Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Phishing emails. Show all posts
User Security
Cyber Security Data Privacy Email Spoofing Phishing emails User Security

Google Strengthens Gmail Security, Blocks Spoofed Emails to Combat Phishing

 

Google has begun automatically blocking emails sent by bulk senders who do not satisfy tighter spam criteria and authenticating their messages in line with new requirements to strengthen defences against spam and phishing attacks. 

As announced in October, users who send more than 5,000 messages per day to Gmail accounts must now configure SPF/DKIM and DMARC email authentication for their domains. 

The updated regulations also mandate that bulk email senders refrain from delivering unsolicited or unwanted messages, offer a one-click unsubscribe option, and react to requests to unsubscribe within two working days. 

Additionally, spam rates must be kept at 0.3%, and "From" headers cannot act like to be from Gmail. Email delivery issues, such as emails being rejected or automatically directed to recipients' spam folders, may arise from noncompliance. 

"Bulk senders who don't meet our sender requirements will start getting temporary errors with error codes on a small portion of messages that don't meet the requirements," Google stated. "These temporary errors help senders identify email that doesn't meet our guidelines so senders can resolve issues that prevent compliance.” 

In April 2024, we will start rejecting non-compliant traffic. Rejection will be gradual, affecting solely non-compliant traffic. We strongly recommend senders to utilise the temporary failure enforcement period to make any necessary changes to become compliant, Google added. 

The company also intends to implement these regulations beginning in June, with an expedited timeline for domains used to send bulk emails starting January 1, 2024.

As Google said when the new guidelines were first released, its AI-powered defences can successfully filter roughly 15 billion unwelcome emails per day, avoiding more than 99.9% of spam, phishing attempts, and malware from reaching users' inboxes. 

"You shouldn't need to worry about the intricacies of email security standards, but you should be able to confidently rely on an email's source," noted Neil Kumaran, Group Product Manager for Gmail Security & Trust in October. "Ultimately, this will close loopholes exploited by attackers that threaten everyone who uses email.”
Read more »
US infrastructure
AsyncRAT command-and-control infrastructure Cybersecurity domain generation algorithm malware open-source trojan Phishing emails Threat Group US infrastructure

This Malware is Assaulting Critical US Infrastructure for Almost a Year

 

Over the course of the last 11 months, a threat group has actively engaged in a phishing campaign targeting employees across various companies, distributing an open-source trojan program named AsyncRAT. The victims of this campaign notably include companies responsible for managing critical infrastructure in the United States.

The cybersecurity division of AT&T, known as Alien Labs, has reported that the attackers employ a domain generation algorithm (DGA) within their command-and-control (C&C) infrastructure. This technique helps them rotate through a large number of domains, making it challenging to block traffic. In an effort to evade detection, the threat actors continually generate new samples of the malicious tool. Researchers have identified over 300 samples and 100 domains associated with this particular campaign.

AsyncRAT, an open-source remote access tool released in 2019 and still available on GitHub, serves as the attackers' weapon of choice. As a remote access trojan (RAT), AsyncRAT offers features such as keylogging, exfiltration techniques, and initial access staging for delivering the final payload.

It's not uncommon for even sophisticated threat actors to utilize open-source malware frameworks, providing advantages such as low development costs and plausible deniability. Interestingly, AsyncRAT had been previously employed in 2022 by an APT group known as Earth Berberoka or GamblingPuppet, as tracked by security firm Trend Micro.

The phishing emails, scrutinized by Alien Labs and other researchers, employ a thread hijacking technique to direct users to a phishing page, eventually dropping a JavaScript (.js) file on users' computers. This script, when opened in Notepad, contains numerous randomly commented-out English words, while variants using Sanskrit characters have also been reported in previous campaigns. The highly obfuscated script aims to download the second-stage payload from a URL encoded using a custom cipher and decimal values.

The second-stage payload is another encoded script in PowerShell, executed directly in memory without being saved to disk. The PowerShell script communicates with a rotating C&C server domain, sending information such as computer hostname and a variable indicating the likelihood of the computer being a virtual machine or sandbox.

If deemed a valid target, the C&C server deploys AsyncRAT. In the case of a potential virtual machine or sandbox, the server redirects the request to Google or launches a different PowerShell script that downloads and initiates a decoy RAT, designed to distract researchers investigating the campaign.

To further complicate detection, the attackers regularly randomize the script code and malware samples, and they rotate C&C domains weekly. Despite these efforts, Alien Lab researchers managed to reverse-engineer the domain generation algorithm, providing insights into historical samples and enabling the development of detection signatures for future infrastructure identification. The AT&T Alien Labs report includes detection signatures for the Suricata intrusion detection system and a list of indicators of compromise (IOC) for building detections on other systems.
Read more »
Phishing emails
Banks Cyber Security Data Breaches Phishing Attack Phishing Education Phishing emails

Tips for Banks to Prevent Data Breaches Through Phishing Education


Despite the roaring advancement in the field of technology, phishing remains one of the most common cybersecurity hazards. According to recent studies, phishing losses in the US alone were $52 million.

The lack of proper awareness in regards to cybersecurity could be one of the reasons why phishing attacks are escalating at a concerning rate. While many finance institutions are aware of the importance to cybersecurity, they fail to educate their employees of the same. 

Here, we are mentioning some ideas which might help banks to thwart phishing efforts and safeguard the information of their customers and employees:

Focus on Behavioral Change

The majority of banks use a similar approach for their cybersecurity training programs: they put all of their non-technical staff in a room, have their security team show a lecture with a few slides showing breach numbers, and attempt to scared them into acting accordingly.

It goes without saying that this strategy is ineffective. It is time for banks to start seeing their staff as a bulwark against phishing attempts rather than as a risk.

One way to do this is for banks to change their employees’ behaviors under stress, rather than threatening them by making them aware of the stressful situations. For example, instead of showing them the malicious emails, they must be educated on the right measure they must follow to identify such emails. 

A bank can also do this by running simulations of the situations, where an employee will be free to make mistakes and learn from those mistakes. This way, an employee can as well make judgements on their actions and even receive instant feedbacks in a safe environment. By doing so, an actual breach will not be the only time the employee is dealing with a feedback. 

Employees can view learning paths and review progress on simulation platforms. The skills of a technological employee will differ greatly from those of a non-technical person. The way forward is to provide positive feedback throughout and to customize learning routes.

