Internet threat news

Many, particularly in North America, are still dealing with the hangover from the Super Bowl. Some overindulged if they won, and others looked to drown their sorrows. For the San Francisco 49ers who did not even play in the Super Bowl, any disappointment in not playing was impacted by a cyberattack that occurred just before the Rams and Bengals were set to start.

A ransomware developer has just recently leaked the decryption keys for three separate ransomware strains, all of which have caused no small amount of pain for numerous victims. The leak was made on Bleeping Computer’s forum, a platform used by many to remediate ransomware infections and discover more information about various malware families. Decryption keys were released for Maze, Egregor, and Sekhmet.

In terms of cyber security when North Korea is in the headlines it is generally as the attacker stealing vast sums of money or cryptocurrency and developing new malware  strains and toolsets that keep security researchers busy. Put differently North Korean hackers are highly skilled at making a nuisance of themselves and tend to dish out the punishment.

It has been a bust week for advanced persistent threat (APT) groups if the cyber threat news cycle is anything to go off of. APT27, APT29, and Lazarus Group have all made the headlines on various platforms within a few days of one another. While this should not be read as a ramping up of activity precipitating a massive offensive, the developments highlight new capabilities and tactics used by each group that warrants further investigation.

In the second half of 2021, this publication covered the emergence of a Linux variant of the BlackMatter ransomware. The group behind the ransomware strain would make the news again when the group behind BlackMatter would cease operations following a law enforcement crackdown on several ransomware gangs and their infrastructure for high profile attacks conducted earlier in the year.

The US Treasury Department announced that the department had sanctioned four Ukrainian individuals under suspicion that they had “engaged in Russian government-directed influence activities to destabilize Ukraine”. These efforts are believed to be done with the view of assisting any military effort to control Ukrainian critical infrastructure for the benefit of Russia.

The Treasury Department's Office of Foreign Assets Control (OFAC) issued sanctions against Taras Kozak, Oleh Voloshyn, Volodymyr Oliynyk, and Vladimir Sivkovich. Those accused are either current or former Ukrainian officials ordered to gather information and spread disinformation.

Since the middle of December 2021, a  new ransomware strain seemed to have emerged. Initially, famed ransomware hunter and researcher Michael Gillespie took to Twitter to see if anyone had managed to get a sample of the strain now called White Rabbit, which certainly would have picked up the ears of any Matrix fans despite the bashing the last film received.

A group of cybersecurity researchers at Intezer have discovered a new malware strain that is capable of creating backdoors on Windows, Mac, and Linux machines. The malware was discovered in December 2021 and hints at a trend of new malware being developed that is capable of targeting multiple operating systems.

Towards the end of the holiday season Portland, Oregon-based brewery McMenamins confirmed it had suffered a ransomware attack dating back to December 12, 2021. On December 16, 2021, Bleeping Computer reported that the Brewery has suffered a ransomware incident.

In the NCC Groups monthly threat pulse article it was discovered that the Pysa ransomware strain took the dubious honor of becoming one of the most prolific ransomware strains for the month of November. Attacking businesses has always been on the agenda for those behind Pysa, in the past the publication covered how the gang was targeting organizations within the education sector.

What is rapidly turning into one of the major InfoSec talking points for the year the threat posed by potential exploitation of the Log4j2 flaw is increasing exponentially for those who have not patched the popular logging application. In our previous coverage we detailed how threat actors distributing botnets, remote access trojans, coin miners, and ransomware were already weaponizing the flaw. Now, as predicted nation-state threat actors are looking to do the same.

With the public release of information regarding vulnerability CVE-2021-4428, also known as Log4j2 or Log4Shell, on December 10, 2021, many can be forgiven just letting the news pass by. For players of videogames in the 90s, Log4j2 resembles a save code or even worse a cheat code for a pixel-defined game.

Recently the potential dangers of online shopping were made apparent over the recent Black Friday period. As soon as that ended the Christmas shopping spree began, and another discovery by security firm Sucuri again shows the dangers of online shopping to both consumers and retailers.

According to a recent article published on Securi’s blog, researchers have discovered card skimming malware being injected into WooCommerce plugins.

In November 2021 this publication covered the return of Emotet after law enforcement agencies around the globe worked to cease the malware’s operations by seizing critical infrastructure. Since the return of the botnet, it has been incredibly active being distributed in several campaigns. Now researchers have seen the Botnet dropping the infamous penetration testing tool Cobalt Strike in an attempt to fast forward ransomware attacks.