Internet threat news
In the NCC Groups monthly threat pulse article it was discovered that the Pysa ransomware strain took the dubious honor of becoming one of the most prolific ransomware strains for the month of November. Attacking businesses has always been on the agenda for those behind Pysa, in the past the publication covered how the gang was targeting organizations within the education sector.
What is rapidly turning into one of the major InfoSec talking points for the year the threat posed by potential exploitation of the Log4j2 flaw is increasing exponentially for those who have not patched the popular logging application. In our previous coverage we detailed how threat actors distributing botnets, remote access trojans, coin miners, and ransomware were already weaponizing the flaw. Now, as predicted nation-state threat actors are looking to do the same.
With the public release of information regarding vulnerability CVE-2021-4428, also known as Log4j2 or Log4Shell, on December 10, 2021, many can be forgiven just letting the news pass by. For players of videogames in the 90s, Log4j2 resembles a save code or even worse a cheat code for a pixel-defined game.
Recently the potential dangers of online shopping were made apparent over the recent Black Friday period. As soon as that ended the Christmas shopping spree began, and another discovery by security firm Sucuri again shows the dangers of online shopping to both consumers and retailers.
According to a recent article published on Securi’s blog, researchers have discovered card skimming malware being injected into WooCommerce plugins.
In November 2021 this publication covered the return of Emotet after law enforcement agencies around the globe worked to cease the malware’s operations by seizing critical infrastructure. Since the return of the botnet, it has been incredibly active being distributed in several campaigns. Now researchers have seen the Botnet dropping the infamous penetration testing tool Cobalt Strike in an attempt to fast forward ransomware attacks.
According to a new report published by Threat Fabric, several malware distribution campaigns have infected almost 300,000 Android users. Infections were carried out by users downloading malicious apps from the Google Play Store containing malware droppers which would then drop banking trojans specifically designed for harvesting and stealing banking credentials.
The theft of credentials is primarily done via a fake banking login page that overlays a legitimate one. Threat actors then exfiltrate the credentials and either sell them on underground marketplaces or use the credentials to commit various kinds of banking fraud. While this phenomenon is certainly not new the tactics used, namely the evolution of past tactics is what has piqued the researcher’s interest in the campaigns.
To say that the cryptocurrency market, now valued at 2.5 trillion USD, has seen its fair share of scams would be an understatement. The latest to affect the cryptocurrency and Non-Fungible Token (NFT) community involves a threat actor targeting enthusiasts on the popular messaging platform Discord.
According to an article published by security firm Morphisec, Discord is being used to distribute crypter malware. Crypter malware can be seen as a specific type of malware that can encrypt, obfuscate, and manipulate malware, to make it harder to detect by security programs. They are typically used by threat actors to pass off malware as legitimate and non-harmful software applications. Crypters broadly come in two forms, static or polymorphic.
The UK’s National Cyber Security Centre (NCSC) was issued a warning noting that a total of 4,151 retailers had been compromised by hackers attempting to exploit vulnerabilities on checkout pages to divert payments and steal details. The retailers impacted have been informed about the vulnerabilities customers are falling victim to over the past 18 months.
According to the warning the majority of victims were impacted by hackers exploiting known vulnerabilities in the e-commerce platform Magento. The vulnerabilities when properly exploited allow the attacker to steal credit card information entered by the customer as well as possibly redirect payments to attacker-controlled bank accounts.
This time the reemergence of the botnet has happened after significant law enforcement efforts bring down the botnet’s infrastructure.
Europol recently published their Internet Organised Crime Threat Assessment report for 2021 which highlights several trends relating to cyber threats, with ransomware yet again featuring prominently in their research. The report notes, among several other trends, that ransomware reports have increased over the 12 month reporting period looked into by the law enforcement organization and that Distributed Denial of Service (DDoS) attacks, or the threat thereof, are being used to place further pressure on victims.
Three separate reports suggest that international law enforcement agencies are continuing to apply pressure to ransomware gangs, whether it’s the gang leaders, infrastructure, or affiliates. Last week we covered how the BlackMatter ransomware gang was experiencing a legal clampdown. Now despite ceasing operations after reports suggested that US Cyber Command successfully targeted servers used by ransomware gang, is still being targeted by law enforcement. Now it appears that there is an international effort to go after affiliates and leaders of the Sodinokibi gang.
“Due to certain unsolvable circumstances associated with pressure from the authorities (part of the team is no longer available, after the latest news) -- project is closed...After 48 hours the entire infrastructure will be turned off, allowing: Issue mail to companies for further communication [and] Get decryptor. For this write 'give a decryptor' inside the company chat, where necessary. We wish you all success, we were glad to work.”
When a company is involved in a merger, acquisition, or listing on an internationally respected stock exchange it is a significant financial event in that organization’s history. The Federal Bureau of Investigation (FBI) is now warning that such events are now being targeted by ransomware gangs in a variety of ways in order to place more pressure on victims to pay the ransom lest the financial event is derailed by ransomware revelations.
According to the threat actors behind the Grief ransomware strain, they have successfully compromised the National Rifle Association (NRA) network, stolen data, and encrypted their data. Bleeping Computer reports that the ransomware group posted the announcement to their leak site along with data stolen from the NRA. The site now boasts images of Excel spreadsheets containing tax and investment information allegedly belonging to the NRA. Further, the group leaked a zip file, “National Grants.zip”, which is reported to contain information relating to grant applications done by the NRA.
Page 3 of 46<< Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>