Security News

Ransomware groups are abusing unpatched versions of a Linux-based Mitel VoIP application and using it as a springboard plant malware on targeted systems. The Mitel focuses on VoIP technology allowing users to make phone calls using an internet connection instead of regular telephone lines.

Russia-linked cyber collective Killnet has claimed responsibility for DDoS attacks Monday on the Lithuanian government and other entities in the Baltic country over closure of transit routes within the Russian exclave of Kaliningrad, according to researchers. On Monday, Lithuania's National Cyber Security Center under the Ministry of National Defense warned of intense and ongoing DDoS attacks against Lithuania's Secure National Data Transfer Network as well as other governmental institutions and private companies in the country.

Chinese web giant Tencent has admitted to a significant account hijack attack on its QQ.com messaging and social media platform. In a post to rival social media platform Sina Weibo - a rough analog of Twitter - Tencent apologized for the incident.

The Vice Society ransomware gang has claimed responsibility for last week's cyberattack against the Medical University of Innsbruck, which caused severe IT service disruption and the alleged theft of data. The research university has 3,400 students and 2,200 employees and offers extensive medical care services, including surgeries.

The latest APWG's Phishing Activity Trends Report reveals that in the first quarter of 2022 there were 1,025,968 total phishing attacks-the worst quarter for phishing observed to date. This quarter was the first time the three-month total has exceeded one million.

Resecurity, Inc. has identified a spike in phishing content delivered via Azure Front Door, a cloud CDN service provided by Microsoft. According to experts, such tactics confirm how the bad actors are continuously looking to enhance their tactics and procedures to avoid phishing detection using world-known cloud services.

A suspected ransomware intrusion against an unnamed target leveraged a Mitel VoIP appliance as an entry point to achieve remote code execution and gain initial access to the environment.The findings come from cybersecurity firm CrowdStrike, which traced the source of the attack to a Linux-based Mitel VoIP device sitting on the network perimeter, while also identifying a previously unknown exploit as well as a couple of anti-forensic measures adopted by the actor on the device to erase traces of their actions.

A China-based advanced persistent threat group is possibly deploying short-lived ransomware families as a decoy to cover up the true operational and tactical objectives behind its campaigns. The activity cluster, attributed to a hacking group dubbed Bronze Starlight by Secureworks, involves the deployment of post-intrusion ransomware such as LockFile, Atom Silo, Rook, Night Sky, Pandora, and LockBit 2.0.

Hackers used a zero-day exploit on Linux-based Mitel MiVoice VOIP appliances for initial access in what is believed to be the beginning of a ransomware attack. Mitel VOIP devices are used by critical organizations in various sectors for telephony services and were recently exploited by threat actors for high-volume DDoS amplification attacks.

The National Cyber Security Center of Lithuania has issued a public warning about a steep increase in distributed denial of service attacks directed against public authorities in the country. DDoS is a special type of cyberattack that causes internet servers to be overwhelmed by a large number of requests and garbage traffic, rendering the hosted sites and services inaccessible for legitimate visitors and users.