From infostealer development to data exfiltration, cloud service providers are increasingly being abused by threat actors for malicious schemes. While in this case the ransomware samples we examined contained hard coded AWS credentials, this is specific to this single threat actor and in general, ransomware developers leverage other online services as part of their tactics.
In line with this, Trend Micro examined ransomware samples written in Go language (aka Golang), targeting Windows and MacOS environments. Most of the samples contained hard-coded AWS credentials, and the stolen data were uploaded to an Amazon S3 bucket controlled by the threat actor.
Read more…
Source: Trend Micro
Related:
- UK says it warned 16 NATO allies of Russian hacking activities
May 23, 2019
The UK has shared information on Russian hacking attacks with 16 NATO allies over the last 18 months, a British government official said today. “I can disclose that in the last 18 months, the National Cyber Security Centre has shared information and assessments with 16 NATO Allies – and even more nations outside the Alliance – ...
- Trickbot Watch: Arrival via Redirection URL in Spam
May 20, 2019
Trend Micro discovered a variant of the Trickbot banking trojan (detected by Trend Micro as TrojanSpy.Win32.TRICKBOT.THDEAI) using a redirection URL in a spam email. In this particular case, the variant used Google to redirect from the URL hxxps://googledm:443/url?q=<trickbot downloader>, whereby the URL in the query string, url?q=<url>, is the malicious URL that the user is redirected to. ...
- Security researchers discover Linux version of Winnti malware
May 20, 2019
For the first time, security researchers have uncovered and analyzed a Linux variant of Winnti, one of the favorite hacking tools used by Beijing hackers over the past decade. Discovered by security researchers from Chronicle, Alphabet’s cyber-security division, the Linux version of the Winnti malware works as a backdoor on infected hosts, granting attackers access to ...
- Mobile Risks Boom in a Post-Perimeter World
May 16, 2019
Cybercriminals are now taking a mobile-first approach to hacking the enterprise. Case in point, last month a half-billion Apple iOS users were stung by an attack exploiting an unpatched bug in Chrome for iOS. Crooks managed to hijack user session and redirect traffic to malicious websites booby-trapped with malware. Attacks like these demonstrate just how widespread and effective ...
- Spam and phishing in Q1 2019
May 15, 2019
As per tradition, phishing timed to coincide with lovey-dovey day was aimed at swindling valuable confidential information out of starry-eyed users, such as bank card details. The topics exploited by cybercriminals ranged from online flower shops to dating sites. But most often, users were invited to order gifts for loved ones and buy medications such as ...
- Intel CPUs Impacted By New Class of Spectre-Like Attacks
May 14, 2019
A new class of side channel vulnerabilities impacting all modern Intel chips have been disclosed, which can use speculative execution to potentially leak sensitive data from a system’s CPU. Intel said that the newest class of vulnerabilities, dubbed Microarchitectural Data Sampling (MDS), consist of four different attacks, which all ultimately depend on different ways of executing ...