Install Security as a Founding Principle

For most banks, the importance of security is communicated with a negative attitude. They draw attention to the possibility of a breach, the harm to the bank's reputation, and the possible consequences for an employee's career should they fall prey to phishing scams.

When a worker receives a phony email from someone posing as their manager, these intimidation techniques are ineffective. Because they trust the manager's persona, employees are unlikely to refuse a request from that organization. Rather, banks ought to embrace a proactive stance and integrate security into their overall brand.

For example, inducing fear among the employees into not clicking the malicious links, banks should instead introduce policies when an employee could quickly determine whether an email is a phishing attempt, rather than attempting to scare them into not clicking on harmful links. Giving them access to an automated tool or having a security guard on duty are excellent choices.

Policies like shredding and discarding important documents in secure bins to cybersecurity practices is essential. Employees must be reminded that the work they do is in fact critical and their actions do matter.

Set Communication Templates

Bank personnel utilize emails, which are rich in data, to communicate with a variety of stakeholders. This is used by malicious actors, who impersonate a different individual and deceive workers into downloading malware.

Informing staff members of appropriate communication styles and methods is one way to avoid situations like this one. Establishing a communication template, for example, will enable staff members to quickly spot emails that depart from the standard.

External actors are unlikely to be familiar with internal communications templates, thus they will likely send emails in a manner that is easily recognized by staff as being out of compliance. Although putting in place such a procedure may sound oppressive, it is the most effective technique to assist staff in overcoming the appearance of a false identity.

For instance, the majority of staff members will click on an email from the bank's CEO right away. They will overlook the fact that the email was sent by the CEO persona, though, if they see that the communication format is incorrect. With their minds thus occupied, kids are less likely to click on a link that could be harmful.

These templates are ingrained in the company's culture, and how banks convey their significance will determine a lot. Once more, a fear-based strategy rarely succeeds. Banks need to consider effective ways to enforce them.  

Read more »
Phishing emails
AI Threat AI-powered tool Artificial Intelligence ChatGPT Cyber Defender Data Breach Digital Age IBM X-Force OpenAI Phishing Attacks Phishing emails

AI-Generated Phishing Emails: A Growing Threat

The effectiveness of phishing emails created by artificial intelligence (AI) is quickly catching up to that of emails created by humans, according to disturbing new research. With artificial intelligence advancing so quickly, there is concern that there may be a rise in cyber dangers. One example of this is OpenAI's ChatGPT.

IBM's X-Force recently conducted a comprehensive study, pitting ChatGPT against human experts in the realm of phishing attacks. The results were eye-opening, demonstrating that ChatGPT was able to craft deceptive emails that were nearly indistinguishable from those composed by humans. This marks a significant milestone in the evolution of cyber threats, as AI now poses a formidable challenge to conventional cybersecurity measures.

One of the critical findings of the study was the sheer volume of phishing emails that ChatGPT was able to generate in a short span of time. This capability greatly amplifies the potential reach and impact of such attacks, as cybercriminals can now deploy a massive wave of convincing emails with unprecedented efficiency.

Furthermore, the study highlighted the adaptability of AI-powered phishing. ChatGPT demonstrated the ability to adjust its tactics in response to recipient interactions, enabling it to refine its approach and increase its chances of success. This level of sophistication raises concerns about the evolving nature of cyber threats and the need for adaptive cybersecurity strategies.

While AI-generated phishing is on the rise, it's important to note that human social engineers still maintain an edge in certain nuanced scenarios. Human intuition, emotional intelligence, and contextual understanding remain formidable obstacles for AI to completely overcome. However, as AI continues to advance, it's crucial for cybersecurity professionals to stay vigilant and proactive in their efforts to detect and mitigate evolving threats.

Cybersecurity measures need to be reevaluated in light of the growing competition between AI-generated phishing emails and human-crafted attacks. Defenders must adjust to this new reality as the landscape changes. Staying ahead of cyber threats in this quickly evolving digital age will require combining the strengths of human experience with cutting-edge technologies.

Read more »
VIPRE Security Group
AI Detection Chat-GPT Cloud Services cloud storage services generative AI tools hacker tactics malspam malware delivery Phishing emails phishing threats Spam Technology VIPRE Security Group

Rising Email Security Threats: Here’s All You Need to Know

 

A recent study highlights the heightened threat posed by spam and phishing emails due to the proliferation of generative artificial intelligence (AI) tools such as Chat-GPT and the growing popularity of cloud services.

According to a fresh report from VIPRE Security Group, the surge in cloud usage has correlated with an uptick in hacker activity. In this quarter, 58% of malicious emails were found to be delivering malware through links, while the remaining 42% relied on attachments.

Furthermore, cloud storage services have emerged as a prominent method for delivering malicious spam (malspam), accounting for 67% of such delivery in the quarter, as per VIPRE's findings. The remaining 33% utilized legitimate yet manipulated websites.

The integration of generative AI tools has made it significantly harder to detect spam and phishing emails. Traditionally, grammatical errors, misspellings, or unusual formatting were red flags that tipped off potential victims to the phishing attempt, enabling them to avoid downloading attachments or clicking on links.

However, with the advent of AI tools like Chat-GPT, hackers are now able to craft well-structured, linguistically sophisticated messages that are virtually indistinguishable from benign correspondence. This necessitates victims to adopt additional precautions to thwart the threat.

In the third quarter of this year alone, VIPRE's tools identified a staggering 233.9 million malicious emails. Among these, 110 million contained malicious content, while 118 million carried malicious attachments. Moreover, 150,000 emails displayed "previously unknown behaviors," indicating that hackers are continually innovating their strategies to optimize performance.

Phishing and spam persist as favored attack methods in the arsenal of every hacker. They are cost-effective to produce and deploy, and with a stroke of luck, can reach a wide audience of potential victims. Companies are advised to educate their staff about the risks associated with phishing and to meticulously scrutinize every incoming email, regardless of the sender's apparent legitimacy.
Read more »
Security research
AI AI bots Artificial Intelligence ChatGPT Check Point Cyber Security Google Bard keylogger Law Enforcement Phishing emails Security flaw Security research

Forget ChatGPT, Google Bard may Possess Some Serious Security Flaws


A latest research claims that Google’s AI chatbot, Google Bard may let its users to use it for creating phishing emails and other malicious content, unlike ChatGPT.

At one such instances, cybersecurity researchers Check Point were able to produce phishing emails, keyloggers, and some basic ransomware code, by using the Redmond giant’s AI tool.

Using the AI tool of the Redmond behemoth, cybersecurity researchers Check Point were able to produce phishing emails, keyloggers, and some basic ransomware code.

