Security News > 2022 > June

This follows an intriguing month of Firefox 100 releases, with Firefox 100.0 arriving, as did Chromium 100 a month or so before it, without any trouble caused by the shift from a two-digit to a three-digit version number. No doubt in part due to the efforts of both Google's Chromium and Mozilla's Firefox coders, the 100.0 release of both browsers was ultimately uneventful.

Europol has announced the takedown of the FluBot operation, one of the largest and fastest-growing Android malware operations in existence. The malware operation's takedown resulted from a law enforcement operation involving eleven countries following a complex technical investigation to pinpoint FluBot's most critical infrastructure.

Another link discovered by Group-IB downloaded from Google Play, the official Android app store, a fake version of the 'Secure VPN' app, which is still present on Google Play at the time of writing and has just over 10 downloads. The researchers note that the description available for SideWinder's fake Secure VPN app has been copied from the legitimate NordVPN app.

An international law enforcement operation involving 11 countries has disrupted the spreading of the FluBot Android malware, which spreads via SMS and MMS and steals sensitive information - passwords, online banking details, etc. The Dutch Police, who took control of the malware's infrastructure earlier in May, made the malware inactive.

The duration of ransomware attacks in 2021 averaged 92.5 hours, measured from initial network access to payload deployment. In 2020, ransomware actors spent an average of 230 hours to complete their attacks and 1637.6 hours in 2019.

Microsoft has released a workaround for a zero-day flaw that was initially flagged in April and that attackers already have used to target organizations in Russia and Tibet, researchers said. The remote control execution flaw, tracked as CVE-2022-3019, is associated with the Microsoft Support Diagnostic Tool, which, ironically, itself collects information about bugs in the company's products and reports to Microsoft Support.

An emailed report seemingly about a payment will, when opened in Excel on a Windows system, attempt to inject three pieces of file-less malware that steal sensitive information. From there, the malicious code will not only steal information, but can also remotely control aspects of the PC. The first of the three pieces of malware is AveMariaRAT, followed by Pandora hVCN RAT and BitRAT. AveMariaRAT has a range of features, from stealing sensitive data to achieving privilege escalation, remote desktop control, and camera capturing.

Telegram's anonymous blogging platform, Telegraph, is being actively exploited by phishing actors who take advantage of the platform's lax policies to set up interim landing pages that lead to the theft of account credentials. Telegraph is a blogging platform that lets anyone publish anything without creating an account or providing any identification details.

The scam industry is becoming more structured and involves more and more parties divided into hierarchical groups, according to Group-IB. The number of such groups jumped to a record high of 390, which is 3.5 times more than last year, when the maximum number of active groups was close to 110. Due to Scam-as-a-Service, in 2021 the number of cybercriminals in one scam gang increased 10 times compared to 2020 and now reaches 100.

While other businesses worry about reputational damage when they're hit by a ransomware attack, hospitals have to worry about canceled operations and ambulances backing up outside the emergency department. If an attack does get through, there is immense pressure on hospitals to simply pay the ransom.