Security News

Xlam files are now the seventh most commonly abused file extension in Q3 2023, rising 35 places from 42nd on the list in Q2. XLL attacks aren't new and researchers observed a lull in exploits at the start of 2023, but a surge in attention has been given to them in the past few months. XLL files offer attackers greater capabilities compared to alternatives like Visual Basic for Applications macros, which are now blocked by default courtesy of Microsoft's 2022 intervention, a move that was seen at the time as long overdue.

Ransomware group nicked info from employee of airline, say researchers Aerospace giant Airbus has fallen victim to a data breach, thanks in part to the inattention of a third party.…

Scammers appear to be targeting university students looking to kickstart their careers, according to research from cybersecurity biz Proofpoint. "Threat actors use the promise of easy money working from home to collect personal data, steal money, or convince victims to unwillingly participate in illegal activities, such as money laundering," the researchers said.

"Pro-Ukrainian actors are refusing to sell, buy, or collaborate with Russian-aligned actors, and are increasingly attempting to target Russian entities in support of Ukraine," wrote researchers from Accenture's Cyber Threat Intelligence. The conflict "Has led some actors to exclusively sell their services, such as network accesses, to pro-Russian actors," researchers wrote, and inspired increased attacks against Western targets.

Threat actors are hijacking the devices of India's human rights lawyers, activists and defenders, planting incriminating evidence to set them up for arrest, researchers warn. Arsenal Consulting's digital analysis shows that the file - one of the more incriminating pieces of data seized by police - was one of many files delivered via a NetWire RAT remote session associated with ModifiedElephant.

Crane Hassold, former FBI analyst turned director of threat intel at Abnormal Security, shares stories from his covert work with cyberattackers. "Behavioral characteristics and motivations of cybercriminals in the real world and virtual world are the same," said Crane Hassold, who helped to create the CBAC after spending more than 11 years as an FBI analyst, offering strategic and tactical analytical support to cyber, financial crime and violent crime cases.

Keeping availability away from customers via DDoS can have a painful impact on businesses as they find their doors blocked to customers, keeping them from making transactions. Over the years, DDoS attacks have evolved regarding level of sophistication, metrics and the techniques that threat actors employ.

Two UK VoIP operators have had their services disrupted over the last couple of days by ongoing, aggressive DDoS attacks. South Coast-based Voip Unlimited has confirmed it has been slapped with a "Colossal ransom demand" after being hit by a sustained and large-scale DDoS attack it believes originated from the Russian cybercriminal gang REvil.

The use of Cobalt Strike - the legitimate, commercially available tool used by network penetration testers - by cybercrooks has shot through the roof, according to Proofpoint researchers, who say that the tool has now "Gone fully mainstream in the crimeware world." "Based on our data, Proofpoint assesses with high confidence that Cobalt Strike is becoming increasingly popular among threat actors as an initial access payload, not just a second-stage tool threat actors use once access is achieved, with criminal threat actors making up the bulk of attributed Cobalt Strike campaigns in 2020," the researchers wrote.

In its 2020 Consumer Threat Landscape report, Bitdefender reckoned that most malware and ransomware infections occurred in the first half of the year - with cybercrims being noticeably less active in the runup to Christmas. The company reckoned that during 2020, two-thirds of all ransomware attacks it detected in the UK happened in Q1 and Q2 - with 11 per cent of the year's total taking place in Q4. Similarly, the company reckoned 74 per cent of cryptocurrency miner malware attacks took place in H1, whereas H1 2019 saw 54 per cent of the year's detected total taking place.