", "updated_at": "2026-04-10T02:00:03.366175Z", "deleted_at": null, "main_name": "Volt Typhoon", "aliases": [ "BRONZE SILHOUETTE", "VANGUARD PANDA", "UNC3236", "Insidious Taurus", "VOLTZITE", "Dev-0391", "Storm-0391" ], "source_name": "MISPGALAXY:Volt Typhoon", "tools": [], "source_id": "MISPGALAXY", "reports": null } ], "ts_created_at": 1775434086, "ts_updated_at": 1775792084, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/bc8c5c3d6d9703e1134e79bbfbdc4aaa0cbf30e6.pdf", "text": "https://archive.orkl.eu/bc8c5c3d6d9703e1134e79bbfbdc4aaa0cbf30e6.txt", "img": "https://archive.orkl.eu/bc8c5c3d6d9703e1134e79bbfbdc4aaa0cbf30e6.jpg" } }