Managed Service Providers (MSPs), especially ones using Kaseya VSA, should read this and take action as soon as possible. High-level Summary: On Friday, July 2, some MSPs using the on-premises version of Kaseya VSA suffered ransomware attacks that trickled down to their customers. Kaseya says around…

On March 18th, 2021, the DNSWatch Tailored Analysis Team received an email from an internal WatchGuard employee who deemed the email as suspicious. The initial email included an attachment with the title Attachment_57904. A DNSWatch Analyst performed an initial assessment of the file in search of…

At the beginning of March, as many Americans were eagerly awaiting another round of stimulus payments, news began to circulate about cybercriminals taking advantage of the American Rescue Plan offering financial assistance (payments and other aids) as part of COVID-19 relief. We got a hold of some…

Thanks to WatchGuard’s Panda Adaptive Defense 360 zero-trust service, WatchGuard Threat Lab was able to identify and stop a sophisticated fileless malware loader before execution on the victim’s computer. Upon further detailed analysis by our attestation team, we identified several recent browser…

Last month while onboarding a new customer to Panda EDR with the Orion threat hunting console, WatchGuard Threat Lab discovered an existing advanced persistent threat (APT) on the organization’s network. WatchGuard Threat Lab investigated the incident and were able to identify much of the threat…

This short post will show a real-world phish that DNSWatch caught and how analysts were able to garner further information using trivial open-source tools because of a unique mistake by the attacker.