Security News

A crimeware-related threat actor known as Haskers Gang has released an information-stealing malware called ZingoStealer for free on, allowing other criminal groups to leverage the tool for nefarious purposes. Besides harvesting sensitive information such as credentials, stealing cryptocurrency wallet information, and mining cryptocurrency on victims' systems, the malware leverages Telegram as both an exfiltration channel as well as a platform to distribute updates.

How cybercriminals are creating malicious hyperlinks that bypass security software. A report released Thursday by email security provider Avanan reveals how a coding practice called Quoted-printable is being used in phishing emails to present malicious links as legitimate.

In this video for Help Net Security, Tal Samra, Cyber Threat Analyst at Cyberint, talks about Discord, a platform often used for cybercrime activities, and the possible threats users might come across. The application offers its users privacy and encryption, access to private rooms and hidden content, and by also being resistant to law enforcement seizure, it has been increasingly leveraged by cybercriminals in distributing malicious files.

In this video for Help Net Security, Charles Brook, Threat Intelligence Researcher at Tessian, talks about how cybercriminals have taken advantage of the crisis in Ukraine to create charity donation scams. While there are legitimate ways to donate money and resources, scammers have started using impersonation techniques and sneaky tactics to dupe individuals into sending fake donations via emails, asking for cryptocurrency, or via fake websites.

More advanced phishing kits contain a control center to tune the functionalities of the phishing pages, such as by specifying how they will receive data, or performing filtering. Phishing kits make it easier for cybercriminals without technical knowledge to launch phishing campaigns.

As the war in Ukraine unfolded, one way of helping was to donate cryptocurrency which resulted in over $50 million in crypto donations. Cybercriminals were quick to move and take advantage of this lucrative situation and inattentive victims.

Cybercriminals will always use third-party IP addresses to deliver their attacks. Criminals need IP addresses to deliver distributed denial of service attacks.

During the second half of 2021, cybercriminals launched approximately 4.4 million Distributed Denial of Service attacks, bringing the total number of DDoS attacks in 2021 to 9.75 million, a NETSCOUT report reveals. The report details how the second half of 2021 established high-powered botnet armies and rebalanced the scales between volumetric and direct-path attacks, creating more sophisticated operating procedures for attackers and adding new tactics, techniques, and methods to their arsenals.

The FBI's Internet Crime Complaint Center released its annual report compiled from 847,376 complaints it received in 2021. There were 19,954 BEC complaints to the IC3 in 2021 that accounted for approximately $2.4bn in losses.

A research from Trend Micro warns of spiraling risk to digital infrastructure and remote workers as threat actors increase their rate of attack on organizations and individuals. "Attackers are always working to increase their victim count and profit, whether through quantity or effectiveness of attacks," said Jon Clay, VP of threat intelligence at Trend Micro.