Recently, Check Point Research observed threat actors using GitHub to achieve initial infections by utilizing new methods.
Previously, GitHub was used to distribute malicious software directly, with a malicious script downloading either raw encrypted scripting code or malicious executables. Their tactics have now changed and evolved. Threat actors now operate a network of “Ghost” accounts that distribute malware via malicious links on their repositories and encrypted archives as releases. This network not only distributes malware but also provides various other activities that make these “Ghost” accounts appear as normal users.
Read more…
Source: Check Point
Related:
- K-12 schools improve protection against online attacks, but many are vulnerable to ransomware gangs
November 19, 2023
Some K-12 public schools are racing to improve protection against the threat of online attacks, but lax cybersecurity means thousands of others are vulnerable to ransomware gangs that can steal confidential data and disrupt operations. Since a White House conference in August on ransomware threats, dozens of school districts have signed up for free cybersecurity services, ...
- Canada: Current and former public service, RCMP, military members affected by data breach
November 18, 2023
The federal government is warning current and former public service employees and members of the RCMP and Canadian Armed Forces their personal and financial information may have been accessed in a data breach that occurred on Oct. 19. The breach affects federal government data held by Brookfield Global Relocation Services (BGRS) and SIRVA Worldwide Relocation & ...
- ‘I employ a lot of hackers’: how a stock exchange chief deters cyber-attacks
November 18, 2023
Six Group counts its profit in millions, but the financial pipework it controls moves billions. Its operations, which include the Spanish and Swiss stock exchanges, count as critical national infrastructure and this gives it a close relationship with governments and regulators in Madrid and Zurich. Those relationships are critical in an age where digital warfare makes ...
- Toyota finance business confirms ransomware attack, data breach
November 18, 2023
Toyota Financial Services (TFS), a subsidiary of the popular automaker, has confirmed suffering a ransomware attack. In a statement company stated that Toyota Financial Services Europe & Africa “recently identified unauthorized activity on systems in a limited number of its locations.” The company only mentioned unauthorized activity on its endpoints and didn’t discuss if any data ...
- Samsung UK discloses year-long breach, leaked customer data
November 17, 2023
The UK division of Samsung Electronics has allegedly alerted customers of a year-long data breach – the third such incident the South Korean giant has experienced around the world in the past two years. An email to customers, shared on social media by web security consultant and Have I Been Pwned creator Troy Hunt, detailed that ...
- Scattered Spider
November 16, 2023
The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint Cybersecurity Advisory (CSA) in response to recent activity by Scattered Spider threat actors against the commercial facilities sectors and subsectors. This advisory provides tactics, techniques, and procedures (TTPs) obtained through FBI investigations as recently as November 2023. Scattered Spider ...