A naukri.com initiative
Sentinelone
4w
354
Image Credit: Sentinelone
The Good, the Bad and the Ugly in Cybersecurity – Week 41
- Mark Sokolovsky, a Ukrainian national who ran Raccoon Infostealer, has pleaded guilty, a malware-as-a-service (MaaS) linked to the theft of millions of sensitive data like PII, bank account details, and cryptocurrency information.
- Several Units of law enforcement group was able to seize two extensive dark market places: Bohemia and Cannabia.
- Two advanced toolsets used for cyberattacks on embassies and government organizations have been identified this week, attracting attention to little-known threat actor, GoldenJackal.
- GoldenJackal’s latest toolset drives malware propagation, performs data collection and leverages machine servers to stage and distribute payloads to other hosts for breaching air-gapped networks.
- Mamba 2FA, a phishing-as-a-service (PhaaS) platform, has been targeting Microsoft 365 account holders through convincing login pages and various security evasion techniques.
- Mamba 2FA phishing kit offers advanced phishing templates for services like OneDrive, SharePoint, and Microsoft login pages and enables attackers to customize phishing pages and reflect the branding of targeted organizations.
- Most recently, Mamba 2FA has improved its stealth tactics and became hard for organizations to detect unusual logins.
- To defend against sophisticated AiTM phishing tactics, organizations can implement hardware security keys, certificate-based authentication, geo-blocking, IP and device allowlisting, and limit token lifespans.
- GoldenJackal and Mamba 2FA are two ugly faces in cybersecurity.
- These events demonstrate the importance of international collaboration between law enforcement agencies to disrupt cybercriminal operations.
Read Full Article
21 Likes
For uninterrupted reading, download the app