Internet threat news

Almost yearly, a major card skimming attack occurs that deserves media attention. Often simply referred to as Magecart attacks, central to these attacks is modifying JavaScript code on the end user side to steal the card data entered by the unsuspecting victim.

To carry out this primary function, hackers have developed several techniques, including, according to newly published research by Akamai, threat actors are hijacking the 404 error pages of online retailers' websites, hiding malicious code to steal customers' credit card information.

In a recent report by security firm NSFOCUS, details of a new threat actor emerged. Named AtlasCross by researchers, the attack campaign was discovered when researchers discovered suspicious documents that formed part of a phishing campaign.

Upon further investigation, researchers believed they stumbled on a new advanced persistent threat actor who is both skilled and cautious in their attack approach.

Along with discovering a new threat actor, two new trojans, DangerAds and AtlasAgent, have also been discovered.

On September 11, news reports began emerging stating that MGM Resorts International had suffered a cyber incident and had shut down several critical IT systems. This was soon followed by MGM posting to their Twitter account acknowledging they had suffered a cyber incident.

Still, the statement was light on details despite the company's main website, online reservations, and in-casino services, like ATMs, slot machines, and credit card machines being taken offline.

Following the publication of new research by security firm Sentinel One, a new infostealer has been seen in the wild. Titled MetaStealer, not to be confused with another info-stealer, META, targets Intel-based MacOS systems.

According to a recent report published by Microsoft, a series of attack campaigns targeting organizations in Taiwan.

Security researchers at the Redmond tech giant have attributed the attacks to an advanced persistent threat actor tracked by Microsoft as Flax Typhoon.

According to Microsoft’s Threat Intelligence Team, a new version of the BlackCat ransomware, also tracked as ALPHV, has been seen dropping the Impacket networking framework and the Remcom hacking tool during the infection process.

Both the framework and the hacking tool can be used by threat actors to better spread laterally across a compromised network.

At PCRisk, we have closely followed the trials and tribulations associated with the Raccoon Stealer spyware, also often referred to as an info stealer. The last time we covered the topic was when Raccoon Stealer 2.0 emerged.

Based on a recent report published by Sentinel Labs, it seems North Korean state-sponsored hackers are fine with targeting critical infrastructure within an ally's borders.

The report shows that the North Korean government is prepared to target allies supporting its contentious missile program, including a Russian missile manufacturer.

Microsoft's Threat Intelligence team detected a series of highly targeted credential theft phishing attacks that sent lures sent as Microsoft Teams chats.

According to a new report by security firm CYFIRMA, a known Indian threat group tracked as Bahamut is distributing a fake Android app called "Safe Chat" to infect devices with spyware malware that steals call logs, texts, and GPS locations from phones.

Further, the malware is capable of stealing data from other messaging apps, including WhatsApp, Telegram, Facebook Messenger, Signal and Viber.

In June 2023, yet another new player was detected on the ransomware scene, dubbed NoEscape; it is now widely believed to be a successor to the previously shut-down Avaddon ransomware.

Every year, Chainalysis publishes its crypto crime report, which focuses on tracking illicit cryptocurrency flows associated with cybercrime. Every year it makes for exciting reading, and 2023 is no different.

New research from security firm Check Point shows Chinese Threat Actors actively targeting European government agencies with a focus on embassies and foreign affairs ministries in a campaign used to distribute SmugX.

Security firm Avast has released a free decryptor for those impacted by the Akira ransomware. The decryptor can help victims recover their data without paying the ransom, and Avast has released decryptors for both 64-bit and 32-bit Windows operating systems.