Tag: cyber research
AI-powered ransomware fuels cybercrime
Cybercriminals are now weaponizing artificial intelligence (AI) to create potentially devastating off-the-shelf ransomware. Researchers at cybersecurity company ESET have discovered what they called "the first known AI-powered ransomware". The malware, which ESET has named PromptLock, has the ability to exfiltrate, encrypt, and possibly even destroy data, though this last functionality appears not to have been implemented in the malware as yet.
Darcula can suck the blood out of any brand
Cybercrime just got easier. A new artificial intelligence off-the-shelf phishing kit named darcula now enables even inexperienced cyber criminals to impersonate any corporate brand with a complex, customizable campaign. Phishing generally refers to a form of online fraud where attackers attempt to steal sensitive information such as passwords, credit card numbers, or bank account details. “The criminals at darcula are back for more blood, and they mean business with one of the more impactful innovations in phishing in recent years. The new version of their “Phishing-as-a-Service” (PhaaS) platform, darcula-suite adds first-of-its-kind personalization capabilities …to allow criminals to build advanced phishing kits that can now target any brand with the click of a button,” says Cybersecurity company, Netcraft.
MacOS users targeted by ‘infostealer’ malware
Apple computer users are suffering a growing number of ‘infostealer’ attacks across multiple regions and industries. These are a form of malicious software created to breach computer systems in order to steal sensitive information. The Palo Alto Networks Unit42 research group has detected a 101 percent increase in macOS infostealers in the last two quarters of 2024. The researchers identified three particularly prevalent macOS infostealers: Poseidon, Atomic, and Cthulhu. The developers of Atomic Stealer sell it as malware as a service (MaaS) in hacker forums and on Telegram. The Atomic Stealer operators usually distribute their malware via malvertising - the use of online advertising to spread malware. This typically involves injecting malicious or malware-laden advertisements into legitimate online advertising networks and webpages. It is capable of stealing notes and documents, browser data such as passwords, and cookies, cryptocurrency wallets, and instant messaging data. Atomic Stealer, also known as AMOS was first discovered in April 2023.
Bucket shop bargains for cybercriminals
Researchers have revealed current vulnerabilities in Amazon’s data storage services, the knock-on effect of which could potentially result in the biggest supply-chain attack in the internet’s history. In November 2024, watchTowr Labs decided to show how a significant Internet-wide supply-chain attack could be caused by abandoned infrastructure left unattended and forgotten on the internet. The researchers chose to focus on an Amazon business data storage service, known as ‘S3 buckets’.
Mercedes Benz Vulnerability Places Risk of Remote Access – January 20th
CERT-UA warns of attackers impersonating the agency via fake AnyDesk requests for "security audits." Remote access should only occur with prior approval through official channels to mitigate these risks. Amid ongoing cyberattacks linked to the Russo-Ukrainian war, over 1,042 incidents were detected in 2024, including espionage and malware campaigns by groups like Gamaredon and Sticky Werewolf. Pro-Russian and pro-Ukrainian actors continue targeting each other with phishing and credential theft efforts.
Microsoft accused of major security gaps
Microsoft is accused of failing to implement some basic security controls on its hugely popular Visual Studio Code (VSCode) extensions marketplace. An open letter from independent researchers published on Medium reports “an incredible number of security design flaws implemented by Microsoft that provide amazing ways for threat actors to gain credibility and access.” The researchers say the biggest security design flaw with VSCode extensions is the lack of any permission model. For example, a theme extension that should only change the colors of the user’s integrated development environment (IDE) may execute code and read or write files without any visibility or explicit authorization from the user. The researchers have also published research evidencing the security flaws highlighted in the open letter.
Rubrik listing underlines strength of cyber sector
The cyber sector has received another boost with the initial public offering (IPO) of shares in Microsoft-backed cloud-based cybersecurity firm Rubrik, valuing the company at around $6.5 billion. Last week also saw that US private equity (PE) firm Thoma Bravo is to take UK cybersecurity company Darktrace private in a deal valuing the firm at over $5 billion. Orders for Rubrik’s IPO were reported to be oversubscribed for 20 times the 23.5 million shares on offer, with half of the shares allocated to top institutional investors. This investor appetite for the cyber stock is being seen as a testimony to the robustness of the cybersecurity sector, as Rubrik posted operating losses of $307 million last year. But it is the company’s current growth curve that seems to have spurred on investors, with annual recurring revenues reported at $784 million as of the end of 2023, up 47% on the year before.