The researchers' report further noted how they set out to compare Bard's security to that of ChatGPT. From both sites, they attempted to obtain three things: phishing emails, malicious keyloggers, and some simple ransomware code.

The researchers described that simply asking the AI bots to create phishing emails yielded no results, however asking the Bard to provide ‘examples’ of the same provided them with plentiful phishing mails. ChatGPT, on the other hand, refused to comply, claiming that doing so would amount to engaging in fraudulent activity, which is illegal.

The researchers further create malware like keyloggers, to which the bots performed somewhat better. Here too, a direct question did not provide any result, but a tricky question as well yielded nothing since both the AI bots declined. However, answers for being asked to create keyloggers differed in both the platforms. While Bard simply said, “I’m not able to help with that, I’m only a language model,” ChatGPT gave a much detailed explanation.

Later, on being asked to provide a keylogger to log their keys, both ChatGPT and Bard ended up generating a malicious code. However, ChatGPT did provide a disclaimer before doing the aforementioned.

The researchers finally proceeded to asking Bard to run a basic ransomware script. While this was much trickier than getting the AI bot to generate phishing emails or keylogger, they finally managed to get Bard into the game.

“Bard’s anti-abuse restrictors in the realm of cybersecurity are significantly lower compared to those of ChatGPT[…]Consequently, it is much easier to generate malicious content using Bard’s capabilities,” they concluded.

Why Does it Matter? 

The reason, in simpler terms is: Malicious use of any new technology is inevitable.

Here, one can conclude that these issues with the emerging generative AI technologies are much expected. AI, as an extremely developed tool has the potential to alter an entire cybersecurity script.

Cybersecurity experts and law enforcements have already been concerned for the same and have been warning against the AI technology for it can be well used in increasing the ongoing innovation in cybercrime tactics like convincing phishing emails, malware, and more. The development in technologies have made it accessible to users in such a way that now a cybercriminal can deploy a sophisticated cyberattack by only having minimal hand in coding.

While regulators and law enforcement are doing their best to impose limits on technology and ensure that it is utilized ethically, developers are working to do their bit by educating platforms to reject being used for criminal activity.

While generative AI market is decentralized, big companies will always be under the watch of regulatory bodies and law enforcements. However, smaller companies will remain in the radar of a potential cyberattack, especially the ones that are incapable to fight against or prevent the abuse.

Researchers and security experts suggests that the only way to improve the cybersecurity posture is to fight with full strength. Even though AI is already being used to identify suspicious network activity and other criminal conduct, it cannot be utilized to make entrance barriers as high as they once were. There is no closing the door ever again.

Read more »
System Hack
Alert System Bluefield University Cyberattacks malware Phishing emails Ransomware System Hack

The Ransomware Gang Targets University Alert Systems

 


"RamAlert," an emergency broadcast system used by Bluefield University to communicate with its students and staff, has been hijacked by the Avos ransomware gang. The gang sent SMS texts and emails informing them that their data had been stolen and was in the process of being released. With more than 900 students and a small campus in Bluefield, Virginia, Bluefield is a private university.

In a recent announcement, a university in the Virginia area advises students to be cautious of texts received via the school's mass alert system. This was in response to a ransomware group alerting the entire campus that a cyberattack is taking place. 

It was announced on Sunday that Bluefield University, a private Baptist school in Bluefield, Virginia that serves approximately 1,000 students, had shut down its systems for an unknown period as a result of a recent cyber-attack and that their systems would remain down for an unknown period. 

According to hacker messages posted on Bluefield University's RamAlert, an app that sends text and email messages to students and faculty during school emergencies, hackers send a series of messages urging them to go over to the university's president and state their concerns. 

Students and faculty members of Bluefield University were informed of a cyberattack that took place on April 30. This attack affected their IT systems and personal information. Faculty and staff had access to most university apps and websites before the incident. As a result, no evidence of identity theft or financial fraud had been reported to the University at that time. 

Avos ransomware gang hijacked the university's emergency broadcast system, RamAlert, on May 1 in an attempted takeover of the system that is used for emergency broadcasts. It was done to inform students and faculty of data theft using texts and emails.  

Bluefield University filed a police report on Tuesday alleging that a ransomware group had used the RamAlert system used by the university to send threatening messages to all students and staff members.

If the university's president refused to pay the ransom demanded by the ransomware group, the ransomware group threatened to continue disrupting the university. 

Brett Callow shared the news on Twitter revealing that the hacker has approximately 1.2 TB of Bluefield's data. This is according to a message sent to Bluefield's student body and staff. Bluefield's president received an email alert from the hackers informing him to pay the full ransom demanded by them. The hackers instructed students and staff to pressure him to do so.  

In addition, Avos Ransomware Gang's final message, or AvosLocker, implored the recipients of this malware to share the information they obtained with news outlets. This was to protect their data from exposure to the dark web. There was also an additional message which read, "Call President David Olive and tell him to pay us as soon as possible otherwise, prepare for attacks." 

It is worthwhile to remember, however, that the group's goal is to leak samples of stolen data. In addition, it provides a link where users can find stolen data. 

The school announced on Tuesday acknowledging that the RamAlert system had been hacked. However, it warns students not to click on any links provided by hackers and urges them not to click on emails. 

Due to the sudden change in time and the school's inability to hold final exams on Monday, they were postponed and pushed back one day. They were held on Tuesday, Wednesday, and Thursday rather than Monday. School systems, including email, remain unavailable at this time. 

Bluefield School officials have sent an email to all students and staff advising them not to open or transmit any links to their school accounts. These links have been sent to them. Several school systems in the area were still unavailable until a couple of days before the university's final exams, which were held in May. 

It is not clear whether or not the university will consider paying the hackers, according to the spokesperson for the university.   

From double extortion to triple extortion, ransomware groups have used a variety of methods to raise the stakes of their attacks on their victims. The school can accomplish this by emailing its customers, calling its partners, contacting the competition, and setting up portals with a search feature on them. This will enable it to discover data leaks. 

Bluefield University was attacked by the ransomware gang known as AvosLocker, which is known for speaking Russian on underground forums. In forums such as these, a user called "Avos" has been seen recruiting hackers regularly, many of whom end up working on behalf of the organization. 

