Security News

Called Dark Utilities, the service provides a full range of C2 capabilities to give attackers an easier and inexpensive platform for launching remote access, command execution, cryptocurrency mining, and distributed denial-of-services attacks. Dark Utilities is the latest example of malware-as-a-service and ransomware-as-a-service that diversify cyber criminals' revenue by letting them profit from less-skilled programmers on top of their own exploits.

A 24-year-old Australian national has been charged for his purported role in the creation and sale of spyware for use by domestic violence perpetrators and child sex offenders. "The Frankston man engaged with a network of individuals and sold the spyware, named Imminent Monitor, to more than 14,500 individuals across 128 countries," the Australian Federal Police alleged in a press release over the weekend.

Threat actors are increasingly abusing Internet Information Services extensions to backdoor servers as a means of establishing a "Durable persistence mechanism." Attack chains taking this approach commence with weaponizing a critical vulnerability in the hosted application for initial access, using this foothold to drop a script web shell as the first stage payload. This web shell then becomes the conduit for installing a rogue IIS module to provide highly covert and persistent access to the server, in addition to monitoring incoming and outgoing requests as well as running remote commands.

An emerging and fast-growing threat group is using a unique business model to offer cybercriminals a broad range of services that span from leaked databases and distributed denial-of-service attacks to hacking scripts and, in the future, potentially ransomware. As a clearer picture of AIG emerged, it became obvious that the group's operations were anything but business as usual.

That's certainly the case for a troika of cybercriminals alleged to have been behind the infamous Gozi "Banking Trojan" malware, which first appeared in the late 2000s. Kuzmin, as we explained at the time, was effectively the COO of the group, hiring coders to create malware for the gang, and managing a bunch of cybercrime affiliates to deploy the malware and fleece victims - an operating model known as crimeware-as-a-service that is now used almost universally by ransomware gangs.

Amazon Prime Day is one such seasonal event in which the retail giant kicks off a series of tempting sales for consumers looking to save money. In advance of this year's Amazon Prime Day set for July 12 and 13, Check Point said it has seen a 37% jump in Amazon-related phishing attacks at the start of July compared with the daily average for June.

During the first half of 2022, BioCatch data reveals that money mule accounts represent up to 0.3 percent of accounts held by financial institutions, and an estimated $3 billion in fraudulent financial transfers. Applying BioCatch findings to the estimated 657 million bank accounts in the United States, this translates to approximately two million mule accounts and nearly $3 billion in fraudulent transfers in a year.

Timeline May 31: Volexity found zero-day vulnerability in Atlassian Confluence. AI Spera used Criminal IP to determine the number of Atlassian Confluence servers connected to the Internet.

Proofpoint unveiled its annual Human Factor report, which provides a comprehensive examination of the three main facets of user risk - vulnerability, attacks, and privilege - and how threat actors continue their ceaseless creativity as they exploit the many opportunities presented by people. "One constant that remains as organizations approach a sense of normalcy after a disruptive year is that cyber criminals continue to target and exploit people," said Ryan Kalember, EVP of cybersecurity strategy, Proofpoint.

Cybersecurity researchers have detailed the workings of a fully-featured malware loader dubbed PureCrypter that's being purchased by cyber criminals to deliver remote access trojans and information stealers. Some of the malware families distributed using PureCrypter include Agent Tesla, Arkei, AsyncRAT, AZORult, DarkCrystal RAT, LokiBot, NanoCore, RedLine Stealer, Remcos, Snake Keylogger, and Warzone RAT. Sold for a price of $59 by its developer named "PureCoder" for a one-month plan since at least March 2021, PureCrypter is advertised as the "Only crypter in the market that uses offline and online delivery technique."