Cybercrime

September 1, 2020

Users on the internet rely on domain names to find brands, services, professionals and personal websites. Cybercriminals take advantage of the essential role that domain names play on the internet by registering names that appear related to existing domains or brands, with the intent of profiting from user mistakes. This is known as cybersquatting. The ...

September 1, 2020

Beyond standard underground offerings such as malware and exploit kits, cybercriminals also value having a stable hosting infrastructure that underpins all their activities. Such an infrastructure could host malicious content and the necessary components for controlling their operations (e.g., bulletproof hosting that run backend hacker infrastructure or a rented botnet of compromised machines). In many respects, ...

August 28, 2020

Last year, we observed attacks launched to steal high-profile Instagram accounts. Now, attacks of a similar nature are on the rise again, this time using new lures to achieve the same goal. Both strikes involve a group of Turkish-speaking hackers who seized Instagram accounts through credential phishing emails posing as legitimate messages from Instagram. The group ...

August 28, 2020

The FBI thwarted the plans of 27-year-old Russian national Egor Igorevich Kriuchkov to recruit an insider within Tesla’s Nevada Gigafactory, persuade him to plant malware on the company’s network, and then ransom Tesla under threat that he would leak data stolen from their systems. Kriuchkov was arrested on August 22, 2020, in Los Angeles after he ...

August 27, 2020

Unsecured Docker daemons have been known to security professionals as a major threat since the early days of containers. Unit 42 recently wrote about Graboid, the first-ever Docker cryptojacking worm and unsecured Docker daemons. I conducted additional research by setting up a Docker daemon honeypot in order to examine how things look for an average ...

August 27, 2020

While attachment threat vectors are one of the oldest malware-spreading tricks in the books, email users are still clicking on malicious attachments that hit their inbox, whether it’s a purported “job offer” or a pretend “critical invoice.” The reason why threat actors are still relying on this age-old tactic, researchers say, is that the attack is ...

August 27, 2020

Attacks attributed to the Qbot trojan, known as the “Swiss Army knife” of malware, are on the uptick with a reported 100,000 recent infections, according to researchers. Qbot, an ever-evolving information-stealing trojan that’s been around since 2008, has shifted tactics again and adopted a bevy of new techniques, according to researchers at Check Point who released ...

August 26, 2020

A ransomware named SunCrypt has joined the ‘Maze cartel,’ and with their membership, we get insight into how these groups are working together. In June, we broke the story that the Maze threat actors created a cartel of ransomware operations to share information and techniques to help each other extort their victims. When first started, this cartel ...

August 26, 2020

North Korean hackers tracked as BeagleBoyz have been using malicious remote access tools as part of ongoing attacks to steal millions from international banks according to a joint advisory issued today by several U.S. Government agencies. The joint release says that North Korea’s BeagleBoyz hacking group has once again started robbing banks through remote internet access ...

August 26, 2020

New Zealand’s stock exchange (NZX) has been impacted by distributed denial-of-service (DDoS) attacks during the last two days, forcing it to shut down trading until the connectivity issues were resolved. NZX operates New Zealand’s capital, risk, and commodity markets, and it supplies market information including real-time stock quotes, market data and news. The stock market announced around ...