Cybercrime


NEWS 
  • UK: Ransomware attack on NHS systems could take weeks to fix, major IT provider warns

    August 11, 2022

    A cyberattack that hit a major IT provider for the NHS and severely affected the 111 service involved ransomware and could take up to four weeks to fix, it has emerged. Advanced, which supplies vital systems for the NHS, said it suffered a cyber breach around 7am on 4 August which has now been contained. The attack ...

  • Cisco admits corporate network compromised by gang with links to Lapsus$

    August 11, 2022

    Cisco disclosed on Wednesday that its corporate network was accessed by cyber-criminals in May after an employee’s personal Google account was compromised – an act a ransomware gang named “Yanluowang” has now claimed as its work. The world’s largest networking vendor disclosed the months-old compromise after a list of files accessed during the incident appeared on ...

  • Automotive supplier breached by 3 ransomware gangs in 2 weeks

    August 10, 2022

    An automotive supplier had its systems breached and files encrypted by three different ransomware gangs over two weeks in May, two of the attacks happening within just two hours. The attacks followed an initial breach of the company’s systems by a likely initial access broker (IAB) in December 2021, who exploited a firewall misconfiguration to breach ...

  • Phishers who breached Twilio and fooled Cloudflare could easily get you, too

    August 10, 2022

    At least two security-sensitive companies—Twilio and Cloudflare—were targeted in a phishing attack by an advanced threat actor who had possession of home phone numbers of not just employees but employees’ family members as well. In the case of Twilio, a San Francisco-based provider of two-factor authentication and communication services, the unknown hackers succeeded in phishing the ...

  • 7-Eleven stores in Denmark closed due to a cyberattack

    August 8, 2022

    7-Eleven stores in Denmark shut down today after a cyberattack disrupted stores’ payment and checkout systems throughout the country. The attack occurred early this morning, August 8th, with the company posting on Facebook that they were likely “exposed to a hacker attack”. The translated statement says that the company has closed all the stores in the country ...

  • New GwisinLocker ransomware encrypts Windows and Linux ESXi servers

    August 6, 2022

    A new ransomware family called ‘GwisinLocker’ targets South Korean healthcare, industrial, and pharmaceutical companies with Windows and Linux encryptors, including support for encrypting VMware ESXi servers and virtual machines. The new malware is the product of a lesser-known threat actor dubbed Gwisin, which means “ghost” in Korean. The actor is of unknown origin but appears to ...

  • Twitter breach exposed anonymous account owners

    August 5, 2022

    A vulnerability in Twitter’s software that exposed an undetermined number of owners of anonymous accounts to potential identity compromise last year was apparently exploited by a malicious actor, the social media company said Friday. It did not confirm a report that data on 5.4 million users was offered for sale online as a result but said ...

  • Taiwanese military reports DDoS in wake of Pelosi visit

    August 4, 2022

    Taiwan’s Ministry of National Defense confirmed it was hit by a DDoS attack on Wednesday in what has been an eventful week for the island nation, US-Sino relations, and semiconductors. The ministry said the network was attacked around 23:40 with connection restored by 00:30 local time on Thursday. Cabinet spokesperson Lo Ping-cheng said work on heightening ...

  • Attackers leveraging Dark Utilities “C2aaS” platform in malware campaigns

    August 4, 2022

    In early 2022, a new C2 platform called “Dark Utilities” was established, offering a variety of services such as remote system access, DDoS capabilities and cryptocurrency mining. The operators of the service also established Discord and Telegram communities where they provide technical support and assistance for customers on the platform. Dark Utilities provides payloads consisting of ...

  • DDoS attacks in Q2 2022

    August 3, 2022

    Politically-motivated cyberattacks dominated the DDoS landscape in the second quarter of 2022 just as they did in the previous reporting period. ALtahrea Team, a group targeting NATO and its partners, attacked public transportation websites in Israel and the United Kingdom. Israel saw a cyberattack on the Airports Authority, and UK, an attack on the Port ...

