Internet threat news

Hive Ransomware Operations Thwarted by FBI and Europol

On January 26, 2023, the Federal Bureau of Investigation (FBI), along with the US Department of Justice and Europol, announced that a successful campaign to infiltrate Hive ransomwares infrastructure and disrupt operations had been carried out. Hive ransomware had developed a reputation for targeting hospitals, school districts, financial firms, and critical infrastructure and targeted more than 1,500 victims in over 80 countries around the world.

Alleged Stolen League of Legends Code Auctioned

Riot Games, the video game developer behind the ever-popular League of Legends, announced on January 20 that it had been hacked. Following the hack, the company has received a ransom demand to return source code stolen during the hack and has the allegedly stolen source placed on auction by the threat actors.

Ransomware Revenues are Down for 2022

In several previous articles we have covered how the work done by the firm Chainalysis has provided great insight into how ransomware developers and affiliates operate. We have seen how their work has contributed to arrests of ransomware operators. We have also seen how the information generated by the firm can lead to law enforcement placing pressure on ransomware gangs.

BianLian Ransomware Decryptor Released by Avast

On January 16, 2023, cybersecurity firm Avast announced that they had released a decryptor for the BianLian ransomware, not to be confused with the Android trojan of the same name. The decryptor can be used by the victims of the ransomware strain to recover encrypted files that can no longer be accessed by the user as they require an encryption key for access.

Scattered Spider Seen Using the Bring-Your-Own-Vulnerable-Driver Tactics

Many students or young adults will be familiar with the phrase Bring-Your-Own-Booze (BYOB) to denote that the person hosting the party is certainly not providing you drinks. There is something similar in the cyber security sector but it promises even less of a good time. The Bring-Your-Own-Vulnerable-Driver, referred to here on as just BYOVD, tactic allows the attacker to use legitimately signed, but vulnerable, drivers to perform malicious actions on systems.

Dark Web Drug Dealers Moving to Android Apps

The Dark Web is not only the stomping ground of hackers and ransomware operators but several other criminal activities including drug dealing. It was estimated by the United Nations that the Dark Web drug market is now over 315 million USD annually and in 2022 it was estimated that annual sales on this illicit drug market came in at over 470 million USD. To say that using the Dark Web to sell drugs is profitable might be an understatement.

The Season for Crypto Theft

While many of us were enjoying the time spent with family and friends over the festive season, two cryptocurrency platforms were dealing with cyberattacks. In the first incident, lost approximately 3 million USD belonging to both customers and the company, following a theft instigated by a cyberattack. In the second incident, crypto platform 3Commas admitted to having their API keys stolen by hackers. For 3Commas this appears to be yet another security incident on top of a list of previously poorly handled incidents, as will be seen later in this article.

Zombinder Seen Binding to Legitimate Android Apps

Android users now have another cyber security worry to add to the growing pile. According to a report published by Threat Fabric, a malware-as-a-service platform advertised on the Darknet can bind malware to legitimate Android apps. This effectively results in victims infecting themselves and evading any suspicion the infection may cause. The platform dubbed “Zombinder” was discovered been spread via malicious Windows and Android campaigns.

Windows Malware Can Steal Data from Mobile Phones

For many security firms, the dangers posed by nation-state threat actors plot the course for the dangers they face from financially motivated threat actors shortly. One such course has been potentially plotted with the discovery that a newly discovered Windows malware that acts like a backdoor is being used by North Korean state-sponsored hackers in a highly targeted campaign to steal files and send them to Google Drive storage. What’s more, is that data can also be stolen from any mobile device connected to the Windows machine.

Docker Hub Repositories Harbour Malicious Containers

In much the same way that GitHub has been used by malicious threat actors to distribute malware, it would not be long until Docker Hub would be abused for similar purposes. In a recent report published by Sysdig over 1,600 publicly available Docker Hub images are been used to hide malicious behavior, including cryptocurrency miners, embedded secret keys and other authenticators that can be used as backdoors, DNS hijackers, as well as website redirectors.

Hive Ransomware’s Victim Count in the Thousands

According to the Federal Bureau of Investigation (FBI), the Hive gang has successfully extorted over 100 million USD from approximately 1300 victims dating back to July 2021. Unfortunately, those that refuse to pay are likely to experience further ransomware payloads down the line, which is in line with recent Hive tactics and can be seen as an escalation in the famed double extortion tactic prominent in the ransomware space.

Phishing-as-a-Service Platform Gets an Upgrade

Robin Banks, the popular phishing-as-a-service (PaaS) platform amongst the cybercriminal underground, has resurfaced after previously having its backend and frontend rendered useless by Cloudflare. Now the platform has found a new hosting partner based in Russia that boasts distributed-denial-of-service (DDoS) protection for customers. The hosting partner, DDOS-GUARD, has also been linked to hosting QAnon, 8Chan, and Hamas web assets.

Threat Group Deploys New Stealthy Tactics in Attack Campaign

A sophisticated threat group designated as Cranefly by security firm Symantec is using new techniques and tools to bolster an already comprehensive threat package. Not only is Cranefly using new techniques to further attack campaigns but also a previously undiscovered malware dropper given the name Geppei by researchers.

Ransomware Continues to Steal Headlines

Ransomware continues to be one of, if not the primary, threat faced by organizations, particularly large corporations. On October 21, UK car dealer Pendragon released a statement to the press saying,


Page 5 of 52

<< Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>
About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal