Security News

The infamous cybercrime organization known as Evil Corp may be running cyberespionage operations on behalf of a Russian intelligence agency, security consulting company Truesec reports. Evil Corp is allegedly run by Russian nationals Maksim Yakubets and Igor Turashev, who were charged by the United States in 2019.

Threat actors are increasingly adopting Excel 4.0 documents as an initial stage vector to distribute malware such as ZLoader and Quakbot, according to new research. The findings come from an analysis of 160,000 Excel 4.0 documents between November 2020 and March 2021, out of which more than 90% were classified as malicious or suspicious.

"Gathered from over 285 million real-world endpoints and sensors, and leveraging the extensive BrightCloud network of industry-leading partners, this year's Threat Report clearly shows how cybercriminals are willing and able to evolve their tactics to exploit collective human interest and current events," said Prentiss Donohue, EVP, SMB/C Sales, OpenText. One of which, %appdata%, saw the infection rate jump 59.2% YoY. Consumer devices saw twice as many malware infections when compared to business devices.

An examination of cybercrime ecosystems reveals it mirrors legitimate financial organization and market systems. "Cybercriminals need to move money and pay employees in their organization just like any other company," said Derek Manky Chief Security Insights & Global Threat Alliances at Fortinet's FortiGuard Labs.

Attacks against the supply chain have been growing in quantity and gravity for several years, culminating in SolarWinds. Most discussion has focused on the software supply chain, but a new study shows that the physical logistics supply chain is equally subject, and susceptible, to cyberattacks.

Adversaries are increasingly abusing Telegram as a "Command-and-control" system to distribute malware into organizations that could then be used to capture sensitive information from targeted systems. In September 2019, an information stealer dubbed Masad Stealer was found to plunder information and cryptocurrency wallet data from infected computers using Telegram as an exfiltration channel.

The COVID-19 pandemic forced businesses to quickly support remote working practices, often without proper security measures in place. Forty-nine percent of businesses surveyed stressed that changes made to remote working practices during lockdown adversely affected their company's cybersecurity.

Cybercriminals are increasingly using legitimate services such as Google Forms and Telegram to gather user data stolen on phishing websites. Alternative ways to collect data help cybercriminals keep it safe and start using the information immediately, says Group-IB. In addition, ready-to-go platforms that automate phishing and which are available on the darknet also have Telegram bots at their core, with admin panel that is used to manage the entire process of the phishing attack and keep financial records linked to them.

A malicious document builder named EtterSilent is gaining more attention on underground forums, security researchers note. Ads promoting EtterSilent maldoc builder have been published on underground forums since at least mid-2020, boasting features like bypassing Windows Defender, Windows AMSI, and popular email services, Gmail included.

The FIN11 hacking group has published on their leaks website files that were allegedly stolen from oil and gas giant Shell, likely during a cyber-security incident involving Accellion's File Transfer Appliance file sharing service. Last week, Shell revealed that it was one of the organizations affected by the Accellion cyber-attack, confirming that attackers were able to steal both corporate data and personal information pertaining to its employees.