A leak site maintained by the group has a list of victims from around the world that had been attacked by the group for several years. There has been an advisory published by the Federal Bureau of Investigation in the United States regarding the threat of AvosLocker. In addition to details about how the group operated in the past, recommendations on how to mitigate attacks are also included in the report.
Read more »
Vulnerabilities and Exploits
Artificial Intelligence Chatbot Malicious Codes Phishing emails Ransomware Attacks. Vulnerabilities and Exploits

Does ChatGPT Bot Empower Cyber Crime?

Security experts have cautioned that a new AI bot called ChatGPT may be employed by cybercriminals to educate them on how to plan attacks and even develop ransomware. It was launched by the artificial intelligence r&d company OpenAI last month. 

Computer security expert Brendan Dolan-Gavitt questioned if he could command an AI-powered chatbot to create malicious code when the ChatGPT application first allowed users to communicate. Then he gave the program a basic capture-the-flag mission to complete.

The code featured a buffer overflow vulnerability, which ChatGPT accurately identified and created a piece of code to capitalize it. The program would have addressed the issue flawlessly if not for a small error—the number of characters in the input. 

The fact that ChatGPT failed Dolan Gavitt's task, which he would have given students at the start of a vulnerability analysis course, does not instill trust in massive language models' capacity to generate high-quality code. However, after identifying the mistake, Dolan-Gavitt asked the model to review the response, and this time, ChatGPT did it right. 

Security researchers have used ChatGPT to rapidly complete a variety of offensive and defensive cybersecurity tasks, including creating refined or persuading phishing emails, creating workable Yara rules, identifying buffer overflows in code, creating evasion code that could be utilized by attackers to avoid threat detection, and even writing malware. 

Dr. Suleyman Ozarslan, a security researcher and co-founder of Picus Security, claimed that he was able to program the program to carry out a variety of aggressive and defensive cybersecurity tasks, like the creation of a World Cup-themed email in perfect English and the generation of both evasion code that can get around detection rules as well as Sigma detection rules to find cybersecurity anomalies. 

Reinforcement learning is the foundation of ChatGPT. As a result, it acquires new knowledge through interaction with people and user-generated prompts. Additionally, it implies that over time, the program might pick up on some of the tricks researchers have employed to get around its ethical checks, either through user input or improvements made by its administrators. 

Multiple researchers have discovered a technique to get beyond ChatGPT's limitations, which stops it from doing things that are malicious, including providing instructions on how to make a bomb or writing malicious code. For the present term, ChatGPT's coding could be more optimal and demonstrates many of the drawbacks of relying solely on AI tools. However, as these models develop in complexity, they are likely to become more crucial in creating malicious software. 
Read more »
Security threats
Cyber Security Multi-Layer Security Phishing emails Ransomware Security threats

What Will be The Biggest Cybersecurity Threats in 2023?

 


With the advent of the digital revolution, corporations, organizations, and even government entities are increasingly relying on computerized systems to run their day-to-day operations, and as a result, cybersecurity has become a necessity to protect data against numerous online attacks and unauthorized access. As technology continues to advance, cybersecurity trends are changing at a similar pace. News about data breaches, ransomware, hacks, and other threats has become the norm as technology continues to develop. 

As we look ahead to 2023, cybersecurity continues to be one of the top concerns for chief information officers. It has been estimated that there were 2.8 billion worldwide malware attacks and 236.1 million worldwide ransomware attacks in the first half of 2022. According to the data, six billion phishing attacks are expected to have been launched around the world by the end of 2022. 

In the year 2023, it is expected that IT will have to contend with these eight top security threats as these are the most significant cybersecurity trends. 

Top 8 Security Threats For Next Year 

1. Malware 

A malware program is a malicious piece of software that is planted on a network or system. This is done to cause damage to the computer, server, workstation, or network it is installed on. Malware can extract confidential information, deny service and gain access to systems. 

It is the responsibility of IT departments to monitor and stop malware before it enters a network or system by using security software and firewalls. The bad actors behind malware continue to use new methods of evading detection as they develop new ways of doing so. As a result, it is essential to keep current security software and firewalls up-to-date to prevent security threats. 

2. Ransomware 

There are several different types of malware, but ransomware is the most popular. It is capable of preventing access to a system or threatening to leak proprietary information as a result of its actions. To unlock systems or retrieve information that has been encrypted as part of ransomware, hackers demand that their victims pay them a cash ransom. 

Currently, the number of ransomware attacks being carried out against companies in 2022 is higher by 33 percent than it was in 2021. The majority of companies pay ransoms to regain access to their systems. However, they are attacked once again by the same cyber criminals who were behind the ransomware attack earlier. 

Often, ransomware can gain entry into an organization's network through connections with vendors and suppliers whose network security is lacking. 

A secure supply chain starts with the security measures that are used by suppliers and vendors. This is so that business owners and suppliers can be assured that the supply chain from start to finish is secure from beginning to end.

 3. Phishing 

The majority of us have encountered suspicious emails at some point or another. This is often the case, or perhaps even more alarmingly, emails that appear to be legitimate and from a trusted source but are not. Phishing is the practice of sending emails in an attempt to trick you into opening them. 

Phishing is one of the biggest threats companies face today. This is because, as a result of the ease of opening bogus emails, it is easy for unsuspecting employees to spread viruses. In the workplace, training employees on how to recognize phony emails, report them to the company, and never open them can make a difference. To ensure that the best email habits are being taught, IT should work closely with HR to achieve this. 

4. IoT 

It is estimated that 61% of businesses in 2020 will use the Internet of Things, and this number is only growing. Security risks also grow as IoT grows, which is a consequence of the expansion of IoT. There is a well-established reputation among IoT vendors for the lack of security that is implemented on their devices. It should ensure that IoT vendors are checked for safety as part of the RFP process to combat this threat. In addition to this, IT is also able to reset the IoT security for devices so that they comply with corporate standards when it comes to security 

5. Multi-layer security 

What is the right amount of security? You need to know that if your network has been firewalled, security monitoring and interception software are installed, servers have been secured, multi-factor identification sign-on has been issued to employees, and data encryption has been implemented. Still, you could have forgotten to lock physical facilities that contain servers or to install the latest security updates on your smartphone. 

Several layers of security must be managed and monitored by IT to ensure the safety of the network. Creating a checklist for every stage of the workflow that may be a potential security breach point can be a good way for IT to enhance security. 
Read more »
Phishing emails
business app Chatbot Cyber Attacks Encryption Facebook Scams Google Firebase Malicious actor Phishing emails

Facebook Users Phished by a Chatbot Campaign


You might be surprised to learn that more users check their chat apps than their social profiles. With more than 1.3 billion users, Facebook Messenger is the most popular mobile messaging service in the world and thus presents enormous commercial opportunities to marketers.

