Security News

In what's a case of setting a thief to catch a thief, the U.K. National Crime Agency revealed that it has created a network of fake DDoS-for-hire websites to infiltrate the online criminal underground. "All of the NCA-run sites, which have so far been accessed by around several thousand people, have been created to look like they offer the tools and services that enable cyber criminals to execute these attacks," the law enforcement agency said.

The U.K.'s National Crime Agency revealed today that they created multiple fake DDoS-for-hire service websites to identify cybercriminals who utilize these platforms to attack organizations. NCA says several thousands of people accessed its fake sites, which had a realistic appearance as a genuine booter service.

Organizations worldwide pay ransomware fees instead of implementing solutions to protect themselves. The ransom is just the tip of the iceberg regarding the damage a ransomware attack can wreak.

The collapse of the Silicon Valley Bank on March 10, 2023, has sent ripples of turbulence throughout the global financial system, but for hackers, scammers, and phishing campaigns, it's becoming an excellent opportunity. An attack already seen in the wild is from BEC threat actors who are impersonating SVB customers and telling customers that they need payments sent to a new bank account after the bank's collapse.

Six different law firms were targeted in January and February 2023 as part of two disparate threat campaigns distributing GootLoader and FakeUpdates malware strains. GootLoader, active since late 2020, is a first-stage downloader that's capable of delivering a wide range of secondary payloads such as Cobalt Strike and ransomware.

Cybercriminals remained active in spying and information stealing, with lottery-themed adware campaigns used as a tactic to obtain people's contact details, according to Avast. "At the end of 2022, we have seen an increase in human-centered threats, such as scams tricking people into thinking their computer is infected, or that they have been charged for goods they didn't order. It's human nature to react to urgency, fear and try to regain control of issues, and that's where cybercriminals succeed," said Jakub Kroustek, Avast Malware Research Director.

Between July-December 2022, the median open rate for text-based business email compromise attacks was nearly 28%, according to Abnormal Security. "Human beings are relatively easy to manipulate, and employers' expectations regarding the ability of the average employee to identify these modern attacks are far too high. It is much safer to prevent a threat from reaching an employee's inbox than to rely on them to try to detect these sophisticated attacks on their own," Hassold continued.

The U.S. Department of Justice on Wednesday announced the arrest of Anatoly Legkodymov, the cofounder of Hong Kong-registered cryptocurrency exchange Bitzlato for allegedly processing $700 million in illicit funds. According to court documents, Bitzlato is said to have advertised itself as a virtual currency exchange with minimal identification requirements for its users, breaking the rules requiring the vetting of customers.

Remote access trojans such as StrRAT and Ratty are being distributed as a combination of polyglot and malicious Java archive files, once again highlighting how threat actors are continuously finding new ways to fly under the radar. "Attackers now use the polyglot technique to confuse security solutions that don't properly validate the JAR file format," Deep Instinct security researcher Simon Kenin said in a report.

The threat actors behind the Windows banking malware known as Casbaneiro has been attributed as behind a novel Android trojan called BrasDex that has been observed targeting Brazilian users as part of an ongoing multi-platform campaign. BrasDex features a "Complex keylogging system designed to abuse Accessibility Services to extract credentials specifically from a set of Brazilian targeted apps, as well as a highly capable Automated Transfer System engine," ThreatFabric said in a report published last week.