Security News

According to findings from SlashNext, a new generative AI cybercrime tool called WormGPT has been advertised on underground forums as a way for adversaries to launch sophisticated phishing and business email compromise attacks.In the hands of a bad actor, tools like WormGPT could be a powerful weapon, especially as OpenAI ChatGPT and Google Bard are increasingly taking steps to combat the abuse of large language models to fabricate convincing phishing emails and generate malicious code.

Computer scientists at the University of Waterloo have discovered a method of attack that can successfully bypass voice authentication security systems with up to a 99% success rate after only six tries. Voice authentication - which allows companies to verify the identity of their clients via a supposedly unique "Voiceprint" - has increasingly been used in remote banking, call centers and other security-critical scenarios.

An active financially motivated campaign is targeting vulnerable SSH servers to covertly ensnare them into a proxy network. "This is an active campaign in which the attacker leverages SSH for remote access, running malicious scripts that stealthily enlist victim servers into a peer-to-peer proxy network, such as Peer2Profit or Honeygain," Akamai researcher Allen West said in a Thursday report.

As COVID-19 medical and economic programs began to wind down, attackers had to find new ways to make a living by honing their social engineering skills, commoditising once-sophisticated attack techniques, and creatively searching for new opportunities in unexpected places. From scaling brute-force and targeted attacks on cloud tenants to the surge in conversational smishing attacks and proliferation of multifactor authentication bypass, the cyber-attack landscape witnessed significant developments on several fronts in 2022.

In this Help Net Security video, Jim Simpson, Director of Threat Intelligence at Searchlight Cyber, discusses how cybercriminals employ specialized strategies when targeting energy companies. This is primarily due to the sensitive and valuable information these organizations hold and their critical role in infrastructure, making them particularly attractive for economic and geopolitical disruption.

A fully undetectable malware obfuscation engine named BatCloak is being used to deploy various malware strains since September 2022, while persistently evading antivirus detection. The samples grant "Threat actors the ability to load numerous malware families and exploits with ease through highly obfuscated batch files," Trend Micro researchers said.

Threat actors associated with the Cyclops ransomware have been observed offering an information stealer malware that's designed to capture sensitive data from infected hosts. Cyclops ransomware is notable for targeting all major desktop operating systems, including Windows, macOS, and Linux.

An unknown cybercrime threat actor has been observed targeting Spanish- and Portuguese-speaking victims to compromise online banking accounts in Mexico, Peru, and Portugal. The cybersecurity company attributed the campaign, dubbed Operation CMDStealer, to a Brazilian threat actor based on an analysis of the artifacts.

According to Egress, the evolving attack methodologies currently used by cybercriminals are designed to get through traditional perimeter security. "Although traditional signature-based detection can filter out phishing emails with known malicious payloads, cybercriminals are constantly refining their attack methods to bypass existing detection systems and appear more credible to their victims. Our report reveals that attacks are increasingly leveraging social engineering, advanced technical measures, and compromised email addresses to deliver sophisticated payloads or defraud organizations. Every attack we analyzed had bypassed other forms of anti-phishing detection, including secure email gateways," Chapman continued.

A financially motivated threat actor is actively scouring the internet for unprotected Apache NiFi instances to covertly install a cryptocurrency miner and facilitate lateral movement. "The attack script is not saved to the system. The attack scripts are kept in memory only."