Cybersecurity company SpiderLabs has discovered a fresh phishing campaign using Messenger's chatbot software

How do you make it all work? 

Karl Sigler, senior security research manager at Trustwave SpiderLabs, explains: "You don't just click on a link and then be offered to download an app - most people are going to grasp that's an attack and not click on it. In this attack, there's a link that takes you to a channel that looks like tech help, asking for information you'd expect tech support to seek for, and that escalating of the social-engineering part is unique with these types of operations."

First, a fake email from Facebook is sent to the victim – warning that their page has violated the site's community standards and would be deleted within 48 hours. The email also includes a "Appeal Now" link that the victim might use to challenge the dismissal.

The Facebook support team poses an "Appeal Now" link users can click directly from the email, asserting to be providing them a chance to appeal. The chatbot offers victims another "Appeal Now" button while posing as a member of the Facebook support staff. Users who click the actual link are directed to a Google Firebase-hosted website in a new tab.

According to Trustwave's analysis, "Firebase is a software development platform that offers developers with several tools to help construct, improve, and expand the app easier to set up and deploy sites." Because of this opportunity, spammers created a website impersonating a Facebook "Support Inbox" where users can chiefly dispute the reported deletion of their page. 

Increasing Authenticity in Cybercrime 

The notion that chatbots are a frequent factor in modern marketing and live assistance these days and that people are not prone to be cautious of their contents, especially if they come from a fairly reliable source, is one of the factors that contribute to this campaign's effectiveness. 

According to Sigler, "the advertising employs the genuine Facebook chat function. Whenever it reads 'Page Support,' My case number has been provided by them. And it's likely enough to get past the obstacles that many individuals set when trying to spot the phishing red flags."

Attacks like this, Sigler warns, can be highly risky for proprietors of business pages. He notes that "this may be very effectively utilized in a targeted-type of attack." With Facebook login information and phone numbers, hackers can do a lot of harm to business users, Sigler adds.

As per Sigler, "If the person in charge of your social media falls for this type of scam, suddenly, your entire business page may be vandalized, or they might exploit entry to that business page to acquire access to your clients directly utilizing the credibility of that Facebook profile." They will undoubtedly pursue more network access and data as well. 

Red flags to look out for 

Fortunately, the email's content contains a few warning signs that should enable recipients to recognize the letter as spoofed. For instance, the message's text contains a few grammatical and spelling errors, and the recipient's name appears as "Policy Issues," which is not how Facebook resolves such cases.

More red flags were detected by the experts: the chatbot's page had the handle @case932571902, which is clearly not a Facebook handle. Additionally, it's barren, with neither followers nor posts. The 'Very Responsive' badge on this page, which Facebook defines as having a response rate of 90% and replying within 15 minutes, was present although it seemed to be inactive. To make it look real, it even used the Messenger logo as its profile image. 

Researchers claim that the attackers are requesting passwords, email addresses, cell phone numbers, first and last names, and page names. 

This effort is a skillful example of social engineering since malicious actors are taking advantage of the platform they are spoofing. Nevertheless, researchers urge everyone to exercise caution when using the internet and to avoid responding to fake messages. Employing the finest encryption keys available will protect your credentials.
Read more »
Vishing
CAPTCHA Security Cisco Cyber Security FBI Japan Malicious actor Microsoft 365 Phishing emails URL Vishing

Phishing Emails Faking Voicemails aim to Steal Your Data

 

Vishing is the practice of sending phishing emails to victims that appear to be voicemail alerts to acquire their Microsoft 365 and Outlook login information. Researchers at Zscaler's ThreatLabz said this email campaign, which resembles phishing emails from a few years ago, was discovered in May and is still active. 

The researchers stated this month that the recent wave targets US organizations across various industries, including software security, security solution providers, the military, healthcare and pharmaceuticals, and the manufacturing and shipping supply chain. 

An email is where it all begins

Attackers inform recipients of missed voicemails via email notifications that contain links to web-based attachments. Although many people don't check voicemail, audio messages on LinkedIn and WhatsApp have been there for a while, so using them to deceive consumers into clicking a link in an email can be successful. 

Naturally, when the target clicks the link, they are taken to a credential phishing web page hosted on Japanese servers rather than a voicemail at all. The user gets directed to the Microsoft Office website or the Wikipedia page if the encoded email address at the end of the URL is missing.

The user is shown the final page, which is an Office 365 phishing page after they have correctly supplied the CAPTCHA information. The 2020 campaign Zscaler tracked using the same approach. 

"Since they can persuade the victims to open the email attachments, voicemail-themed phishing attacks continue to be an effective social engineering strategy for attackers. This, together with the use of evasion techniques to get around automatic URL inspection tools, aids the threat actor in acquiring the users' credentials more successfully "reports Zscaler ThreatLabz

Microsoft 365 Remains a Popular Victim 

In a 2022 Egress research titled "Fighting Phishing: The IT Leader's View," it was found that 40% of firms utilizing Microsoft 365 reported becoming victims of credential theft, and 85% of organizations using Microsoft 365 reported being victims of phishing in the previous 12 months. 

As the majority of businesses quickly transitioned to a primarily remote-work style, with many workers working from their homes, phishing usage continued to increase. It peaked during the peak of the COVID-19 pandemic in 2020 and 2021. 

A substantial majority of credentials have been successfully compromised by the effort, which can be utilized for a number of different cybercrime endgames. These consist of taking control of accounts to gain access to files and data theft to send malicious emails that appear to be from a legitimate organization, and implanting malware,. The goal is to trick victims into using the same passwords for several accounts by adding the user ID/password combinations to credential-stuffing lists. 

A rich mine of data that may be downloaded in bulk can usually be found in Microsoft 365 accounts, according to Robin Bell, CISO of Egress. Hackers may also use compromised Microsoft 365 accounts to send phishing emails to the victim's contacts in an effort to boost the success of their attacks.
Read more »
saaS
Customer Care Cyber Security cybercriminals Malicious actor Phishing emails saaS

Misconfigured Keys are Tackled in ServiceNow's Guidelines

 

ServiceNow, a $4.5 billion software company assisting businesses with its digital workflows, has released recommendations for its clients regarding Access Control List (ACL) misconfiguration. 

In one of its reports, AppOmni said that the usual misconfigurations are caused by a "combination of customer-managed ServiceNow ACL setups and overprovisioning of access to guest users". 

