Quorum Cyber - Experts & Thought Leaders

Quorum Cyber, a cybersecurity firm, announced that it has identified two new variants of a Remote Access Trojan (RAT) tracked as NodeSnake.  The Quorum Cyber Threat Intelligence team is tracking this malware, which is highly likely attributed to Interlock ransomware due to infrastructure attribution. Quorum Cyber’s NodeSnake report Quorum Cyber’s NodeSnake report contains a detailed technical analysis and recommendations The team assessed that Interlock has likely recently shifted tactics to target both local government organizations and the higher education sector, based on recent observed activity.  Quorum Cyber’s NodeSnake report contains a detailed technical analysis and recommendations to mitigate the effects of the malware. Quorum Cyber’s Threat Intelligence Threat actors can use RATs to gain remote control over infected systems, access files, monitor activities, manipulate system settings, edit, delete or exfiltrate data. They can maintain persistence within an organization as well as to introduce additional tooling or malware to the environment.  Quorum Cyber’s Threat Intelligence team discovered code commonality within malware deployed against two British higher education institutions within a two-month period. Interlock ransomware infrastructure Interlock ransomware infrastructure seen targeting British universities, has now been detected On analysis, it is probable that both NodeSnake RATs were placed within the universities by the same threat actor. It is also certain that both instances of this malware are from the same family, with the later iteration possessing considerable advancements over the earlier variant. In a recent development, Interlock ransomware infrastructure seen targeting British universities, has now been detected impacting regional councils in the country. Use of the NodeSnake variants “We have observed threat actors increasingly targeting universities this year to exfiltrate valuable intellectual property, including research data, and possibly to test and hone new tactics, techniques, and procedures before potentially applying them in other sectors,” said Paul Caiazzo, Chief Threat Officer at Quorum Cyber. “Theft of research data suggests an espionage motivation, and as such, our Threat Intelligence team continues to monitor Interlock and its use of the NodeSnake variants so that we can advise organizations across sectors on practical steps they can take to prevent the theft of their own intellectual property.” Double-extortion tactics Interlock has targeted large or high-value organizations in a range of industries First observed in September 2024, Interlock has targeted large or high-value organizations in a range of industries across North America and Europe. It’s known to employ double-extortion tactics by encrypting data and threatening to release it unless a ransom fee is paid. Unlike many other ransomware groups, Interlock does not operate as a Ransomware-as-a-Service (RaaS) and has no known affiliates. Relevant ransomware reports Interlock ransomware could target both Linux and Windows operating systems, providing it with broad targeting capabilities. Quorum Cyber’s Threat Intelligence Community Group publishes a large collection of relevant ransomware reports, threat actor profiles, and timely threat intelligence bulletins that can all be downloaded for free.

Quorum Cyber, a proactive, threat-led cybersecurity company, has been awarded the Identity and Access Management Specialization from Microsoft.  As a Microsoft Solutions Partner for Security, the company now holds all four available Microsoft Security specializations: Threat Protection, Cloud Security, Information Protection and Governance, and Identity and Access Management.  Exclusive security specialization Quorum Cyber in an exclusive group of Microsoft partners who hold all four security specializationsThis achievement places Quorum Cyber in an exclusive group of Microsoft partners who hold all four security specializations – less than half a percent of partners globally have achieved this distinction.  This new specialization allows the company to showcase its proven, verifiable expertise in deploying Microsoft Identity workloads.  It helps customers identify partners with the technical capabilities and proven experience deploying Microsoft Identity workloads using Microsoft Entra ID, a cloud-based identity and access management service.  Certified cybersecurity Quorum Cyber’s expertise was verified through customer references and Microsoft exams to ensure it can deploy and manage workloads, including managing and securing identities, implementing identity governance, and deploying conditional access policies using Microsoft technologies such as Microsoft Entra ID. Microsoft security partners Quorum Cyber was founded as a Microsoft-only security services provider and member of the MISAWith a close and longstanding relationship with Microsoft, Quorum Cyber was founded as a Microsoft-only security services provider and member of the Microsoft Intelligent Security Association (MISA). In 2024, it was a Microsoft Partner of the Year finalist for demonstrating excellence in innovation and implementation of customer solutions based on Microsoft technology.  At the Microsoft Security Excellence Awards in 2024, it was named a Security MSSP of the Year finalist and Security Customer Champion finalist. And Difenda, which Quorum Cyber acquired in 2024, was also shortlisted for Security MSSP of the Year. Strengthening identity security Quorum Cyber has a strong vision for identity security. It remains committed to investing in recruiting and training skilled team members, as well as obtaining industry-recognized certifications, to protect its customers in an inhospitable and unpredictable digital landscape. Advancing security excellence "Gaining the Identity and Access Management specialization from Microsoft underscores our steadfast commitment to securing our customers' identities and data," said Federico Charosky, Chief Executive Officer of Quorum Cyber.  "This recognition showcases our proficiency in identity security and reaffirms our dedication to upholding the highest standards. We are extremely proud to have obtained all four Microsoft Security specializations and look forward to helping our customers benefit from the additional opportunities this achievement brings."