From infostealer development to data exfiltration, cloud service providers are increasingly being abused by threat actors for malicious schemes. While in this case the ransomware samples we examined contained hard coded AWS credentials, this is specific to this single threat actor and in general, ransomware developers leverage other online services as part of their tactics.
In line with this, Trend Micro examined ransomware samples written in Go language (aka Golang), targeting Windows and MacOS environments. Most of the samples contained hard-coded AWS credentials, and the stolen data were uploaded to an Amazon S3 bucket controlled by the threat actor.
Read more…
Source: Trend Micro
Related:
- September Patch Tuesday Updates Exchange, SharePoint
September 9, 2020
This month’s update includes 129 updates for the Microsoft Office suite, with 15 specifically addressing SharePoint vulnerabilities. Of the total number, 23 have been rated Critical and 105 as Important. No zero days have been observed, but four vulnerabilities are under close scrutiny for their potential abuse. Specifically, CVE-2020-16875 can be exploited for remote code execution ...
- City of Hartford postpones first day of school after ransomware attack
September 8, 2020
Officials from the city of Hartford, Connecticut, were forced to postpone the first day of the new school calendar year after a ransomware infection impacted the city’s IT network. According to a statement published by Hartford Public Schools, the school district serving the city of Hartford, the ransomware attack impacted several of the school’s internal IT ...
- Netwalker ransomware hits Pakistan’s largest private power utility
September 8, 2020
K-Electric, the sole electricity provider for Karachi, Pakistan, has suffered a Netwalker ransomware attack that led to the disruption of billing and online services. K-Electric is Pakistan’s largest power supplier, serving 2.5 million customers and employing over 10 thousand people. Starting yesterday, K-Electric customers have been unable to access the online services for their account. To resolve this ...
- Newcastle University students’ data held to ransom by cyber criminals
September 8, 2020
Newcastle University is being held to ransom by cyber criminals in an attack which has been disrupting IT systems since the beginning of the month. The cyber crime group behind the attack – known as DoppelPaymer – previously leaked documents online relating to Elon Musk’s companies SpaceX and Tesla. The criminals have posted stolen files from the ...
- Exposed Docker Server Abused to Drop Cryptominer, DDoS Bot
September 8, 2020
Malicious actors continue to target environments running Docker containers. We recently encountered an attack that drops both a malicious cryptocurrency miner and a distributed denial-of-service (DDoS) bot on a Docker container built using Alpine Linux as its base image. A similar attack was also reported by Trend Micro in May; in that previous attack, threat ...
- Chilean bank shuts down all branches following ransomware attack
September 7, 2020
BancoEstado, one of Chile’s three biggest banks, was forced to shut down all branches on Monday following a ransomware attack that took place over the weekend. “Our branches will not be operational and will remain closed today,” the bank said in a statement published on its Twitter account on Monday. Details about the attack have not been ...