The general public is a factor in RBAC for public-facing businesses. The capacity to provide public access to the information within your 'database,' which may be a forum, online shop, customer service site, or knowledge base, is one crucial feature of RBAC, according to the paper. When firms upgrade or alter SaaS services or onboard new users, the difficulty is guaranteeing the appropriate level of access.

The researchers found roughly 70% of the ServiceNow instances examined by AppOmni were misconfigured, posing the risk of unauthorized users stealing critical data from businesses who are not even aware of them being at risk. 

Securing SaaS, according to AppOmni CEO Brendan O'Connor, is much more involved in simply checking a few options or enabling strong authentication for users."Because of its flexibility and power, SaaS platforms have evolved into company operating systems. There are numerous good reasons for workloads and applications running on a SaaS platform to interface with the outside world, such as integrating with emails and text messages or hosting a customer care portal" O'Connor further added. 

As per AppOmni Offensive Security Researcher Aaron Costello, ServiceNow external interfaces exposed to the public could allow a hostile actor to take data from records. Meanwhile, Brian Soby, CTO of AppOmni, said "the enormous degree of flexibility in modern SaaS systems has made misconfiguration one of the largest security concerns enterprises face. Our goal is to shine a light on frequent SaaS platform misconfigurations and other potential hazards so customers can guarantee the system posture and configuration matches its business intent."
Read more »
XHTML Code
JavaScript exploit Malicious actor Office Docs Phishing emails Privacy Security Flaws XHTML Code

Horde Webmail Software has a 9-year-old Unsecure Email Theft Risk

 

A nine-year-old unsecure security flaw in the Horde Webmail functionality might be exploited to acquire total access to the email accounts merely by viewing an attachment. Horde Webmail is a Horde project-developed free, enterprise-ready, browser-based communication package. Universities and government institutions use this webmail option extensively. 

According to Simon Scannell, a vulnerability researcher at SonarSource, "it provides the hackers to gain access to all confidential and possibly classified documents a user has recorded in an email address and might allow them to obtain further access to an organization's internal services." 

SonarSource detected a stored Xss attack which was implemented with commit 325a7ae, which was 9 years ago. Since the commit on November 30, 2012, the bug has affected all versions. The vulnerability can be exploited by previewing a specially designed OpenOffice document and allowing a malicious JavaScript payload to be executed. The attacker can take all emails sent and received by the victim by exploiting the flaw. 
"An attacker can create an OpenOffice document which will launch a malicious JavaScript payload when converted to XHTML by Horde for preview." the report continues "When a targeted person sees an attached OpenOffice document in the browser, the vulnerability is activated." according to SonarSource experts.

Worse, if an executive account with a personalized, phishing email is successfully hacked, the attacker might use this unprecedented access to take control of the entire webmail service. Despite the vendor's confirmation of the problem, no fixes have been given to the project managers as of August 26, 2021. Horde was contacted for more comments, but none were made to address the situation.

Meanwhile, Horde Webmail users should deactivate the rendering of OpenOffice attachments by adding the 'disable' => true configuration option to the OpenOffice mime handler in the config/mime drivers.php file.
Read more »
UK
Cyber Attacks Data hack Email Attacks Email Hacking ICO Phishing emails Privacy Security Spam Emails UK

ICO Struck by 2650% Rise in Email Attacks in 2021

 

The UK's Information Commissioner's Office (ICO) reported a whopping 2650% spike in email attacks in 2021, as per official numbers acquired by the Parliament Street think tank following a Freedom of Information request, 

Email attacks on the UK's privacy and data protection regulator increased from 150,317 in January to 4,135,075 in December, according to the findings. For each month last year, the data refers to the volume of phishing emails discovered, malware detected and prevented, and spam detected and blocked by the ICO. 

The majority of the attacks were caused by spam emails, which increased by 2775 % from January to December. During this time, the number of phishing emails climbed by 20%, while malware increased by 423 percent. 

In December, the statistics revealed a significant increase in email attacks, with 4,125,992 spam messages, 7886 phishing emails, and 1197 malware cases. This increase is likely to be linked to the Omicron variant's rapid spread in the UK at the end of the year, with threat actors able to use issues like testing and immunizations as bait. This is in addition to the Christmas scams that proliferate in the build-up to the holidays. 

Edward Blake, area vice president EMEA of Absolute Software, commented: “Cyber-attacks are targeting organizations across the globe at an alarming rate, once again reminding businesses of the need to re-evaluate and revamp their security protection if it is not up to scratch. Cybersecurity is not just about protecting endpoints via anti-malware or email cybersecurity solutions. While these are important, there are now a variety of access points for cyber-criminals to capitalize on that IT leaders need to be aware of. These include vulnerable unpatched applications and network vulnerabilities, stolen or illegally purchased log-in credentials or even by hacking unprotected smart devices.” 

Barracuda Networks' manager, Steven Peake, expressed similar concerns, saying: “The pandemic continues to be a catalyst for opportunistic cyber-criminals to try and prey on unsuspecting, vulnerable people. Our recent research showed a 521% surge in COVID-19 test-related phishing attacks, so it is hardly surprising to see major organizations, such as the ICO, hit by such a high volume of threats as they represent lucrative targets. Phishing emails, malware, and spam, in particular, account for a large proportion of the threats these organizations face, so they need to implement measures to protect themselves. These cyber-attackers aren’t going anywhere anytime soon.” 

As part of its plans to reform the country's data sector, the UK government announced plans to revamp the ICO's structure last year.
Read more »
Ransom Attack
Cyber Attacks cybercriminals Data Leak education sector Phishing emails Ransom Attack

 Tennessee State University was Targeted by a Cyber Attack

 

Officials say a data security breach at a Tennessee community college might just have resulted in a sensitive data breach of previous and present students, instructors, and employees. 

In 2021, educational institutions are expected to experience a record number of ransomware attacks, with K-12 schools being the top targets. Productive one-device-per-student and learn-from-anywhere programs have increased the attack surface for numerous cyber risks while improving educational achievements. 

Ransomware is a type of destructive software created by coordinated cybercriminals, often known as "bad actors, "A hacker employs software, which is generally transmitted via phishing emails, to encrypt or prevent access to information systems and documents in a ransomware assault. The victim is told that the only option to regain access is to pay a ransom or a set amount of money.

