Tag: Linux
AI-powered ransomware fuels cybercrime
Cybercriminals are now weaponizing artificial intelligence (AI) to create potentially devastating off-the-shelf ransomware. Researchers at cybersecurity company ESET have discovered what they called "the first known AI-powered ransomware". The malware, which ESET has named PromptLock, has the ability to exfiltrate, encrypt, and possibly even destroy data, though this last functionality appears not to have been implemented in the malware as yet.
Malware campaign attacks 300 organizations
Throughout June and August of this year, a sophisticated off-the-shelf malware campaign targeted over 300 organizations. According to cybersecurity company CrowdStrike, the campaign deployed SHAMOS, a malware variant of Atomic macOS Stealer (AMOS) developed by cybercriminal group COOKIE SPIDER.
Skype, Google Meet, and Zoom were used in the New Trojan Campaign – March 7th
Zscaler discovered a new remote access trojan (RAT) campaign that lures victims through fake online meeting links. Once the victims are lured into downloading the RAT through the meeting links impersonating Skype, Google Meet, and Zoom, the RAT payload may enable threat actors to steal sensitive information.
BlackCat gang wields new weapon to target cloud storage – September 18th
The BlackCat ransomware gang is now using the Sphynx encryptor to target Azure cloud storage. The Spynx variant was discovered in March this year in an investigation of a data breach that shared similarities with another attack described in an IBM-Xforce report. BlackCat continues to be one of the most high-profile, sophisticated threat actor groups, owing to the gang's ability to continuously refine and adapt its tactics.
Barracuda again the target of malware attack – August 14th
Barracuda Email Security Gateway devices have again been violated, this time through a novel backdoor malware named 'Whirlpool.' The US Cybersecurity and Infrastructure Security Agency (CISA) has identified the breach to be the work of a pro-China group of hackers. The threat actors have targeted a zero-day remote command injection vulnerability through the malware. Reports say this vulnerability was used to plant malware payloads of Seapsy and Whirlpool backdoors on compromised devices.