Security News

Business and tech consolidation opens doors for cybercriminals
2024-08-16 04:27

Ransomware remained the leading cause of loss since January 2023, with 64% of ransomware-related claims resulting in a loss. The financial severity of claims related to ransomware attacks increased 411% from 2022 to 2023.

Malware-as-a-Service and Ransomware-as-a-Service lower barriers for cybercriminals
2024-08-09 04:30

The sophistication of cyber threats has escalated dramatically, with malicious actors' deploying advanced tactics, techniques, and procedures to exploit vulnerabilities and evade detection, according to Darktrace. "The threat landscape continues to evolve, but new threats often build upon old foundations rather than replacing them. While we have observed the emergence of new malware families, many attacks are carried out by the usual suspects that we have seen over the last few years, still utilizing familiar techniques and malware variants," comments Nathaniel Jones, Director of Strategic Threat and Engagement at Darktrace.

Cybercriminals Abusing Cloudflare Tunnels to Evade Detection and Spread Malware
2024-08-02 07:02

"A key element of their strategy was using direct syscalls to bypass security monitoring tools, decrypting layers of shellcode, and deploying the Early Bird APC queue injection to stealthily execute code and evade detection effectively." The exploitation of TryCloudflare for malicious ends was first recorded last year, when Sysdig uncovered a cryptojacking and proxyjacking campaign dubbed LABRAT that weaponized a now-patched critical flaw in GitLab to infiltrate targets and obscure their command-and-control servers using Cloudflare tunnels.

US sends cybercriminals back to Russia in prisoner swap that freed WSJ journo, others
2024-08-02 00:50

At least two Russian cybercriminals are among those being returned to their motherland as part of a multinational prisoner exchange deal announced Thursday. Videos circulating online today showed Seleznev and other freed Russian prisoners shaking hands with President Vladimir Putin upon disembarking the plane that carried them back to their country.

Cybercriminals Deploy 100K+ Malware Android Apps to Steal OTP Codes
2024-07-31 10:01

A new malicious campaign has been observed making use of malicious Android apps to steal users' SMS messages since at least February 2022 as part of a large-scale campaign. Once installed, the app requests permission to access incoming SMS messages, following which it reaches out to one of the 13 command-and-control servers to transmit stolen SMS messages.

Cybercriminals Target Polish Businesses with Agent Tesla and Formbook Malware
2024-07-30 11:06

Cybersecurity researchers have detailed widespread phishing campaigns targeting small and medium-sized businesses in Poland during May 2024 that led to the deployment of several malware families like Agent Tesla, Formbook, and Remcos RAT. Some of the other regions targeted by the campaigns include Italy and Romania, according to cybersecurity firm ESET. "Attackers used previously compromised email accounts and company servers, not only to spread malicious emails but also to host malware and collect stolen data," ESET researcher Jakub Kaloč said in a report published today. These campaigns, spread across nine waves, are notable for the use of a malware loader called DBatLoader to deliver the final payloads.

Cyber Threat Intelligence: Illuminating the Deep, Dark Cybercriminal Underground
2024-07-30 10:50

Each story shines a light on underground activities, the threat actors involved, and why you should care, along with what you can do to mitigate risk. This comprehensive analysis, compiled by Cybersixgill's cyber threat intelligence experts, provides valuable insights into the tactics, techniques, and technologies employed by threat actors worldwide.

Cybercriminals Exploit CrowdStrike Update Mishap to Distribute Remcos RAT Malware
2024-07-20 16:01

Cybersecurity firm CrowdStrike, which is facing the heat for causing worldwide IT disruptions by pushing out a flawed update to Windows devices, is now warning that threat actors are exploiting the situation to distribute Remcos RAT to its customers in Latin America under the guise of a providing a hotfix. The attack chains involve distributing a ZIP archive file named "Crowdstrike-hotfix.zip," which contains a malware loader named Hijack Loader that, in turn, launches the Remcos RAT payload. Specifically, the archive file also includes a text file with Spanish-language instructions that urges targets to run an executable file to recover from the issue.

How AI helps decode cybercriminal strategies
2024-07-11 04:30

In the field of threat intelligence there are specific ways in which AI tools are showing huge promise for cybersecurity teams, including in lifting the lid on dark web threats. There is a role for AI in gathering data from the dark web, applying structure to it, and ultimately turning it into intelligence that organizations can use to inform their security strategy.

Europol takes down 593 Cobalt Strike servers used by cybercriminals
2024-07-03 14:46

Europol coordinated a joint law enforcement action known as Operation Morpheus, which led to the takedown of almost 600 Cobalt Strike servers used by cybercriminals to infiltrate victims' networks. "Older, unlicensed versions of the Cobalt Strike red teaming tool were targeted during a week of action coordinated from Europol's headquarters between 24 and 28 June," said Europol.