The newcomer first appeared in March 2023 and has entered the top 10 groups with the most monthly victims , ranking at number seven as of November . The group is focusing on substantial payouts and targets large commercial entities .

Logpoint Security Analytics Engineer , Bibek Thapa Magar , said : “ Cactus is a good example of ransomware groups employing increasingly sophisticated TTPs in their attacks . What stands out in this case is that the malware encrypts itself to evade

detection . The smooth way of avoiding defences shows that the group is good at the game . Cactus has quickly made a significant impact , using double extortion , compromising sensitive data and leaving victims with limited choices .”

Cactus is a sophisticated ransomware with unique features such as auto-encryption and a consecutive change of file extensions post-encryption , making it more challenging to identify affected files . It employs the well-known and easily ‘ unpackable ’ UPX packer and divides encrypted files into micro-buffers , possibly to speed up the management of encrypted data streams .

Logpoint has collated a report highlighting the TTPs and IoCs applied by Cactus to create alert rules to detect methods the group uses . According to Kroll , Cactus exploits known vulnerabilities in VPN appliances to gain initial access and establishes commands and control with SSH .

The group attempts to dump LSASS and credentials from web browsers to escalate privilege . Ultimately , Cactus gets access to target computers using Splashtop or AnyDesk and creates a proxy between infected hosts using Chisel before encrypting files .

Magar said : “ Cactus is a good reminder that basic cyber-hygiene is important , but it also highlights that monitoring and detection is key to protecting against newer ransomware . If activity is detected , security analysts should investigate and make sure it doesn ’ t spread by disabling virtual private networks ( VPNs ), remote access servers , single sign-on resources , and public-facing assets before engaging in containment , eradication and recovery to minimise the impact .”

Logpoint ’ s security operations platform , Converged SIEM , contains extensive tools and capabilities for identifying , evaluating and mitigating the impact of Cactus Ransomware .

lackBerry has released its latest Quarterly Global Threat Intelligence Report , revealing a 70 % increase in new

At 26 cyberattacks per minute , this highlights a diversification of tools and attacks by threat actors as they target high-stakes or financially lucrative industries .

“ Malicious actors are working harder than ever to expand their range and volume of cyberattacks ,” said Ismael Valenzuela , Vice President of Threat Research and Intelligence , BlackBerry . “ The intensifying number of novel attacks targeting nations and industries demonstrates the impact of the macroeconomic climate on cybersecurity . However , while threats are increasing in number and diversity , so is our ability to defend against them with advanced technologies that predict and prevent attacks .”

• Financial and healthcare most targeted industries . The financial sector was the most frequently attacked industry this quarter , with healthcare institutions coming in second . High-value data and the opportunity to disrupt essential services make these sectors a prime target for impactful or profitable attacks .

• Ransomware groups make double extortion standard practice . LockBit , Cl0p , Cuba and ALPHV ransomware groups increasingly use double extortion tactics as insurance on attacks , as organisations worldwide improve their data backup strategies .

Highlights from the report , covering the three-month period of June- August , include :

• Continued rise in cyberattacks per minute . BlackBerry stopped over 3.3 million attacks ; approximately 26 attacks and 2.9 unique malware samples per minute .

WWW . INTELLIGENTCISO . COM 13