Officials say a data security breach at a Tennessee community college might just have resulted in unauthorized private data of previous and present students, instructors, and employees being breached. The Tennessee Board of Regents said in a press release, “Pellissippi State Community College is issuing out notices regarding a ransomware attack aimed primarily at encrypting school data in order to extort a ransom payment.” According to the Knoxville college's website, Pellissippi State did not pay a ransom. 

According to the board, which governs the state's community colleges, the college's core database and online payment systems have not been infected, and no data from such networks was accessed by unauthorized individuals. Officials believe a data leak at a Tennessee community college may have exposed the personal information of former and current students, professors, and workers to the public. 

Schools have become increasingly subject to security concerns and potential assaults as a result of the buzz of new technology required to enable the move to remote learning as a reaction to the growing health issue. 

New applications, patching delays, and security measures falling short of mark have added complexity and risks to situations where security had previously been a last-minute consideration. These flaws constitute a serious risk if they are exploited. 

As per the experts, absolute research is significant because it evaluates how virtual learning disruption, particularly new technology adoption, has enabled new attack avenues for bad actors and hackers.
Read more »
TrickBot
Cyber Crime Malicious Payloads Phishing emails Threat actors TrickBot

Attackers are Using Shipment-Delivery Scams to Lure Victims to Install Trickbot

 

Researchers discovered that threat actors are increasingly deploying scams that impersonate package couriers such as DHL or the United States Postal Service in authentic-looking phishing emails to trick victims into downloading credential-stealing or other malicious payloads. Separately on Thursday, researchers from Avanan, a CheckPoint firm, and Cofense identified current phishing scams that involve malicious links or attachments aimed at infecting computers with Trickbot and other harmful malware. 

Researchers stated the campaigns relied separately on faith in commonly used shipping methods and employees' familiarity with receiving emailed documents linked to shipments to try to provoke further action to hack corporate systems. 

The emails used to send Trickbot in recent delivery service-related campaigns included official USPS branding as well as features such as third-party social-media logos from Facebook, Instagram, LinkedIn, and Twitter, "to make the email look even more credible," researchers said. The emails, however, have a sender address that is totally irrelevant to the USPS, which might easily have alerted someone to their shady motive, they claim.

If the bait works and a user clicks on the link to the alleged invoice, they are routed to a domain that downloads a ZIP file, hxxps:/www.zozter[.]com/tracking/tracking[.]php. The unzipped file is an XMLSM spreadsheet called “USPS_invoice_EA19788988US.xlsm” that requires editing due to document protection — a common approach used in fraudulent email campaigns. If a victim goes so far as to enable editing, a malicious PowerShell process is launched, which eventually downloads Trickbot. 

According to Avanan's Jeremey Fuchs, cybersecurity researcher, and analyst, the DHL spoofing assault likewise includes what threat actors want victims to believe is a shipping document, but this time in the form of an attachment. “By spoofing a popular brand, the hackers are hoping to target vulnerable users who are accustomed to checking for shipping notifications,” he wrote. 

This practice has become so widespread that DHL has achieved the dubious distinction of replacing Microsoft at the top of Check Point Software's list of brands most mimicked by threat actors in the fourth quarter of 2021. Scams involving the courier accounted for 23% of all phishing emails during that time period, but the company's name was associated with only 9% of scams in the third quarter. 

Researchers attributed the increase in package delivery frauds to a number of variables. Spoofing DHL made perfect sense in the fourth quarter of last year during the hectic holiday shopping season, according to Jeremey, in a study on the latest DHL-related fraud published Thursday.
Read more »
Phishing emails
Cyber Crime Microsoft Multi-factor authentication Office 365 Phishing emails

Attackers use Azure AD to Enroll Outlook on BYOD and then Send Phishing Emails

 

Microsoft has issued a warning about a new multi-stage phishing campaign that first enlists an attacker's BYOD device on a corporate network before sending thousands of convincing phishing emails to other targets. Bring your own device (BYOD) refers to the practice of employees connecting to their corporate networks using personal devices to access work-related systems and possibly sensitive or confidential data. Smartphones, personal computers, tablets, and USB drives are examples of personal devices. 

According to Microsoft, the goal of enrolling or registering a device on a target company's network was to evade detection during subsequent phishing assaults. According to Microsoft, "most" firms that had activated multi-factor authentication (MFA) for Office 365 were not affected by phishing emails transmitted via attacker-controlled registered devices, but all organizations that had not implemented MFA were affected. 

The attack took advantage of situations in which MFA was not enforced while registering a new device with a company's instance of Microsoft's identity service, Azure Active Directory (Azure AD), or enrolling a BYOD device in mobile device management (MDM) platform such as Microsoft's Intune. 

"While multiple users within various organizations were compromised in the first wave, the attack did not progress past this stage for the majority of targets as they had MFA enabled. The attack's propagation heavily relied on a lack of MFA protocols," Microsoft said. "Enabling MFA for Office 365 applications or while registering new devices could have disrupted the second stage of the attack chain," it added. 

According to Microsoft, the first wave of the attack targeted firms in Australia, Singapore, Indonesia, and Thailand. The first stage used a DocuSign-branded phishing email that asked the recipient to review and sign the document. It made use of phishing domains with the .xyz top-level domain (TLD). The phishing link in each email was also unique and included the target's name in the URL. Victims were routed to a bogus Office 365 login page by the phishing link. 

In the second phase, the attackers installed Microsoft's Outlook email client on their own Windows 10 PC, which was then successfully connected to the victim's Azure AD. All the attackers had to do was accept Outlook's onboarding experience, which encourages the user to register a device. In this situation, the attackers were using credentials obtained in phase one. 

Certain practices, according to Microsoft researchers, can limit an attacker's ability to move laterally and compromise assets after the initial intrusion and should be supplemented with advanced security solutions that provide visibility across domains and coordinate threat data across protection components. Organizations can further limit their attack surface by removing basic authentication, mandating multi-factor authentication when adding devices to Azure AD, and enabling multi-factor authentication for all users.
Read more »
Two Factor Authentication
Cyber Crime Kaspersky Phishing emails Spyware Attack Two Factor Authentication

Kaspersky ICS CERT has Discovered Several Spyware Attacks Aimed at Industrial Enterprises

 

Researchers discovered that attackers are targeting industrial businesses with spyware operations that look for corporate credentials to utilise for financial gain as well as to cannibalise infiltrated networks to proliferate further attacks. According to researchers at Kaspersky ICS CERT who discovered the campaigns, the campaigns use off-the-shelf spyware but are unique in that they limit the scope and longevity of each sample to the bare minimum. 

