A naukri.com initiative
Malware News
Medium
2d
248
Threat Intelligence Report: Scattered Spider Campaigns
- This report analyzes the recent activities of the Scattered Spider cybercrime group, focusing on their campaign targeting financial institutions in May 2024.
- The campaign targeted financial institutions in the United States, including Visa Inc., PNC Financial Services Group, Transamerica, New York Life Insurance, and Synchrony Financial.
- Scattered Spider utilizes social engineering tactics, likely phishing emails, to gain access to targeted systems.
- Recommendations include security awareness training, multi-factor authentication, patch management, endpoint detection and response, network security monitoring, incident response planning, and threat intelligence sharing.
Read Full Article
14 Likes
Medium
2d
307
Image Credit: Medium
The Phorpiex and LockBit Black Tango: A Multi-Million Dollar Malware Match
- The Phorpiex botnet and LockBit Black ransomware were involved in a multi-million dollar malware attack.
- Phorpiex is a spam distributor turned Malware-as-a-Service (MaaS) platform, while LockBit Black is a ruthless encrypting ransomware.
- The attack involved a massive phishing campaign orchestrated through the Phorpiex botnet, with millions of phishing emails sent worldwide.
- To minimize the risk of falling victim, individuals and organizations should practice phishing awareness, use strong passwords, maintain regular backups, invest in security software, and provide employee education.
Read Full Article
18 Likes
Gbhackers
2d
63
New Botnet Sending Millions of Weaponized Emails with LockBit Black Ransomware
- LockBit Black ransomware campaign detected, leveraging a botnet to distribute millions of weaponized emails.
- Emails contain malicious ZIP attachments, spreading the LockBit Black ransomware upon execution.
- Over 1,500 unique IP addresses associated with the campaign, originating from countries including Kazakhstan, Uzbekistan, Iran, Russia, and China.
- NJCCIC issues recommendations such as security awareness training, strong passwords, system updates, and email filtering to mitigate the threat.
Read Full Article
3 Likes
Cybersafe
2d
201
Image Credit: Cybersafe
Botnet sent millions of emails in LockBit Black ransomware campaign
- Since April, millions of phishing emails have been sent through the Phorpiex botnet to conduct a large-scale LockBit Black ransomware campaign.
- The attackers use ZIP attachments containing an executable that deploys the LockBit Black payload, encrypting recipients' systems.
- The campaign is not believed to have any affiliation with the actual LockBit ransomware operation.
- The Phorpiex botnet, used in this campaign, has been active for over a decade and has previously been involved in sextortion emails and cryptocurrency theft.
Read Full Article
12 Likes
Gbhackers
2d
209
Threat Actor Selling INC Ransomware Code for $300,000
- A threat actor is selling the INC Ransomware code for $300,000.
- The availability of powerful tools like INC Ransomware on the black market could increase ransomware attacks.
- Businesses should strengthen their security measures, implement backup systems, and educate employees about the dangers of hacking.
- The cybersecurity community continues to develop new technologies and strategies to combat ransomware and other forms of hacking.
Read Full Article
12 Likes
Gbhackers
2d
178
Hackers Abuse DNS Tunneling For Covert Communication & Firewall Bypass
- Hackers use DNS tunneling to bypass traditional security measures and communicate covertly.
- DNS tunneling allows hackers to wrap malicious data inside DNS queries and responses.
- They can smuggle sensitive information or communicate with command and control servers.
- DNS tunneling is stealthy and difficult to detect due to its use of encryption and obfuscation.
Read Full Article
10 Likes
Securityaffairs
2d
333
Image Credit: Securityaffairs
Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware
- Since April, the Phorpiex botnet has been used to send millions of phishing emails as part of a LockBit Black ransomware campaign.
- The botnet, active since 2016, has been involved in sextortion spam campaigns, crypto-jacking, cryptocurrency clipping, and ransomware attacks.
- In August 2021, the criminal organization behind the Phorpiex botnet shut down their operations and put the bot's source code for sale on the dark web.
- In December 2021, a new variant of the Phorpiex botnet, named Twizt, was observed, allowing the theft of crypto assets worth $500,000.
Read Full Article
20 Likes
Cybersecurity-Insiders
2d
130
Image Credit: Cybersecurity-Insiders
LockBit using botnets to send 9 million emails
- The LockBit ransomware group is using the Phorpiex Botnet to send approximately 9 million phishing emails.
- The emails contain ZIP file attachments with malicious payloads.
- The LockBit 3.0 version botnet is used to distribute the malware.
- Experts recommend fostering employee awareness and implementing email filtering tools to mitigate the spread of spam.
Read Full Article
7 Likes
Arstechnica
3d
135
Image Credit: Arstechnica
Black Basta ransomware group is imperiling critical infrastructure, groups warn
- Black Basta ransomware group is imperiling critical infrastructure.
- The group has targeted over 500 organizations in the past two years.
- Ascension, a St. Louis-based health care system, is one of the recent victims.
