Cyber Threat Weather
BLOG CERT SOGETI ESEC
CERT CYBER THREAT WEATHER

Cyber Threat Weather - April 2021

Some spotlights on Babuk ransomware and EtterSilent.

Summary report

Weak signals for Strategic CTI

  • The eCrime ecosystem is resilient. The MaaS model on which IcedID and Qbot are based on, allows newcomers to the ransomware scene to gain access to victim networks at a lower cost
  • Cybercriminal groups' use of loaders such as IcedID and Qbot whose infection is facilitated by the maldoc builders EtterSilent can lure detection teams focusing on ransomwares and not on banking trojans payloads

Anticipation : As EtterSilent continues to evolve, especially with more resilient evasion techniques, the latter is highly likely to be increasingly used in phishing operations that can lead to impactful post-exploitation operations (i.e., CS, ransom/doxwares etc)

 

Highlights

  • Natanz Iranian atomic site blackout allegedly resulted of a cyber attack by Israel
  • French hospital hit by a ransomware

 

Download the report

Print Email