DoubleVPN’s services were mainly promoted on Russian and English language underground hacking and cybercriminal forums, offering anonymity by hiding the identities and locations of various types of scammers, fraudsters, and even ransomware operators.

Change isn’t just about physical equipment or experiences, it’s also about mindset. The crisis forced change at a rate that many didn’t think possible. But to make these IT investments successful long-term means also changing the cultural mindset within the organisation, removing traditional biases around remote working and recognising that work is what you do, not where you do it.

The top variants between November 2020 and January 2021 were Ryuk and Vatet. Cisco Talos has also observed variants of Egregor and WastedLocker continuing to target organizations across the globe.

Ransomware featured in 81% of incidents and 69% of attacks involved the use of the remote desktop protocol (RDP) for lateral movement inside the network.

These vulnerabilities let adversaries access Exchange Servers and potentially gain long-term access to victims’ environments. While the Microsoft Threat Intelligence Center (MSTIC) attributes the initial campaign with high confidence to HAFNIUM.