- The attacks have caused severe operational disruptions in critical sectors.
Read Full Article
8 Likes
Medium
3d
368
Image Credit: Medium
Southern Ontario Hospitals Cyber Incident Analysis
- The hospitals’ online services, such as patient records and email, were affected by a cyberattack on their systems provided by TransForm.
- Daixin Team, an organized cybercrime gang, claimed responsibility for the attack and published stolen patient data.
- The incident highlights the importance of robust cybersecurity in healthcare institutions and the potential harm caused by cyberattacks.
- The hospitals are working on recovery and improving digital security, and have reported the findings to the Ontario Information and Privacy Commissioner.
Read Full Article
22 Likes
Gbhackers
3d
192
Scattered Spider Attacking Finance & Insurance Industries WorldWide
- The Scattered Spider group of hackers has been actively attacking the finance and insurance industries worldwide.
- Hackers target these sectors due to the large volumes of sensitive data they possess, including financial information and personal identities.
- Breaches in these industries can lead to financial manipulation, extortion, and fraud.
- Scattered Spider employs sophisticated tactics such as SIM swapping and domain impersonation to gain access to targeted systems.
Read Full Article
11 Likes
Gbhackers
3d
108
Tycoon 2FA Attacking Microsoft 365 AND Google Users To Bypass MFA
- Tycoon 2FA is a phishing platform targeting Microsoft 365 and Gmail accounts.
- It uses an AitM technique to steal user session cookies and bypass MFA.
- The platform has updated its features to evade security defenses and avoid detection.
- Tycoon 2FA employs various tactics such as fake authentication links and QR codes to steal credentials.
Read Full Article
6 Likes
Medium
3d
168
Image Credit: Medium
Revealing the Threat of Black Basta: A Global Ransomware Epidemic — Over 500 Organizations Targeted
- Black Basta, a ransomware-as-a-service group, has targeted over 500 organizations worldwide.
- They have amassed over $100 million in ransom payments and specialize in targeting critical infrastructure sectors.
- Utilizing phishing techniques and exploiting vulnerabilities, they gain initial access and deploy various tools for remote access and data exfiltration.
- Cybersecurity experts are providing guidance and support to affected organizations to mitigate the risk, while initiatives like decryptors offer hope to victims.
Read Full Article
10 Likes
Krebsonsecurity
3d
56
How Did Authorities Identify the Alleged Lockbit Boss?
- Last week, the United States joined the U.K. and Australia in sanctioning and charging a Russian man named Dmitry Yuryevich Khoroshev as the leader of the infamous LockBit ransomware group.
- According to DomainTools.com, the address [email protected] was used to register at least six domains, including a Russian business registered in Khoroshev's name called tkaner.com, which is a blog about clothing and fabrics.
- Federal investigators say Khoroshev ran LockBit as a “ransomware-as-a-service” operation, wherein he kept 20 percent of any ransom amount paid by a victim organization infected with his code, with the remaining 80 percent of the payment going to LockBit affiliates responsible for spreading the malware.
- The government alleges Khoroshev created, sold and used the LockBit ransomware strain to personally extort more than $100 million from hundreds of victim organizations, and that LockBit as a group extorted roughly half a billion dollars over four years.
- Cyber intelligence firm Intel 471 finds that [email protected] was used by a Russian-speaking member called Pin on the English-language cybercrime forum Opensc.
- Someone with those qualifications — as well as demonstrated mastery of data encryption and decryption techniques — would have been in great demand by the ransomware-as-a-service industry that took off at around the same time NeroWolfe vanished from the forums.
- The original LockBit malware was written in C (a language that NeroWolfe excelled at).
- Thus, whoever Putinkrab was before they adopted that moniker, it’s a safe bet they were involved in the development and use of earlier, highly successful ransomware strains.
- Not long after Khoroshev was charged as the leader of LockBit, a number of open-source intelligence accounts on Telegram began extending the information released by the Treasury Department.
- Within hours, these sleuths had unearthed more than a dozen credit card accounts used by Khoroshev over the past decade, as well as his various bank account numbers in Russia.
- This is always excellent advice. But these days, that can be a lot easier said than done — especially with people who a) do not wish to be found, and b) don’t exactly file annual reports.
Read Full Article
3 Likes
Socprime
3d
193
Image Credit: Socprime
Black Basta Activity Detection: FBI, CISA & Partners Warn of Increasing Ransomware Attacks Targeting Critical Infrastructure Sectors, Including Healthcare
- Black Basta ransomware operators have breached over 500 organizations globally.
- FBI, CISA, and partners issue cybersecurity advisory regarding increasing Black Basta ransomware attacks on critical infrastructure sectors, including healthcare.
- Black Basta employs phishing, weaponizes security flaws, and uses a double-extortion approach.
- Recommendations include installing updates, applying multi-factor authentication, securing remote access toolkits, and maintaining backups.
Read Full Article
11 Likes
For uninterrupted reading, download the app