Menu

Blog

Archive for the ‘cybercrime/malcode’ category: Page 101

Jan 15, 2022

Hackers Use Cloud Services to Distribute Nanocore, Netwire, and AsyncRAT Malware

Posted by in category: cybercrime/malcode

Threat actors are actively incorporating public cloud services from Amazon and Microsoft into their malicious campaigns to deliver commodity remote access trojans (RATs) such as Nanocore, Netwire, and AsyncRAT to siphon sensitive information from compromised systems.

The spear-phishing attacks, which commenced in October 2021, have primarily targeted entities located in the U.S., Canada, Italy, and Singapore, researchers from Cisco Talos said in a report shared with The Hacker News.

Using existing legitimate infrastructure to facilitate intrusions is increasingly becoming part of an attacker’s playbook as it obviates the need to host their own servers, not to mention be used as a cloaking mechanism to evade detection by security solutions.

Jan 15, 2022

FIN7 Uses Flash Drives to Spread Remote Access Trojan

Posted by in categories: cybercrime/malcode, electronics

The use of trojanized USB devices for keystroke injection is not a new technique, even for FIN7. Typically the attack targets specific persons with access to the computer systems of the intended victim company. As FIN7 has recently ventured into ransomware, it makes sense for them to look for alternative avenues of infecting computers that are monitored by layers of protective systems, such as firewalls, email scanners, proxy servers, and endpoint security. The tactics and techniques involved in trojanized USB attacks enable FIN7 actors to avoid many of these network-level and endpoint protections by dispensing with malware transmission over the network, minimizing the use of files on disk and employing multiple layers of encoding of the malware’s scripts and executable code.

Pertinently, FIN7 recently created “Bastion Secure”, a fake information security company, and employed system administrators to unknowingly assist in system exploitation. It is possible that trojanized USBs are being constructed and used by these administrators for penetration testing. Alternatively, they might also be providing trojanized USBs to clients or prospective clients through some form of ruse (for example, telling the client it contains documentation on the fake company’s services). In either case, the clients or prospective clients could become victims of a trojanized USB attack, resulting in FIN7 gaining unauthorized remote access to systems within victims’ networks.

Gemini Advisory Mission Statement

Jan 14, 2022

Ukraine hit by ‘massive’ cyber-attack on government websites

Posted by in categories: cybercrime/malcode, government

Suspected Russian hackers left a message on the foreign ministry website, according to reports. It said: “Ukrainians! … All information about you has become public. Be afraid and expect worse. It’s your past, present and future.”

The message reproduced the Ukrainian flag and map crossed out. It mentioned the Ukrainian insurgent army, or UPA, which fought against the Soviet Union during the second world war. There was also a reference to “historical land”.

In a message to the Guardian, the foreign ministry’s spokesperson, Oleg Nikolenko, said: “As a result of a massive cyber-attack, the website of the ministry of foreign affairs and other government agencies are temporarily down.”

Jan 13, 2022

Third-Party Software for Teslas Can Be Hacked, German Teen Says

Posted by in categories: cybercrime/malcode, transportation

A 19-year-old said he’s found flaws in a piece of third-party software that appears to be used by a relatively small number of owners of Tesla Inc. cars that could allow hackers to remotely control some of the vehicles’ functions.

Jan 11, 2022

‘Fully Undetected’ SysJoker Backdoor Malware Targets Windows, Linux & macOS

Posted by in category: cybercrime/malcode

The malware establishes initial access on targeted machines, then waits for additional code to execute.

A brand-new multiplatform malware, likely distributed via malicious npm packages, is spreading under the radar with Linux and Mac versions going fully undetected in VirusTotal, researchers warned.

The Windows version, according to a Tuesday writeup from Intezer, has only six detections as of this writing. These were uploaded to VirusTotal with the suffix “.ts,” which is used for TypeScript files.

Jan 10, 2022

Raspberry Pi Detects Malware Using Electromagnetic Waves

Posted by in category: cybercrime/malcode

Researchers take antivirus support to the next level with the Raspberry Pi.


A team from the Research Institute of Computer Science and Random Systems uses a Raspberry Pi to detect malware with electromagnetic waves.

Jan 8, 2022

How combining human expertise and AI can stop cyberattacks

Posted by in categories: cybercrime/malcode, finance, health, robotics/AI

Chief information security officers’ (CISOs) greatest challenge going into 2022 is countering the speed and severity of cyberattacks. The latest real-time monitoring and detection technologies improve the odds of thwarting an attack but aren’t foolproof. CISOs tell VentureBeat that bad actors avoid detection with first-line monitoring systems by modifying attacks on the fly. That’s cause for concern, especially with CISOs in financial services and health care.

Enterprises are in react mode

Enterprises fail to get the most value from threat monitoring, detection, and response cybersecurity strategies because they’re too focused on data collection and security monitoring alone. CISOs tell VentureBeat they’re capturing more telemetry (i.e., remote) data than ever, yet are short-staffed when it comes to deciphering it, which means they’re often in react mode.

Jan 8, 2022

‘We don’t need to work anymore’: Local artists crack the code of NFTs

Posted by in categories: blockchains, cybercrime/malcode, employment, finance

Such is the promise and peril of NFTs.

NFTs, or non-fungible tokens, offer many potential benefits to creators. They apply the mechanisms of scarcity to digital assets by allowing artists to render them as one-of-a-kind collectibles, like a painting or a baseball card. This means artists — especially digital artists — who have struggled to make their streamable, screenshot-able or reprintable work hold value — can price their items at rates appropriate for something in short supply.

However, the digital trading mechanism is still in nascent stages, and rife with scams, hacks and copyright issues. Beeple was hit by an organized hack, for example. While artists can sometimes find financial solvency with NFTs, other times, they lose millions.

Jan 5, 2022

Hackers use video player to steal credit cards from over 100 sites

Posted by in category: cybercrime/malcode

Hackers used a cloud video hosting service to perform a supply chain attack on over one hundred real estate sites that injected malicious scripts to steal information inputted in website forms.

These scripts are known as skimmers or formjackers and are commonly injected into hacked websites to steal sensitive information entered into forms. Skimmers are commonly used on checkout pages for online stores to steal payment information.

In a new supply chain attack discovered by Palo Alto Networks Unit42, threat actors abused a cloud video hosting feature to inject skimmer code into a video player. When a website embeds that player, it embeds the malicious script, causing the site to become infected.

Jan 5, 2022

North Korea has hacked $1.7 billion worth of cryptocurrency from exchanges, considers it a long-term investment

Posted by in categories: cryptocurrencies, cybercrime/malcode, government

North Korea has hacked USD 1.7B of crypto and views the loot as a ‘long-term investment’. Experts say that Pyongyang is going long on its take of tokens, rather than quickly trading them for cash.

North Korea’s crypto exchange attacks

According to Newsis and Chosun, the US federal government prosecutor issued statements saying that North Korean hackers have been “conspiring with other money-laundering criminals” to “steal crypto-assets” from at least “three digital asset exchanges” before “laundering the proceeds.”

Page 101 of 220First9899100101102103104105Last