Tag: Cybersecurity
Beware weaponized Google Ads
Cybercriminals are exploiting a previously unseen backdoor to substitute ‘malvertizing’, weaponized bogus ads to push them to the top of Google searches. The attacks are particularly dangerous to corporations of all sizes, as they are aimed squarely at in-house IT professionals, who invariably hold the keys to the organization’s digital kingdom The unknown threat actor(s) ' selection of spoofed software evidences that cybercriminals’ targets primarily consist of IT professionals, particularly those in IT security and network administration roles, according to research from Zscaler ThreatLabz. “Beginning in March of 2024, Zscaler ThreatLabz observed a threat actor weaponizing a cluster of domains masquerading as legitimate IP scanner software sites to distribute a previously unseen backdoor. The threat actor registered multiple look-alike domains…and leveraged Google Ads to push these domains to the top of search engine results targeting specific search keywords,” says Zscaler ThreatLabz.
Rise in ‘brute force’ attacks on VPNs
The past four weeks have seen a sharp global increase in ‘brute force’ attacks on virtual private network (VPN) services, which supply private networks using encryption over the internet. ‘Brute force’ attacks use trial and error to crack passwords, login credentials, and encryption keys. New life has been breathed into what is an old hacking technique with widely available software using artificial intelligence (AI) that can carry out large numbers of attempts automatically. Cisco Talos Intelligence Group reports a sharp rise worldwide in this type of attack against targets, including virtual private network (VPN) services and web authentication interfaces. “Cisco Talos has been actively monitoring a global increase in brute-force attacks against a variety of targets, including Virtual Private Network (VPN) services, web application authentication interfaces, and SSH services since at least March 18, 2024. The traffic related to these attacks has increased with time and is likely to continue to rise,” predicts Cisco Talos
Middle Eastern Governments Targeted by Evasive “CR4T” Backdoor – April 19th
Kaspersky reported on their discovery of the cyber campaign labeled "DuneQuixote," which targets Middle Eastern government agencies through a sophisticated backdoor to spread malware. The backdoor, "CR4T," is a C/C++-based memory-only implant that enables threat actors to access consoles for command-line execution. This can lead to uploading and downloading illicit files onto affected systems.
Malware Found to Evade Ukranian Detection for 9 Years – April 18th
Cisco Talos revealed its findings, showing that select Ukranian government agencies have been infected with the 'OfflRouter' malware since 2015. Cisco Talos researcher, Vanja Svajcer said. "The virus is still active in Ukraine and is causing potentially confidential documents to be uploaded to publicly accessible document repositories."
73% of SME Security Professionals Failed to Act on a High Priority Security Alert – April 17th
According to a survey from Coro, 73% of SME cybersecurity professionals admittedly say that they've missed, ignored, or failed to act accordingly on a high-priority security alert. The survey also found respondents to spend an average of 4 hours and 43 minutes managing their cyber security tools daily, with an average of 11.55 tools in their security stack.
Two Individuals Linked to “Hive RAT” Arrested – April 16th
The U.S. Department of Justice (DoJ) announced the arrest of two individuals in Australia for their ties to the "Hive RAT" remote access trojan (RAT). The two arrested individuals are suspected of being behind the distribution of the RAT, as found on the ‘Hack Forums’ cybercrime forum.
NSA Publishes AI System Guidelines for Security – April 15th
The National Security Agency (NSA) released a Cybersecurity Information Sheet (CSI) focused on the secure deployment of AI systems. The CSI, entitled "Deploying AI Systems Securely: Best Practices for Deploying Secure and Resilient AI Systems," covers the guidelines set to avoid the exploitation of malicious activity targeting software of still-developing AI technology.
Over 500k Accounts Affected by the Roku Breach – April 12th
Stemming from a breach earlier this year only affecting 15k Roku accounts, a second breach sees heavier implications, affecting over half a million of the company's subscribers. Roku claims that the hackers did not gain access to any financially sensitive customer information and assures that refunds would be made for unauthorized account purchases. For further security measures, Roku also enables a two-factor authentication for all accounts.
US Department of Health and Human Services Falls Victim to Social Engineered Scam – April 11th
The US Department of Health and Human Services (HHS) reported that they fell victim to a social engineering scam over the phone, imitating HHS' financial department, convincing them to hand over ID verification details. The threat actors, aside from imitating HHS' financial department, pulled the attack off by using local area codes and AI voice-changing technology to disguise themselves. The surrendered information could lead to threat actors bypassing multifactor authentication (MFA) security.
Q1 2024 Ransomware Attacks See 22% Drop – April 10th
Cyberint released a report that discloses the 22% drop in ransomware cases from Q4 2023 to Q1 2024, or from 1,309 down to 1,048 cases. The 'Q1 Ransomware Report' credits the decrease in ransomware attacks to a major uptick in law enforcement crackdowns on cyber criminal gangs, with notable major actions against LockBit and ALPHV.
AI is fueling China’s cyber war against the US
Once again, China is harnessing new Western technology to attack and undermine the US at home and overseas. According to a new report from Microsoft, this time, China is using AI-generated fake social media accounts to influence the outcome of the upcoming US presidential elections. The report, Same targets, new playbooks: East Asia threat actors employ unique methods, details China’s recent attempts to discredit the US government, including misinformation regarding: the Kentucky train derailment in November; the Maui wildfires in August; the disposal of Japanese nuclear wastewater, illegal drug use in the US as well as exacerbating the increasing racial tensions across the US.
Change Healthcare Hit by Another Potential Cyber Attack – April 9th
Arriving just a month after a paid ransom was demanded following the massive data breach in February 2024, Change Healthcare reported on another potential cyberattack: extortion from the "ransomhub" group. Initiated by the new "ransomhub" group, with suspected connections to BlackCat, the double-extortion claim has yet to be confirmed by cybersecurity experts.