Tag: malware
Skype, Google Meet, and Zoom were used in the New Trojan Campaign – March 7th
Zscaler discovered a new remote access trojan (RAT) campaign that lures victims through fake online meeting links. Once the victims are lured into downloading the RAT through the meeting links impersonating Skype, Google Meet, and Zoom, the RAT payload may enable threat actors to steal sensitive information.
‘Ransomania’ Ransomware Repository Launches – February 19th
Cyberint announced the launch of 'Ransomania' a free-to-use ransomware attack repository featuring thousands of recorded ransomware attacks. Ransomania allows users to browse a global map of ransomware hotspots, filtered by region, industry, and time of attack.
iOS Trojan Steals Facial Recognition Data – February 16th
Group-IB discovered a new iOS Trojan named "GoldPickaxe.iOS" that was built to steal facial recognition data from infected iOS devices. The 'GoldPickaxe' Trojan abuses the TestFlight exploit, which sends users innocent URLs that downloads the malware when clicked. According to Group-IB, the stolen biometric data is used to gain unauthorized access to banking accounts.
UK Claims e-Visas to be an ‘Enhanced Security’ Measure – February 12th
In the UK's move to phase out physical immigration documents by 2025, the UK’s Home Office claims the implementation of e-Visas to be not only for convenience and cost safety but also for 'enhanced security'. Although not much information is known on the newly implemented e-visa, the UK Home Office claims the e-visa to be securely linked with biometric information for enhanced security measures.
Blocked IP Addresses Increase by 116% – February 9th
According to a report by Qrator Labs, blocked IP addresses associated with malicious activity increased by 116% in Q3 2023. The increase in blocked IP addresses is credited to threat actors attempting to bypass geo-blocking. Top top 5 countries originating these blocked IP addresses consist of the United States (5.66 million), China (4.97 million), Germany (1.39 million), Indonesia (1.32 million), and Singapore (1.03 million).
Ransomware Payments Reach a Collective Payout Estimated at $1B in 2023 – February 8th
According to Chainalysis, the estimated total value received by ransomware attackers reached $1.1B in 2023. The Chainalysis report also states that the estimated $1.1B only pertains to ransomware demands collected, and does not account for operational and third-party disruption costs.
Chinese Malware Breaches Dutch Defense Department – February 7th
Specialists from the Netherlands' Military Intelligence and Security Service (MIVD) and the General Intelligence and Security Service (AIVD) announced a Chinese nation-state-sponsored malware 'Coathanger' and its breach on the Dutch Ministry of Defense (MoD). The stealthy 'Coathanger' malware's code revealed a remote access trojan (RAT) specifically built to infiltrate Fortinet's FortiGate firewalls through the 'CVE-2022-42475' vulnerability, which resulted in stolen user account credentials from the Dutch MoD's servers.
CISA and EPA Launch Water Sector Cyber Toolkit – February 2nd
CISA and EPA Launch Water Sector Cyber Toolkit Amid the recent string
Supply-chain attacks impacted 54m victims in 2023
Last year saw exponential growth in the number of organizations impacted by supply-chain attacks, although the increase in the number of organizations targeted has remained slow. According to the 2023 data breach report from the Identity Theft Resource Center (ITRC) the number of organizations impacted has surged by more than 2,600 percent since 2018, affecting over 54 million victims. “We must acknowledge the significant impact of Supply Chain Attacks and their effect on all organizations. A single supply chain attack can directly or indirectly impact hundreds or thousands of businesses that rely on the same vendor,” warns the ITRC. While supply chain attacks have been around for many years, the ability to automate and launch the attacks at scale accelerated in 2018. The MOVEit attack last year shows the scope and scale a Supply Chain Attack can have. According to the report, 102 entities were directly impacted by threat actors exploiting a MOVEit product. However, 1,271 organizations were indirectly affected when information stored in or accessed by a MOVEit product or service was compromised via a vendor or vendors.
The UK Warns on AI-Generated Malware from Nation-States – January 25th
According to the UK's National Cyber Security Centre (NCSC), AI-generated malware built to avoid detection could be a serious threat inflicted by nation-state threat actors this year. The NCSC further stated that based on their investigations, they believe nation-state groups hold repositories of malware large enough to effectively train an AI model to bolster ransomware attack capabilities.
Exfiltrated Info Automatically Spread on Discord Bot Channel – January 23rd
On an analysis published by Trellix security researcher Gurumoorthi Ramanathan, the "NS-STEALER" malware distributed via a hidden ZIP file could lead to captured data automatically displayed on the Discord bot channel "EventListener". The hidden malware "NS-STEALER" when deployed onto a user's system, can automatically collect screenshots, cookies, credentials, autofill data, and system information from web browsers.
CISA and FBI Release IOCs Associated with Androxgh0st Malware – January 17th
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) released a joint cybersecurity advisory (CSA) containing the Indicators of Compromise (IOC) associated with the Androxgh0st malware. The joint CSA also contained the dangerous Androxgh0st malware tactics, techniques, and procedures associated with the malware's threat actors. The malware establishes a botnet for victim identification, exploits vulnerable networks, targets the theft of sensitive data, and may lead to remote code execution.