<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=1354242&amp;fmt=gif">

DOJ Fund Recovery, the Dark Web Bargain Bin, VBA Macros Update

Updates from Microsoft, new research on attack vectors, and good news from the Department of Justice. 

Latest Threat Intel News:


No Money Back Guarantee: DOJ Recovered Funds Paid to North Korean Ransomware Group

After being encrypted by Maui ransomware last year, two healthcare organizations found themselves with little choice but to pay up. It was either pay the ransom or lose the ability to provide critical care to their patients. The ransom payments were made in cryptocurrency and passed through money laundering services often employed by ransomware gangs. The FBI, however, was able to trace, seize, and ultimately return around $500,000 of the ransom funds.

Why This Matters

A positive headline in information security news is a welcome change, but victims of ransomware should never count on getting their money back. Especially as ransomware gangs employ alternate forms of privacy currency such as Monero and Zcash that are harder to trace. The goal is to prevent the need for paying a ransom altogether by having proper backups.

Additional Information:

Dark Web Bargain Bin: The ROI for Attackers Couldn’t be Better

HP’s threat research team noted that despite nearly $7 billion in cyber losses last year, most malware and exploits to carry out these attacks are advertised for sale on the dark web for less than $10. In fact, many of these exploits were sold as “plug and play” malware kits or malware-as-a-service, reducing the need for serious technical skills to deploy the exploits on unwitting victims. Even more sophisticated or niche exploits ranged from $1,000–$4,000 or tens of thousands of dollars for zero days (exploits not yet publicly known).

Why This Matters

This research makes clear that criminals are focusing on low-hanging fruit like RDP, Microsoft Office, and web and email servers in order to get initial access to systems. While infosec moves quickly from one zero-day to the next, many serious attacks could be stopped by focusing on basic security controls (patching, MFA, etc).

Additional Information:

Microsoft Reinstates Blocking VBA Macros by Default

After years of its VBA macros being a top vector for cyber criminals to gain initial access to a network, Microsoft announced earlier in 2022 that it would block the Office tool by default. After abruptly reversing course and pausing the change due to user feedback, Microsoft has announced it will resume blocking macros by default. See links below for more guidance aimed at users and IT professionals.

Why This Matters

Microsoft VBA macros are a widely-used legitimate tool. They have also become a favored way for cybercriminals to gain remote access to the networks of victims. Microsoft’s move to implicitly deny macros is a good first line of defense, but it isn’t the total solution.

Additional Information:

This blog post and its contents are intended for general guidance and informational purposes only. This blog post is under no circumstances intended to be used or considered as specific insurance or information security advice.


Recent Articles

Ransomware Attacks Remain High: April 2023 Takes Spot for Third Highest Month

Ransomware is up 24% from this time last year. Here’s what you need to know.

60% Increase in Ransomware Attacks: March 2023 Sees Highest Victim Count in Two Years

Ransomware is up 60% from this time last year, and 141% from two years ago. 

T-Mobile and Nissan Breached, New Git Vulnerabilities, & SSO Smishing

T-Mobile and Nissan disclose breaches, critical security flaws discovered by GitLab, and Single...