In contrast to generic spyware, the bulk of "anomalous" samples were configured to employ SMTP-based (rather than FTP or HTTP(s)) C2s as a one-way communication channel, implying that they were designed primarily for stealing. Researchers believe that stolen data is used mostly by threat operators to spread the assault within the attacked organization's local network (through phishing emails) and to attack other companies in order to collect new credentials. The attackers exploit corporate email compromised in previous attacks as C2 servers for new assaults.

Researchers have discovered a huge set of campaigns that spread from one industrial firm to another via hard-to-detect phishing emails disguised as the victim companies' correspondence and abusing their corporate email systems to attack through the contact lists of infected mailboxes. 

Surprisingly, corporate antispam solutions assist attackers in remaining undetected while exfiltrating stolen credentials from infected machines by rendering them 'invisible' among all the junk emails in spam folders. As a result of malicious operations of this type, researchers have identified over 2,000 business email accounts belonging to industrial companies that have been abused as next-attack C2 servers. Many more have been stolen and sold on the internet, or have been abused in other ways. 

According to the researchers, the actors behind similar campaigns are "low-skilled people and small groups" operating individually. Their goal is to either commit financial crimes using stolen credentials or to profit from selling access to corporate network systems and services. Indeed, they discovered over 25 separate markets where threat actors sell data collected during attacks against industrial businesses. 

“At these markets, various sellers offer thousands of RDP, SMTP, SSH, cPanel, and email accounts, as well as malware, fraud schemes, and samples of emails and webpages for social engineering,” Kaspersky’s Kirill Kruglov explained. More severe threat actors, such as Advanced Persistent Threat (APT) and ransomware gangs, can also use the credentials to launch assaults, according to him. 

To avoid being compromised by the campaigns, Kaspersky recommends establishing two-factor authentication for corporate email access and other internet-facing services such as RDP and VPN-SSL gateways.
Read more »
Phishing emails
COVID-19 Cyber Crime cybercriminals Login Credentials Phishing emails

Cybercriminals Exploit Omicron as an Enticement to Steal University Credentials

 

Researchers at Proofpoint have discovered an uptick in email threats aimed mostly at North American institutions and aiming to steal university login credentials. COVID-19 themes, such as testing data and the new Omicron variant, are frequently used by threats. Proofpoint observed COVID-19 themes affecting educational institutions throughout the pandemic, but persistent, targeted credential theft attacks against universities began in October 2021. Following the disclosure of the new Omicron variant in late November, threat actors began using it in credential theft campaigns. 

According to Brett Callow, a threat analyst with the cybersecurity firm Emsisoft, fraudsters frequently use news events to dupe their victims. “If there’s a significant event, be it a pandemic or a Super Bowl, it will be used as bait for phishing,” Callow said. 

According to Selena Larson, a senior threat intelligence analyst at Proofpoint and co-author of the blog post, the wave of phishing assaults mentioning the Delta, and now the Omicron, variations was extremely specific in its targeting of universities. She projected that the attacks will rise in the coming two months as colleges conduct more campus testing in response to both holiday travel and the emergence of the Omicron variation. 

The phishing emails utilized in these attacks contain either malicious attachments or URLs to pages designed to capture university account credentials. Although Proofpoint has identified several campaigns that use generic Office 365 login gateways, these counterfeit landing pages often replicate a university's official login portal. The threat actors behind some of these campaigns attempted to steal multifactor authentication (MFA) credentials by impersonating MFA providers such as Duo. An attacker can circumvent the second layer of security designed to keep out threat actors who already have access to a victim's credentials by stealing MFA tokens. 

Although a majority of the mails in these campaigns are transmitted through spoofed senders, Proofpoint has also detected threat actors using actual, compromised university accounts to send Covid-19 related threats. Attackers are most likely stealing credentials from colleges and sending the same threats to other universities via compromised mails. 

 To avoid becoming a victim of these or other email-based threats, university students should carefully check the email addresses of messages they receive, avoid clicking on any links in suspicious emails, and refrain from logging into their school's online portal after clicking on links in emails that appear to have originated from their university or college, said the researchers.
Read more »
RATs
Cobalt Strike Cyber Crime Phishing emails Ransomware group RATs

Cuba Ransomware Group Compromised the Networks of at Least 49 Organizations

 

The FBI has issued a new warning regarding the Cuba ransomware, stating that the gang has targeted "49 entities in five critical infrastructure sectors" and made at least $43.9 million in ransom. The FBI claimed the gang is targeting enterprises in the financial, government, healthcare, manufacturing, and information technology sectors, and is employing the Hancitor malware to gain access to Windows systems, according to an alert sent out on Friday. 

The Hancitor malware downloader is used to transmit Cuba ransomware to victims' networks, allowing the ransomware gang to have greater access to previously hacked corporate networks. Hancitor (Chancitor) is a ransomware that distributes data stealers, Remote Access Trojans (RATs), and other ransomware. It was discovered spreading the Vawtrak information-stealing trojan, according to Zscaler. Since then, it has shifted to password-stealers such as Pony and Ficker, as well as Cobalt Strike. 

Hancitor employs phishing emails and stolen passwords to get access to their victims' systems, as well as exploiting Microsoft Exchange vulnerabilities and breaking in via Remote Desktop Protocol (RDP) tools. Cuba ransomware operators would exploit legal Windows services (e.g., PowerShell, PsExec, and numerous other unspecified services) to remotely deliver their ransomware payloads and encrypt files with the ".cuba" extension once they have gained access using Hancitor.

When a victim's computer is infected, the ransomware downloads and installs a CobaltStrike beacon, as well as two executable files. Attackers can use the two files to get passwords and "write to the compromised system's temporary (TMP) file."

"Once the TMP file is uploaded, the 'krots.exe' file is deleted, and the TMP file is executed in the compromised network. The TMP file includes Application Programming Interface (API) calls related to memory injection that, once executed, deletes itself from the system. Upon deletion of the TMP file, the compromised network begins communicating with a reported malware repository located at Montenegro-based Uniform Resource Locator (URL) teoresp.com," the FBI explained. 

Other assault details were included by the FBI, as well as a sample ransom note and email sent by the attackers. Given their degree of activity in comparison to other more well-known ransomware gangs, experts were startled by the amount of money the group had amassed. The data, according to Emsisoft threat analyst Brett Callow, demonstrated how lucrative the ransomware market is, despite the fact that the Cuba ransomware organization is not among the top ten in terms of activity.
Read more »
Subscribe to: Posts (Atom)