From infostealer development to data exfiltration, cloud service providers are increasingly being abused by threat actors for malicious schemes. While in this case the ransomware samples we examined contained hard coded AWS credentials, this is specific to this single threat actor and in general, ransomware developers leverage other online services as part of their tactics.
In line with this, Trend Micro examined ransomware samples written in Go language (aka Golang), targeting Windows and MacOS environments. Most of the samples contained hard-coded AWS credentials, and the stolen data were uploaded to an Amazon S3 bucket controlled by the threat actor.
Read more…
Source: Trend Micro
Related:
- Use Windows, macOS? Don’t be hacked by PDF, patch these critical Adobe flaws now
October 2, 2018
Adobe’s scheduled October update for its Acrobat and Reader PDF software addresses 85 vulnerabilities, including dozens of critical flaws that allow arbitrary code execution. The patches also address multiple privilege-escalation and information-disclosure flaws, shoring up Adobe’s PDF software further following a patch for a critical Acrobat and Reader flaw plugged two weeks ago. The bugs affect Acrobat DC ...
- Keyloggers Turn to Zoho Office Suite in Droves for Data Exfiltration
October 2, 2018
An extremely high number of keylogger phishing campaigns have been seen tied to the Zoho online office suite software; in an analysis, a full 40 percent spotted in the last month used a zoho.com or zoho.eu email address to exfiltrate data from victim machines. A Cofense analysis, published Tuesday, of popular keylogging malware – which records ...
- World Cup may have distracted malware hackers
October 2, 2018
This holiday season, together with the 2018 World Cup that took place in Russia, may have lulled hackers, cyber security researchers are claiming. New research from Cofense says that the distribution of TrickBot saw a significant drop during the World Cup. TrickBot is a banking malware known by constantly being updated and transformed. From April, up until ...
- Microsoft Detection Tools Sniff Out Fileless Malware
October 2, 2018
Microsoft recently reported that their advanced threat protection tools were able to detect and block two heavily obfuscated and malicious scripts. The threats were apparently using the Sharpshooter technique, which was documented and published in a 2017 blog post from a British security firm. A report from the company details the elusive payload—it did not trigger antivirus scanning, was loaded ...
- GhostDNS: New DNS Changer Botnet Hijacked Over 100,000 Routers
October 1, 2018
Chinese cybersecurity researchers have uncovered a widespread, ongoing malware campaign that has already hijacked over 100,000 home routers and modified their DNS settings to hack users with malicious web pages—especially if they visit banking sites—and steal their login credentials. Dubbed GhostDNS, the campaign has many similarities with the infamous DNSChanger malware that works by changing DNS server settings ...
- Report Ties North Korean Attacks to New Malware, Linked by Word Macros
October 1, 2018
Newly discovered malware from the world of cyberespionage connects the dots between the tools and operations of the little-known Reaper group believed to act on behalf of the North Korean government. The latest findings indicate that the remote access Trojans (RAT) in the KONNI and DOGCALL families are the work of the same operator, tasked with ...