Recently, Check Point Research observed threat actors using GitHub to achieve initial infections by utilizing new methods.
Previously, GitHub was used to distribute malicious software directly, with a malicious script downloading either raw encrypted scripting code or malicious executables. Their tactics have now changed and evolved. Threat actors now operate a network of “Ghost” accounts that distribute malware via malicious links on their repositories and encrypted archives as releases. This network not only distributes malware but also provides various other activities that make these “Ghost” accounts appear as normal users.
Read more…
Source: Check Point
Related:
- Casio Faces Cyberattack: Service Disruptions and Delayed G-Shock Releases
October 9, 2024
Casio, a well-known Japanese electronics company, experienced a significant cyberattack on October 5th. The company reported that an unidentified third party illegally accessed its network, causing system failures and service disruptions. In a statement on October 8th, Casio expressed regret for the inconvenience this has caused to its customers and stakeholders. The company is actively investigating ...
- British Columbia: Clients of Indigenous health authority react to ransomware attack
October 9, 2024
The First Nations Health Authority (FNHA) in British Columbia says it has concluded its investigation into a ransomware attack in May, but some clients remain concerned about the theft of their medical and personal information. The FNHA said it “uncovered evidence that health insurance plan billing data, procurement contracts, business contracts, FNHA budgets, cheques, information on ...
- Awareness of Cyber Risks to Healthcare Organizations is not Always Translating to Adequate Protections
October 8, 2024
Despite growing awareness and widespread acknowledgment of the impact of cyber threats facing the healthcare industry, many within it are still struggling to keep them at bay. The third annual Ponemon Institute Report, commissioned by Proofpoint, found that 92% of US healthcare organizations surveyed experienced at least one cyber attack in the past 12 month, with ...
- File hosting services misused for identity phishing
October 8, 2024
Microsoft has observed campaigns misusing legitimate file hosting services increasingly use defense evasion tactics involving files with restricted access and view-only restrictions. While these campaigns are generic and opportunistic in nature, they involve sophisticated techniques to perform social engineering, evade detection, and expand threat actor reach to other accounts and tenants. These campaigns are intended to ...
- Largest water utility company in the US says it was targeted by a cyberattack
October 8, 2024
American Water Works, the nation’s largest regulated water and wastewater utility company, announced Monday that it was hit by a cyberattack earlier this month, prompting it to pause billing for its millions of customers. The Camden, New Jersey-based utility company said it became aware of “unauthorized activity” in their computer networks and systems last Thursday, which ...
- London Fire Brigade block almost 340,000 cyber attacks
October 8, 2024
The London Fire Brigade, the fire and rescue service for the UK’s capital, has been targeted by nearly 340,000 cyber-attacks over the past year. The data was collected under the Freedom of Information Act (FOI), and analysed by the Parliament Street think tank, observing the number of blocked email attacks by the department. In total, the ...