Security News > 2021 > January

UPDATE. The virulent malware known as Emotet - one of the most prolific malware strains globally - has been dealt a blow thanks to a takedown by an international law-enforcement consortium. "One of the things that makes Emotet so dangerous is that Emotet opens the door to other types of malware, as it were. Large criminal groups were given access to some of those systems for payment to install their own malware. Concrete examples of this are the financial malware Trickbot and the ransomware Ryuk.".

EU police agency Europol has boasted of taking down the main botnet powering the Emotet trojan-cum-malware dropper, as part of a multinational police operation that included raids on the alleged operators' homes in the Ukraine. "To severely disrupt the EMOTET infrastructure, law enforcement teamed up together to create an effective operational strategy. It resulted in this week's action whereby law enforcement and judicial authorities gained control of the infrastructure and took it down from the inside," said Europol in a jubilant statement this afternoon.

The dark web websites associated with the Netwalker ransomware operation have been seized by law enforcement from the USA and Bulgaria. Netwalker is a Ransomware-as-a-Service operation that began operating in late 2019, where affiliates are enlisted to distribute the ransomware and infect victims in return for a 60-75% share of ransom payments.

Jack Wallen discusses why the upcoming Ubuntu 21.04 is more important than some of its features would imply. At one point, the Ubuntu faithful were excited that 21.04 would be one of the first distributions to include GNOME 40.

The Woodland Trust, a peaceful British charity that looks after trees, was struck by a "Cyber attack" before Christmas. Members of the trust, which says it has planted 43 million trees since its foundation in 1972, were informed last night of what was inevitably described as a "Sophisticated, high level cyber-incident."

Domain controllers, Active Directory, and servers are prime reconnaissance targets to hunt for additional privileged credentials and privileged access. 90 percent of organizations use Active Directory as their primary store for employee authentication, identity management, and access control in their on-premises environments.

TeamTNT now further upgraded their malware to evade detection after infecting and deploying malicious coinminer payloads on Linux devices. "The group is using a new detection evasion tool, copied from open source repositories," AT&T Alien Labs security researcher Ofer Caspi says in a report published today.

Dutch police have arrested two individuals on Friday for allegedly selling data from the Dutch health ministry's COVID-19 systems on the criminal underground. According to Verlaan, the two suspects worked in DDG call centers, where they had access to official Dutch government COVID-19 systems and databases.

The UK's data watchdog has issued £480,000 in financial penalties to four businesses that illegally made 2.4 million marketing calls to members of the public registered with the Telephone Preference Services. In the case of Chameleon Marketing, it made 617,323 direct marketing calls to people registered with TPS between 17 March and 2 July 2019.

Authorities have managed to disrupt the infrastructure of the Emotet botnet, as part of an international effort of law enforcement agencies across Europe and North America. One of the most prevalent botnets over the past decade, Emotet first emerged in 2014 as a banking Trojan, but evolved into a malware downloader used by many cybercriminals looking to spread their malicious payloads.