The various threat intelligence stories in this iteration of the Weekly Threat Briefing discuss the following topics: APT activity, Malspam, Phishing, Ransomware, Spearphishing, and Vulnerabilities. The IOCs related to these stories are attached to the Weekly Threat Briefing and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Increase in Ransomware Demand Amounts Driven by Ryuk, Sodinokibi
(published: May 4, 2020)
Ransomware recovery firm Coveware found that Phobos, Ryuk, and Sodinokibi ransomware families have contributed to sizable increases in ransomware demands over the first quarter of 2020. Coveware calculates the average paid ransom amount demanded by a ransomware attack to be $111,605 USD in the first quarter of 2020, which is about a third higher than the final quarter of 2019. According to Coveware aggregated data, Sodinokibi represented over 26% of all paid ransomware attacks, likely due to their broad victim demographic, with increases in ransoms proportionate to the size of the target organizations. Ryuk was the second most prevalent ransomware with just over 19%, which represents the average ransom demands of over $1M USD in quarter one of 2020. The Ryuk average still increased from the fourth quarter of 2019, even though Ryuk has been seen targeting smaller organizations than in previous campaigns.Recommendation: These statistics highlight the need for organizations to do more to protect themselves against crypto-malware infections. It is important to have a comprehensive and tested backup solution and a business continuity plan in place for the unfortunate case of ransomware infection.MITRE ATT&CK: weekly threat briefing android malware perswaysion phishing campaign saltstack vulnerabilities
