21 min
Incident Response
BlackSuit Continues Social Engineering Attacks in Wake of Black Basta’s Internal Conflict
Despite a significant decrease in social engineering attacks linked to the Black Basta ransomware group since late December 2024, Rapid7 has observed sustained social engineering attacks. Evidence suggests that BlackSuit affiliates have either adopted Black Basta’s strategy or absorbed its members.
7 min
Incident Response
Rapid7 Q1 2025 Incident Response Findings
Rapid7’s 2025Q1 incident response data highlights several key IAV trends, shares salient examples of incidents investigated by the Rapid7 IR team, and digs into threat data by industry as well as some of the more commonly seen pieces of malware.
18 min
Incident Response
Black Basta Ransomware Campaign Drops Zbot, DarkGate, and Custom Malware
Beginning in early October, Rapid7 has observed a resurgence of activity related to the ongoing social engineering campaign being conducted by Black Basta ransomware operators.
7 min
Incident Response
Investigating a SharePoint Compromise: IR Tales from the Field
Our investigation uncovered an attacker who accessed a server without authorization and moved laterally across the network, compromising the entire domain.
10 min
Managed Detection and Response (MDR)
Malvertising Campaign Leads to Execution of Oyster Backdoor
Rapid7 has observed a recent malvertising campaign that lures users into downloading malicious installers for popular software such as Google Chrome and Microsoft Teams.
8 min
Incident Response
Ongoing Social Engineering Campaign Linked to Black Basta Ransomware Operators
Rapid7 observes ongoing social engineering campaign consistent with Black Basta
7 min
Incident Response
RCE to Sliver: IR Tales from the Field
Rapid7 Incident Response was engaged to investigate an incident involving unauthorized access to two publicly-facing Confluence servers that were the source of multiple malware executions.
5 min
SOAR
Grey Time: The Hidden Cost of Incident Response
The time cost of incident response for security teams may be greater – and more complex – than we’ve been assuming.
1 min
Public Policy
Incident Reporting Regulations Summary and Chart
A growing number of regulations require organizations to report cybersecurity incidents. This chart summarizes 11 proposed and current cyber incident reporting regulations and breaks down their common elements, such as who must report, what incidents must be reported, deadlines, and more.
9 min
Public Policy
Avoiding Smash and Grab Under the SEC’s Proposed Cyber Rule
The SEC proposed a rule to require companies to publicly report cybersecurity incidents. This post explains why public disclosure of an incident before mitigation or containment raises the risk of harm, and suggests a solution that avoids harm while still promoting disclosure.
5 min
Vulnerability Management
How to Strategically Scale Vendor Management and Supply Chain Security
Here are simple changes that can help you provide more impactful supply chain security guidance and controls to decrease risk.
3 min
Detection and Response
Sharpen Your IR Capabilities With Rapid7’s Detection and Response Workshop
Rapid7's Detection and Response Workshop helps you determine if your tools can immediately detect and respond to threats.
4 min
Public Policy
New US Law to Require Cyber Incident Reports
The Cyber Incident Reporting for Critical Infrastructure Act of 2022 will require critical infrastructure owners and operators to report cyber incidents and ransomware payments. This post will walk through highlights from the new law.
3 min
Detection and Response
Cybersecurity as Digital Detective Work: DFIR and Its 3 Key Components
We highlight 3 elements of a well-formulated digital forensics and incident response (DFIR) strategy.
3 min
Incident Response
Energize Your Incident Response and Vulnerability Management With Crowdsourced Automation Workflows
Bringing the spirit of open source to security workflow automation can help you detect and address breaches quickly, before they become major incidents.