Recently, Check Point Research observed threat actors using GitHub to achieve initial infections by utilizing new methods.
Previously, GitHub was used to distribute malicious software directly, with a malicious script downloading either raw encrypted scripting code or malicious executables. Their tactics have now changed and evolved. Threat actors now operate a network of “Ghost” accounts that distribute malware via malicious links on their repositories and encrypted archives as releases. This network not only distributes malware but also provides various other activities that make these “Ghost” accounts appear as normal users.
Read more…
Source: Check Point
Related:
- UK: Criminal investigation into council cyber attack
March 20, 2024
Ccriminal investigation has started into a cyber attack that has disrupted Leicester City Council’s systems for more than a week. The council said it could not comment on the nature of the incident while the investigation was ongoing. It told the Local Democracy Reporting Service it still could not say if there had been a data ...
- A new data wiper is targeting Linux x86 network devices
March 20, 2024
Hackers were observed targeting Linux x86 networking devices and Internet of Things (IoT) appliances with a new data wiper, called AcidPour. Data wipers are arguably among the most destructive forms of malware. Their goal is to simply destroy, or wipe, all of the data found on the compromised endpoint. They are used to disrupt companies and government ...
- From Ransomware to Pig Butchering, Visa Report Shows Top Scams Impacting Consumers and Businesses Globally
March 20, 2024
Today, Visa released the Spring 2024 Edition of its Biannual Threats Report, which outlines the top payment threats impacting consumers and businesses around the world. The report points to increasingly organized, sophisticated threat actors targeting the most vulnerable point in the payments’ ecosystem: humans. Read more… Source: Yahoo News
- Fluffy Wolf sends out reconciliation reports to sneak into corporate infrastructures
March 19, 2024
The group has adopted a simple yet effective approach to gain initial access: phishing emails with an executable attachment. This way, Fluffy Wolf establishes remote access, steals credentials, or exploits the compromised infrastructure for mining The BI.ZONE Threat Intelligence team has detected a previously unknown cluster, dubbed Fluffy Wolf, whose activity can be traced back to ...
- Social media influencers targeted by identity thieves
March 19, 2024
Social media influencers are attractive targets for identity thieves. With large followings and a literal influence on their followers, it’s no wonder they are targeted by scammers and spreaders of fake news. A subset of influencers are the so-called “finfluencers”: influencers that provide their followers with financial advice. Such a person influences the financial investment decisions of ...
- Threat landscape for industrial automation systems. H2 2023
March 19, 2024
In the second half of 2023, the percentage of ICS computers on which malicious objects were blocked decreased by 2.1 pp to 31.9%. In H2 2023, building automation once again had the highest percentage of ICS computers on which malicious objects were blocked of all industries that we looked at. Oil and Gas was the only ...