Cybercrime


NEWS 
  • Targeted ransomware: it’s not just about encrypting your data!

    November 11, 2020

    When we talk about ransomware, we need to draw a line between what it used to be and what it currently is. Why? Because nowadays ransomware is not just about encrypting data – it’s primarily about data exfiltration. After that, it’s about data encryption and leaving convincing proof that the attacker was in the network, ...

  • Ragnar Locker Ransomware Gang Takes Out Facebook Ads in Key New Tactic

    November 11, 2020

    The Ragnar Locker ransomware group has decided to ratchet up the pressure on its latest high-profile victim, Italian liquor conglomerate Campari, by taking out Facebook ads threatening to release the 2TB of sensitive data it stole in a Nov. 3 attack – unless a $15 million ransom is paid in Bitcoin. Campari Group, which is behind ...

  • Recent ransomware wave targeting Israel linked to Iranian threat actors

    November 11, 2020

    Two recent ransomware waves that targeted Israeli companies have been traced back to Iranian threat actors, multiple sources have told ZDNet today. The ransomware attacks have been taking place since mid-October, have ramped up this month, and have repeatedly focused on Israeli targets. Israeli companies of all sizes have been targeted by threat actors using the Pay2Key ...

  • A Closer Look at the Web Skimmer

    November 9, 2020

    The formjacking attack has been one of the fastest-growing cyberattacks in recent years. As explained in our previous blog, “Anatomy of Formjacking Attacks,” the formjacking attack is easy to deploy but hard to detect. It has gained popularity among threat actors, especially against e-commerce websites. Between May and September 2020, we detected an average of ...

  • Ghimob: a Tétrade threat actor moves to infect mobile devices

    November 9, 2020

    Guildma, a threat actor that is part of the Tétrade family of banking trojans, has been working on bringing in new techniques, creating new malware and targeting new victims. Recently, their new creation, the Ghimob banking trojan, has been a move toward infecting mobile devices, targeting financial apps from banks, fintechs, exchanges and cryptocurrencies in ...

  • An Old Joker’s New Tricks: Using Github To Hide Its Payload

    November 9, 2020

    The Joker malware has consistently plagued mobile users since its discovery in 2017. In January 2020, Google removed 1700 infected applications from the Play Store — a list that grew over three years. More recently, in September, security company Zscaler found 17 samples that were uploaded to the Google Play Store. Joker has been responsible ...

  • Compal, the second-largest laptop manufacturer in the world, hit by ransomware

    November 9, 2020

    Compal, a Taiwanese electronics company that builds laptops for some of the world’s largest computer brands such as Apple, Acer, Lenovo, Dell, Toshiba, HP, and Fujitsu, suffered a ransomware attack over the weekend. Responsible for the breach is believed to be the DoppelPaymer ransomware gang, according to a screenshot of the ransom note shared by Compal ...

  • xHunt Campaign: Newly Discovered Backdoors Using Deleted Email Drafts and DNS Tunnelling for C2

    November 9, 2020

    The xHunt campaign has been active since at least July 2018 and we have seen this group target Kuwait government and shipping and transportation organizations. Recently, we observed evidence that the threat actors compromised a Microsoft Exchange Server at an organization in Kuwait. We do not have visibility into how the actors gained access to ...

  • Ransomware hits e-commerce platform X-Cart

    November 9, 2020

    E-commerce software vendor X-Cart suffered a ransomware attack at the end of October that brought down customer stores hosted on the company’s hosting platform. The incident is believed to have taken place after attackers exploited a vulnerability in a third-party software to gain access to X-Cart’s store hosting systems. “We have identified what we believed to have ...

  • Gitpaste-12 malware wants to add your Linux servers and IoT devices to its botnet

    November 9, 2020

    A new form of malware is targeting Linux servers and Internet of Things (IoT) devices and adding them to a botnet in what appears to be the first stage of a hacking campaign targeting cloud computing infrastructure – although the purpose of the attacks remains unclear. Uncovered by cybersecurity researchers at Juniper Threat Labs, the malicious ...

