Cybercrime


NEWS 
  • US brokerage firms warned of widespread survey phishing attacks

    October 7, 2020

    The U.S. Financial Industry Regulatory Authority (FINRA) has issued a notice warning member brokerage firms of widespread phishing attacks using surveys to harvest information. FINRA is a non-profit organization and self-regulatory body authorized by the U.S. government to regulate exchange markets and brokerage firms. According to FINRA, the organization supervises over 624,000 brokers across the country and ...

  • French companies Under Attack from Clever BEC Scam

    October 6, 2020

    The highly anonymous and often secretive nature of the internet has led to the proliferation of scams aimed at separating people and organizations from their money. Trend Micro has been following these scams over the years and have seen many of them evolve from simplistic schemes to more sophisticated campaigns. One of the most dangerous ...

  • Inside the Bulletproof Hosting Business – Cybercriminal Methods and OpSec

    October 6, 2020

    Many cybercriminal operations have some level of organization, planning, and some form of foundation that reflects the technical acumen of the individual or group behind them. The use of underground infrastructure is inherent to the modus operandi of a cybercriminal. In our Underground Hosting series, we have differentiated how cybercrime goods are sold in marketplaces ...

  • New ransomware vaccine kills programs wiping Windows shadow volumes

    October 4, 2020

    A new ransomware vaccine program has been created that terminates processes that try to delete volume shadow copies using Microsoft’s vssadmin.exe program, Every day, Windows will create backups of your system and data files and store them in Shadow Volume Copy snapshots. These snapshots can then be used to recover files if they are mistakenly changed or ...

  • New Jersey hospital paid ransomware gang $670K to prevent data leak

    October 3, 2020

    University Hospital New Jersey in Newark, New Jersey, paid a $670,000 ransomware demand this month to prevent the publishing of 240 GB of stolen data, including patient info. The attack on the hospital occurred in early September by a ransomware operation known as SunCrypt, who infiltrates a network, steals unencrypted files, and then encrypts all of ...

  • Ransomware: Gangs are shifting targets and upping their ransom demands

    October 2, 2020

    Ransomware attacks continue to grow, according to data from IBM, which also suggests that ransomware gangs are upping their ransomware demands and getting more sophisticated about how they calculate the ransom they try to extort. The number of ransomware attacks IBM’s Security X-Force Incident Response team were called in to deal with tripled in the second ...

  • Researchers Mixed on Sanctions for Ransomware Negotiators

    October 2, 2020

    Ransomware negotiators may have to pay up in new ways if they intercede with cybercriminals on companies’ behalf. Several researchers weighed in on the wisdom of the move, with mixed reactions. The U.S. Department of the Treasury said Thursday that companies that facilitate ransomware payments to cyber-actors on behalf of victims may face sanctions for encouraging ...

  • Emotet malware takes part in the 2020 U.S. elections

    October 2, 2020

    Emotet is now taking part in the United States 2020 Presidential election with a new spam campaign pretending to be from the Democratic National Convention’s Team Blue initiative. When the Emotet gang sends out spam, their main goal is to convince recipients to open the attached malicious document. This is usually done through email themes that ...

  • Egregor Ransomware Threatens ‘Mass-Media’ Release of Corporate Data

    October 2, 2020

    A freshly discovered family of ransomware called Egregor has been spotted in the wild, using a tactic of siphoning off corporate information and threatening a “mass-media” release of it before encrypting all files. Egregor is an occult term meant to signify the collective energy or force of a group of individuals, especially when the individuals are ...

  • Palo Alto Networks Unit 42 Discovers 27 New Vulnerabilities Across Microsoft Products

    October 2, 2020

    Palo Alto Networks Unit 42 threat researchers have been credited with discovering 27 new vulnerabilities addressed by the Microsoft Security Response Center (MSRC), as part of its last nine months of security update releases. Vulnerabilities The Microsoft vulnerabilities discovered included 27 vulnerabilities rated “important,” including Remote Code Execution, Privilege Elevation, Information Disclosure and one Denial of Service ...

