Recently, Check Point Research observed threat actors using GitHub to achieve initial infections by utilizing new methods.
Previously, GitHub was used to distribute malicious software directly, with a malicious script downloading either raw encrypted scripting code or malicious executables. Their tactics have now changed and evolved. Threat actors now operate a network of “Ghost” accounts that distribute malware via malicious links on their repositories and encrypted archives as releases. This network not only distributes malware but also provides various other activities that make these “Ghost” accounts appear as normal users.
Read more…
Source: Check Point
Related:
- MCMC probing cyber attacks on online trading platforms
July 7, 2017
The Malaysian Communications and Multimedia Commission (MCMC) is looking into reports of suspected cyber attacks disrupting online trading at several local brokerages. The regulator said it was assisting the stock exchange in investigating the disruption, a report by Nikkei Markets said on Friday. This comes after several brokerages alerted clients that their online broking services had been ...
- Ukrainian Police Seize Servers of Software Firm Linked to NotPetya Cyberattack
July 5, 2017
Ukrainian National Police has released a video showing officers raiding company of M.E.Doc accounting software makers, whose systems have been linked to outbreak of Petya (NotPetya) ransomware that recently infected computers of several major companies worldwide. On 4th July, masked police officers from Ukrainian anti-cybercrime unit — carrying shotguns and assault rifles — raided the software ...
- Researchers Find BlackEnergy APT Links in ExPetr Code
July 3, 2017
Researchers have found links between the BlackEnergy APT group and threat actors behind the ExPetr malware used in last month’s global attacks. According to researchers at Kaspersky Lab, there are strong similarities between older versions of BlackEnergy’s KillDisk ransomware compared to ExPetr code. Parallels were first identified in targeted extensions used by both BlackEnergy and ExPetr, ...
- Oil & Gas Industry Faces More Frequent & Sophisticated Cyber Attacks: Deloitte
June 27, 2017
Three out of four oil and natural gas companies fell victim to at least one cyber attack last year as hacking efforts against the industry become more frequent and sophisticated. That’s the finding from a report released Monday by industry consultant Deloitte LLP. Technology advances, such as Royal Dutch Shell Plc’s recent control of operations in Argentina ...
- MPs lose email access as Parliament targeted in ‘sustained’ cyberattack
June 25, 2017
A cyberattack on MPs and Peers’ emails has prompted Parliament’s security team to shut down external access to its systems. An email sent to parliamentarians on Friday and shown to Sky News said: “Earlier this morning we discovered unusual activity and evidence of an attempted cyberattack on our computer network.” It claimed that “hackers were carrying out ...
- NSA Advocates Data Sharing Framework
June 23, 2017
The economics of cybersecurity are skewed in favor of attackers, who invest once and can launch thousands of attacks with a piece of malware or exploit kit. That’s why Neal Ziring, technical director for the NSA’s Capabilities Directorate, wants to flip the financial equation on bad guys. “We need to conduct defenses in a way that ...