  • When Threat Actors Fly Under the Radar: Vatet, PyXie and Defray777

    November 6, 2020

    As security practitioners, Palo Alto Unit 42 researchers spend a lot of time focusing on the threat actors and malware families that leverage the most impactful exploits or affect the highest number of victims. But what happens when a threat actor goes “low and slow” to fly under the radar? One could argue that, in ...

  • RansomEXX Trojan attacks Linux systems

    November 6, 2020

    Kaspersky researchers have recently discovered a new file-encrypting Trojan built as an ELF executable and intended to encrypt data on machines controlled by Linux-based operating systems. After the initial analysis we noticed similarities in the code of the Trojan, the text of the ransom notes and the general approach to extortion, which suggested that we had ...

  • US: We’ve just seized $1bn in bitcoin stolen from Silk Road by ‘Individual X’ hacker

    November 6, 2020

    The US Justice Department says it’s seized $1bn in bitcoin allegedly stolen by a hacker from Silk Road creator Ross Ulbricht before his arrest for running the dark-web market. Announcing the bitcoin seizure from the unnamed hacker, the Department of Justice revealed it is now seeking forfeiture of the illicit funds, which represent its largest haul ...

  • Italian beverage vendor Campari knocked offline after ransomware attack

    November 5, 2020

    Campari Group, the famed Italian beverage vendor behind brands like Campari, Cinzano, and Appleton, has been hit by a ransomware attack and has taken down a large part of its IT network. The attack took place last Sunday, on November 1, and has been linked to the RagnarLocker ransomware gang, according to a copy of the ...

  • Brazil’s court system under massive RansomExx ransomware attack

    November 5, 2020

    Brazil’s Superior Court of Justice was hit by a ransomware attack on Tuesday during judgment sessions that were taking place over video conference. “The Superior Court of Justice (STJ) announces that the court’s information technology network suffered a hacker attack on Tuesday (3), during the afternoon, when the six group classes’ judgment sessions took place,” STJ ...

  • US, Brazilian law enforcement seize $24 million in cryptocurrency generated through online fraud

    November 5, 2020

    US and Brazilian authorities have seized $24 million in cryptocurrency connected to an online scheme that allegedly defrauded “tens of thousands” of investors. Upon request from the government of Brazil, US law enforcement participated in “Operation Egypto,” a Brazilian federal investigation into the suspected scam, the US Department of Justice (DoJ) said on Wednesday. Read more… Source: ZDNet  

  • QBot phishing lures victims using US election interference emails

    November 4, 2020

    The Qbot botnet is now spewing U.S. election-themed phishing emails used to infect victims with malicious payloads designed to harvest user data and emails for use in future campaigns. Qbot (aka Qakbot, Pinkslipbot, and Quakbot) is a banking trojan with worm features actively used since at least 2009 to steal financial data and ...

  • As Maze retires, clients turn to Sekhmet ransomware spin-off Egregor

    November 4, 2020

    As the developers of the Maze ransomware announce their exit from the malware scene, clients are now thought to be turning to Egregor as a substitute. The Maze group has been a devastating force for companies that have fallen victim to the cybercriminals over the past year. What has separated Maze in the past from many other ...

  • Ransomware-as-a-Service Becomes Increasingly Accessible via Social Media and Open Sources

    November 4, 2020

    Hackers need not search the dark web for access to their very own ransomware platforms these days. Cybercriminals are continually finding new ways to promote their underground businesses and gain the attention of new customers and novice hackers. Several threat actors have recently taken to popular social media and open sources like YouTube, Vimeo, and Sellix ...

  • GrowDiaries Exposes Emails, Passwords of 1.4M Cannabis Growers

    November 4, 2020

    A database linked to GrowDiaries, an online community of cannabis growers, has exposed more than a million users’ email addresses, passwords, IP address records and posts. GrowDiaries is a robust online community of cannabis growing enthusiasts from around the world, where they can share tips, tricks and pictures of their progress. On Oct. 10, researcher Volodymyr ...