Security News
Ransomware remained the leading cause of loss since January 2023, with 64% of ransomware-related claims resulting in a loss. The financial severity of claims related to ransomware attacks increased 411% from 2022 to 2023.
The sophistication of cyber threats has escalated dramatically, with malicious actors' deploying advanced tactics, techniques, and procedures to exploit vulnerabilities and evade detection, according to Darktrace. "The threat landscape continues to evolve, but new threats often build upon old foundations rather than replacing them. While we have observed the emergence of new malware families, many attacks are carried out by the usual suspects that we have seen over the last few years, still utilizing familiar techniques and malware variants," comments Nathaniel Jones, Director of Strategic Threat and Engagement at Darktrace.
"A key element of their strategy was using direct syscalls to bypass security monitoring tools, decrypting layers of shellcode, and deploying the Early Bird APC queue injection to stealthily execute code and evade detection effectively." The exploitation of TryCloudflare for malicious ends was first recorded last year, when Sysdig uncovered a cryptojacking and proxyjacking campaign dubbed LABRAT that weaponized a now-patched critical flaw in GitLab to infiltrate targets and obscure their command-and-control servers using Cloudflare tunnels.
At least two Russian cybercriminals are among those being returned to their motherland as part of a multinational prisoner exchange deal announced Thursday. Videos circulating online today showed Seleznev and other freed Russian prisoners shaking hands with President Vladimir Putin upon disembarking the plane that carried them back to their country.
A new malicious campaign has been observed making use of malicious Android apps to steal users' SMS messages since at least February 2022 as part of a large-scale campaign. Once installed, the app requests permission to access incoming SMS messages, following which it reaches out to one of the 13 command-and-control servers to transmit stolen SMS messages.
Cybersecurity researchers have detailed widespread phishing campaigns targeting small and medium-sized businesses in Poland during May 2024 that led to the deployment of several malware families like Agent Tesla, Formbook, and Remcos RAT. Some of the other regions targeted by the campaigns include Italy and Romania, according to cybersecurity firm ESET. "Attackers used previously compromised email accounts and company servers, not only to spread malicious emails but also to host malware and collect stolen data," ESET researcher Jakub Kaloč said in a report published today. These campaigns, spread across nine waves, are notable for the use of a malware loader called DBatLoader to deliver the final payloads.
Each story shines a light on underground activities, the threat actors involved, and why you should care, along with what you can do to mitigate risk. This comprehensive analysis, compiled by Cybersixgill's cyber threat intelligence experts, provides valuable insights into the tactics, techniques, and technologies employed by threat actors worldwide.
Cybersecurity firm CrowdStrike, which is facing the heat for causing worldwide IT disruptions by pushing out a flawed update to Windows devices, is now warning that threat actors are exploiting the situation to distribute Remcos RAT to its customers in Latin America under the guise of a providing a hotfix. The attack chains involve distributing a ZIP archive file named "Crowdstrike-hotfix.zip," which contains a malware loader named Hijack Loader that, in turn, launches the Remcos RAT payload. Specifically, the archive file also includes a text file with Spanish-language instructions that urges targets to run an executable file to recover from the issue.
In the field of threat intelligence there are specific ways in which AI tools are showing huge promise for cybersecurity teams, including in lifting the lid on dark web threats. There is a role for AI in gathering data from the dark web, applying structure to it, and ultimately turning it into intelligence that organizations can use to inform their security strategy.
Europol coordinated a joint law enforcement action known as Operation Morpheus, which led to the takedown of almost 600 Cobalt Strike servers used by cybercriminals to infiltrate victims' networks. "Older, unlicensed versions of the Cobalt Strike red teaming tool were targeted during a week of action coordinated from Europol's headquarters between 24 and 28 June," said Europol.