Krebs on Security

DECEMBER 29, 2022

Thanks to your readership and support, I was able to spend more time in 2022 on some deep, meaty investigative stories — the really satisfying kind with the potential to affect positive change. Some of that work is highlighted in the 2022 Year in Review review below.

Cryptocurrency 239

Cryptocurrency Cybercrime Computers and Electronics Scams 239

Security Affairs

AUGUST 15, 2022

The SOVA Android banking trojan was improved, it has a new ransomware feature that encrypts files on Android devices, Cleafy researchers report. targets over 200 banking and cryptocurrency exchange apps. In March 2022, SOVA authors released version 3.0 The malware has been active since 2021 and evolves over time.

Encryption 97

Encryption Malware Banking Ransomware 97

Webroot

OCTOBER 14, 2022

In other words, 2022 has been an eventful year in the threat landscape, with malware continuing to take center stage. The 6 Nastiest Malware of 2022. 2022 was no different. 2022 was no different. With that, here are the 6 Nastiest Malware of 2022. Here are this year’s wicked winners.

Malware 61

Malware Antivirus DDOS Cyber Insurance 61

SecureList

NOVEMBER 23, 2021

Finally, we will make some forecasts about financial attacks in 2022. We should expect more fraud, targeting mostly BTC , because this cryptocurrency is the most popular. This ransomware is controlled by command line parameters and can either retrieve an encryption key from the C2 or an argument at launch time.

Cryptocurrency 112

Cryptocurrency Banking Cybercrime Ransomware 112

Security Affairs

MAY 30, 2024

“According to an indictment unsealed on May 24, from 2014 through July 2022, Wang and others are alleged to have created and disseminated malware to compromise and amass a network of millions of residential Windows computers worldwide.” The compromised devices were recruited in the 911 S5 residential proxy service. export laws.

VPN 83

VPN Cryptocurrency Malware Software 83

SecureList

NOVEMBER 18, 2022

IT threat evolution in Q3 2022. IT threat evolution in Q3 2022. IT threat evolution in Q3 2022. Nevertheless, in our APT predictions for 2022 , we noted that more attackers would reach the sophistication level required to develop such tools. Non-mobile statistics. Mobile statistics. Targeted attacks. Other malware.

Malware 105

Malware Computers and Electronics Adware Cryptocurrency 105

SecureList

MAY 27, 2022

IT threat evolution in Q1 2022. IT threat evolution in Q1 2022. IT threat evolution in Q1 2022. According to Kaspersky Security Network, in Q1 2022: Kaspersky solutions blocked 1,216,350,437 attacks from online resources across the globe. Number of unique users attacked by financial malware, Q1 2022 ( download ).

Mobile 104

Mobile Adware Ransomware Malware 104

SecureList

JULY 28, 2022

This is our latest installment, focusing on activities that we observed during Q2 2022. We identified a Windows variant of this sample using the same string encryption algorithm, internal modules, and functionalities. The actor used cryptocurrency-related contents or complaints from law enforcement as lure themes.

Malware 136

Malware Firmware Phishing Cryptocurrency 136

CyberSecurity Insiders

JUNE 23, 2023

A student of Whitworth University has brought a class action against the university for not keeping student and staff data safe from a ransomware attack that occurred in 2022. The legal case was slapped against the institute for causing unnecessary anxiety over the loss of privacy and about potential abuse of the data.

Ransomware 92

Ransomware Consumer Protection Encryption Healthcare 92

SecureList

NOVEMBER 18, 2022

IT threat evolution in Q3 2022. IT threat evolution in Q3 2022. IT threat evolution in Q3 2022. According to Kaspersky Security Network, in Q3 2022: Kaspersky solutions blocked 956,074,958 attacks from online resources across the globe. Number of unique users attacked by financial malware, Q3 2022 ( download ).

Mobile 90

Mobile Malware Ransomware IoT 90

Security Affairs

JULY 23, 2022

“The Justice Department today announced a complaint filed in the District of Kansas to forfeit cryptocurrency paid as ransom to North Korean hackers or otherwise used to launder such ransom payments. In May 2022, the FBI filed a sealed seizure warrant for the funds worth approximately half a million dollars.”

