Cybercrime actors part of the Magecart group have latched on to a new technique of obfuscating the malware code within comment blocks and encoding stolen credit card data into images and other files hosted on the server, once again demonstrating how the attackers are continuously improving their infection chains to escape detection. "One tactic that some Magecart actors employ is the dumping of swiped credit card details into image files on the server [to] avoid raising suspicion," Sucuri Security Analyst, Ben Martin, said in a write-up.
Many data leaks are the result of data exfiltration or the illegal transfer of data from a device containing sensitive information to unauthorized parties. Also known as data exportation, data extrusion or simply data theft, data exfiltration is one of the final stages of the cyber kill-chain and the most important objective of advanced persistent threats.
Code42 announced that it has enhanced its Incydr data risk detection and response product with a prioritized view of the highest-risk data exposure and exfiltration events happening across organizations. The new prioritization model uses Incydr's extensive library of Insider Risk Indicators to transparently score data exfiltration with evidence and file, vector and user context.
Threat actors are increasingly abusing collaboration platforms for nefarious purposes, including malware delivery and data exfiltration, security researchers with Cisco's Talos division report. Attackers leveraged these platforms to deliver lures and infect victims with ransomware and other malware.
A recently investigated malicious attack was abusing a locally loaded Chrome extension to exfiltrate data and establish communication with the command and control server. While the use of malicious Chrome extensions in attacks is not something new, this attack stands out from the crowd due to the use of 'Developer mode' in the browser to enable loading of a malicious extension locally.
Covert Wi-Fi signals generated by DDR SDRAM hardware can be leveraged to exfiltrate data from air-gapped computers, a researcher claims. In a newly published paper, Mordechai Guri from the Ben-Gurion University of the Negev in Israel details AIR-FI, a new data exfiltration technique in which malware installed on a compromised air-gapped system can generate Wi-Fi signals that a nearby device intercepts and sends to the attacker, over the Internet.
The SaaS solution is built to mitigate exposure from data exfiltration and directly addresses the gaps in security solutions for insider threats, the cause of 66% of breaches. "The pandemic and its impact on workforce collaboration is a catalyst for security teams to rethink how they address data protection without compromising collaboration. Incydr prioritizes risks to data and provides fast and easy event investigation and response capabilities, while paving a new path for companies to protect their trade secrets."
According to Coveware for example, "Nearly 9% of all cases it worked on involved ransomware attackers stealing and threatening to leak data." The very concept of a ransomware attack, or even any other type of cyber incident, needs to be considered not in isolation but potentially as part of a wider campaign.
A newly disclosed UPnP vulnerability that affects billions of devices can be exploited for various types of malicious activities, including distributed denial-of-service attacks and data exfiltration. Designed to facilitate the automatic discovery and interaction with devices on a network, the UPnP protocol is meant for use within trusted local area networks, as it lacks any form of authentication or verification.
A researcher has demonstrated that threat actors could exfiltrate data from an air-gapped device over an acoustic channel even if the targeted machine does not have any speakers, by abusing the power supply. Researcher Mordechai Guri from the Cyber-Security Research Center at the Ben-Gurion University of the Negev in Israel has shown that a piece of malware can cause a device's power supply unit to generate sounds that can be picked up by a nearby receiver.