  • Examining New DawDropper Banking Dropper and DaaS on the Dark Web

    August 2, 2022

    Malicious actors have been surreptitiously adding a growing number of banking trojans to Google Play Store via malicious droppers this year, proving that such a technique is effective in evading detection. Additionally, because there is a high demand for novel ways to distribute mobile malware, several malicious actors claim that their droppers could help other ...

  • Website of Taiwan’s presidential office receives overseas cyber attack

    August 2, 2022

    The website of Taiwan’s presidential office received an overseas cyber attack on Tuesday and was at one point malfunctioning, a source briefed on the matter said. The website was shortly brought back online, the source told Reuters. U.S. House of Representatives Speaker Nancy Pelosi was expected to arrive in Taipei later on Tuesday, people briefed on ...

  • SolidBit Ransomware Enters the RaaS Scene and Takes Aim at Gamers and Social Media Users With New Variant

    August 2, 2022

    Trend Micro researchers recently analyzed a sample of a new SolidBit ransomware variant that targets users of popular video games and social media platforms. The malware was uploaded to GitHub, where it is disguised as different applications, including a League of Legends account checker tool (Figure 1) and an Instagram follower bot, to lure in ...

  • CISA and ACSC Release Top 2021 Malware Strains

    August 2, 2022

    CISA and the Australian Cyber Security Centre (ACSC) have published a joint Cybersecurity Advisory on the top malware strains observed in 2021. Malicious cyber actors often use malware to covertly compromise and then gain access to a computer or mobile device. As malicious cyber actors have been using most of these top malware strains for ...

  • BlackCat ransomware claims attack on European gas pipeline

    August 1, 2022

    The ALPHV ransomware gang, aka BlackCat, claimed responsibility for a cyberattack against Creos Luxembourg S.A. last week, a natural gas pipeline and electricity network operator in the central European country. Creos’ owner, Encevo, who operates as an energy supplier in five EU countries, announced on July 25 that they had suffered a cyberattack the previous weekend, ...

  • Activists use torrents to spread uncensored news to Russian pirates

    August 1, 2022

    A team of Ukrainian cyber-activists has thought of a simple yet potentially effective way to spread uncensored information in Russia: bundling torrents with text and video files pretending to include installation instructions. Named “Torrents of Truth,” the initiative is similar to “Call Russia,” a project to help break through Russian propaganda and open people’s eyes to ...

  • Russian Hackers Target U.S. HIMARS Maker in ‘New Type of Attack’

    August 1, 2022

    ussian hackers have launched “a new type of attack” on American military company Lockheed Martin, the maker of the M142 High Mobility Artillery Rocket System (HIMARS), the weapon the hackers believe is responsible for thousands of deaths in Ukraine, according to a pro-Moscow news website. The Kremlin-supporting Life website reported that the cyberattack by the Killnet ...

  • Huge network of 11,000 fake investment sites targets Europe

    July 31, 2022

    Researchers have uncovered a gigantic network of more than 11,000 domains used to promote numerous fake investment schemes to users in Europe. The platforms show fabricated evidence of enrichment and falsified celebrity endorsements to create an image of legitimacy and lure in a larger number of victims. The goal of the operation is to trick users into ...

  • LofyLife: malicious npm packages steal Discord tokens and bank card data

    July 28, 2022

    On July 26, using the internal automated system for monitoring open-source repositories, Kaspersky researchers identified four suspicious packages in the Node Package Manager (npm) repository. All these packages contained highly obfuscated malicious Python and JavaScript code. We dubbed this malicious campaign “LofyLife”. The Python malware is a modified version of an open-source token logger called Volt ...

  • U.S. doubles reward for tips on North Korean-backed hackers

    July 26, 2022

    The U.S. State Department has increased rewards paid to anyone providing information on any North Korean-sponsored threat groups’ members to $10 million. “If you have information on any individuals associated with the North Korean government-linked malicious cyber groups (such as Andariel, APT38, Bluenoroff, Guardians of Peace, Kimsuky, or Lazarus Group) and who are involved in targeting ...