Cyber Threat Weather - April 2021
Some spotlights on Babuk ransomware and EtterSilent.
Weak signals for Strategic CTI
- The eCrime ecosystem is resilient. The MaaS model on which IcedID and Qbot are based on, allows newcomers to the ransomware scene to gain access to victim networks at a lower cost
- Cybercriminal groups' use of loaders such as IcedID and Qbot whose infection is facilitated by the maldoc builders EtterSilent can lure detection teams focusing on ransomwares and not on banking trojans payloads
Anticipation : As EtterSilent continues to evolve, especially with more resilient evasion techniques, the latter is highly likely to be increasingly used in phishing operations that can lead to impactful post-exploitation operations (i.e., CS, ransom/doxwares etc)
- Natanz Iranian atomic site blackout allegedly resulted of a cyber attack by Israel
- French hospital hit by a ransomware