  • Researchers use ‘fingerprints’ to track Windows exploit developers

    October 2, 2020

    More to the point, Check Point security researchers Itay Cohen and Eyal Itkin were able to track 16 Windows Kernel Local Privilege Escalation (LPE) exploits to two different exploit developers known as Volodya (or BuggiCorp) and PlayBit (or luxor2008). 15 of the exploits Check Point successfully matched to a known exploit dev were created between 2015 ...

  • IPStorm botnet expands from Windows to Android, Mac, and Linux

    October 1, 2020

    IPStorm, a malware botnet that was first spotted last year targeting Windows systems, has evolved to infect other types of platforms, such as Android, Linux, and Mac devices. Furthermore, the botnet has also quadrupled in size, growing from around 3,000 infected systems in May 2019 to more than 13,500 devices this month. These latest developments put IPStorm ...

  • Microsoft: Some ransomware attacks take less than 45 minutes

    September 29, 2020

    For many years, the Microsoft Security Intelligence Report has been the gold standard in terms of providing a yearly overview of all the major events and trends in the cyber-security and threat intelligence landscape. While Microsoft unceremoniously retired the old SIR reports back in 2018, the OS maker appears to have realized its mistake, and has ...

  • Cross-Platform / Modular Glupteba Malware Uses ManageX

    September 29, 2020

    We recently encountered a variant of Glupteba (detected by Trend Micro as Trojan.Win32.GLUPTEBA.WLDR). Glupteba is a trojan type that has been involved with Operation Windigo in the past. We also reported its attacks on MikroTik routers and updates on its command and control (C&C) servers. With regard to its behavior, the variant shares many similarities with ...

  • DDoS attacks are getting more powerful as attackers change tactics

    September 29, 2020

    There’s been a surge in Distributed Denial of Service (DDoS) attacks throughout the course of this year, and the attacks are getting more powerful and more disruptive. DDoS attacks are launched against websites or web services with the aim of disrupting them to the extent that they are taken offline. Attackers direct the traffic from a ...

  • REvil ransomware deposits $1 million in hacker recruitment drive

    September 28, 2020

    The REvil Ransomware (Sodinokibi) operation has deposited $1 million in bitcoins on a Russian-speaking hacker forum to prove to potential affiliates that they mean business. Many ransomware operations are conducted as a Ransomware-as-a-Service (RaaS), where developers are in charge of developing the ransomware and payment site, and affiliates are recruited to hack businesses and encrypt their ...

  • UHS hospital network hit by ransomware attack

    September 28, 2020

    Universal Health Services (UHS), a Fortune 500 company and one of the largest healthcare providers in the US, has been impacted by a ransomware attack over the weekend. UHS hospitals have been operating without internal IT systems since Sunday morning, according to employees and patients who took to social media today. Some patients have been turned away ...

  • Threat landscape for industrial automation systems. H1 2020

    September 24, 2020

    Beginning in H2 2019 we have observed a tendency for decreases in the percentages of attacked computers, both in the ICS and in the corporate and personal environments. In H1 2020 the percentage of ICS computers on which malicious objects were blocked has decreased by 6.6 percentage points to 32.6%. The number was highest in Algeria (58.1%), ...

  • Government software provider Tyler Technologies hit by ransomware

    September 23, 2020

    Leading government technology services provider Tyler Technologies has suffered a ransomware attack that has disrupted its operations. Tyler Technologies is one of the largest U.S. software development and technology services companies dedicated to the public sector. With a forecasted $1.2 billion in revenue for 2020 and 5,500 employees, Tyler Technologies provides technical services for local governments in ...

  • Microsoft: Hackers using Zerologon exploits in attacks, patch now!

    September 23, 2020

    Microsoft has warned that attackers are actively using the Windows Server Zerologon exploits in attacks and advises all Windows administrators to install the necessary security updates. As part of the August 2020 Patch Tuesday security updates, Microsoft fixed a critical 10/10 rated security vulnerability known as ‘CVE-2020-1472 | Netlogon Elevation of Privilege Vulnerability’.from other specific target ...