Amanda Fennell Profile picture
CSO and CIO for @RelativityHQ + Host of @SecureSandbox podcast. Chitown gal not from Chitown. #paradox
24 Oct
🧵The latest Threat Landscape Update from @RelativityHQ’s Calder7 security team focuses on Evil Corp and its new Macaw Locker #ransomware that is being used to evade U.S. sanctions which previously prevented victims from paying ransoms. (1/7) #CyberSecurity #Legaltech
Background: Evil Corp, also known as Indrik Spider, Gold Drake, and Dridex gang, is an international cybercrime network that has stolen over $100 million USD in over 40 countries through a variety of attacks on banking institutions (2/7)
The group also dabbles in #ransomare, including their notorious #BitPaymer operation which utilized Dridex malware to attack compromised networks and subsequently led to sanctions from the US Treasury in 2019: home.treasury.gov/news/press-rel… (3/7)
Read 7 tweets
22 Aug
🧵The latest Threat Landscape Update from @RelativityHQ’s Calder7 security team details a particularly concerning new trend in #ransomware, which combines Ransomware-as-a-Service (RAAS) with employee-led Insider Threats. #cybersecurity #infosec #hackers #SundayReads (1/7)
RAAS has been around since early 2020 and has quickly become the leading vector for deploying #ransomware. The newest iteration of it is enticing employees to intentionally deploy #ransomware w/i their own org. A particularly nasty case of insider threat (2/7)
Reported by @briankrebs, threat actors trying this technique are using the #Demonware strain and are targeting networks of interest in the U.S., Canada, Australia, U.K., and for RDP, VPN, - corporate email access specifically (3/7)
Read 7 tweets