Security News > 2023 > March

An unknown threat actor has discreetly compromised business-grade DrayTek routers in Europe, Latin and North America, equipping them with a remote access trojan and a packet capturing program. "The impacted models are high-bandwidth routers that can support VPN connections for hundreds of remote workers and offer ideal capacity for the average, medium-sized business. We suspect the actor infects targets of interest for data collection, and targets of opportunity for the purpose of establishing a covert proxy network," Lumen researchers have posited.

Cloud workload security is a practice that ensures all cloud workloads are adequately monitored and protected. Cloud security solutions assist in protecting against threats targeting cloud infrastructure thereby lowering risk, improving application reliability, and ensuring regulatory compliance.

An ongoing hacking campaign called 'Hiatus' targets DrayTek Vigor router models 2960 and 3900 to steal data from victims and build a covert proxy network. DrayTek Vigor devices are business-class VPN routers used by small to medium-size organizations for remote connectivity to corporate networks.

An ongoing hacking campaign called 'Hiatus' targets DrayTek Vigor router models 2960 and 3900 to steal data from victims and build a covert proxy network. DrayTek Vigor devices are business-class VPN routers used by small to medium-size organizations for remote connectivity to corporate networks.

A never-before-seen complex malware is targeting business-grade routers to covertly spy on victims in Latin America, Europe, and North America at least since July 2022. Given that the impacted devices are high-bandwidth routers that can simultaneously support hundreds of VPN connections, it's being suspected that the goal is to spy on targets and establish a stealthy proxy network.

Deep fakes are expected to become a more prominent attack vector. Audio deep fakes are created by taking audio files, allocating annotations to the sounds, training an ML model based on the annotations to associate sounds with text and then generating a new audio file.

Europol has announced that law enforcement in Germany and Ukraine targeted two individuals believed to be core members of the DoppelPaymer ransomware group. "German officers raided the house of a German national, who is believed to have played a major role in the DoppelPaymer ransomware group," Europol informs in a press release published today.

Law enforcement authorities from Germany and Ukraine have targeted suspected core members of a cybercrime group that has been behind large-scale attacks using DoppelPaymer ransomware. Both individuals are believed to have taken up crucial positions in the DoppelPaymer group.

It's basically a smart strategy, but the hard parts are always the implementation details. It's one thing to say that we need to secure our cloud infrastructure, and another to detail what the means technically, who pays for it, and who verifies that it's been done.

In a joint effort, the German Regional Police, Ukrainian National Police, Europol, Dutch Police, and FBI joined forces on February 28, 2023, to take down the masterminds behind a notorious criminal organization responsible for unleashing devastating cyberattacks using the DoppelPaymer ransomware. This ransomware appeared in 2019, when cybercriminals started using it to launch attacks against organizations, critical infrastructure, and industries.