Ransomware 122

Ransomware Healthcare Cryptocurrency Encryption 122

Security Boulevard

MAY 27, 2022

The Exfiltration Phase of The Kill Chain of a Cryptocurrency-Based Attack Provides the Greatest Opportunity to Identify Cybercriminals. Cryptocurrency gained through illicit means is less useable than other assets due to the way cryptocurrency systems currently do not fully protect owner identity and allow for only limited liquidity.

Cryptocurrency 59

Cryptocurrency Risk Marketing Architecture 59

Malwarebytes

JANUARY 18, 2023

Several experts have warned LastPass users who store cryptocurrency-related login information in their vaults to change that login information as soon as they can. Apparently, cybercriminals who have access to the stolen information are making it a priority to decrypt the data in an attempt to access to cryptowallets and online accounts.

Passwords 88

Passwords Data breaches Accountability Cryptocurrency 88

CyberSecurity Insiders

NOVEMBER 20, 2022

Thousands of financial transactions related to demat accounts were halted on Friday November 18th,2022 as the servers at the Central Depository Services (India) Limited went through a cyber attack of the malware genre. But CDSL had a recovery plan on hand and so immediately triggered it into action, to curtail risks.

Malware 102

Malware Banking Cryptocurrency Cyber Attacks 102

Malwarebytes

JULY 20, 2022

The Justice Department today announced a complaint filed in the District of Kansas to forfeit cryptocurrency paid as ransom to North Korean hackers or otherwise used to launder such ransom payments. The seized funds amounting to half a million US dollars, include ransoms paid by health care providers in Kansas and Colorado. Maui ransomware.

Ransomware 92

Ransomware Cryptocurrency Healthcare Firmware 92

Krebs on Security

APRIL 20, 2023

3CX hired incident response firm Mandiant , which released a report on Wednesday that said the compromise began in 2022 when a 3CX employee installed a malware-laced software package distributed via an earlier software supply chain compromise that began with a tampered installer for X_TRADER , a software package provided by Trading Technologies.

Malware 290

Malware Software Technology Accountability 290

SecureList

JANUARY 17, 2024

In 2023, for instance, there was a significant rise in posts offering login credentials and passwords for various personal and work accounts. To be more specific, in 2023, the volume of malware log files containing compromised user data and posted for free on the dark web surged by almost 30% compared to 2022.

Marketing 111

Marketing Cryptocurrency Malware Ransomware 111

Security Affairs

DECEMBER 15, 2023

GokuMarket, a cryptocurrency exchange, was recently acquired by Canada-based crypto exchange ByteX. The move came after GokuMarket, which had around a million users at the time, almost went bankrupt after denying users a withdrawal option in mid-2022, a disastrous year for crypto.

Passwords 86

Passwords Cryptocurrency Scams Mobile 86

SecureList

AUGUST 15, 2022

IT threat evolution in Q2 2022. IT threat evolution in Q2 2022. IT threat evolution in Q2 2022. According to Kaspersky Security Network, in Q2 2022: Kaspersky solutions blocked 1,164,544,060 attacks from online resources across the globe. Number of unique users attacked by financial malware, Q2 2022 ( download ).

Mobile 63

Mobile Adware Malware Ransomware 63

Malwarebytes

OCTOBER 27, 2023

In a security blog about Octo Tempest Microsoft states: “Octo Tempest monetized their intrusions in 2022 by selling SIM swaps to other criminals and performing account takeovers of high-net-worth individuals to steal their cryptocurrency.” Stop malicious encryption.

Social Engineering 97

Social Engineering Engineering Ransomware Backups 97

Krebs on Security

FEBRUARY 20, 2024

Kondratyev is also charged (PDF) with three criminal counts arising from his alleged use of the Sodinokibi (aka “ REvil “) ransomware variant to encrypt data, exfiltrate victim information, and extort a ransom payment from a corporate victim based in Alameda County, California. Matveev remains at large, presumably still in Russia.

Ransomware 283

Ransomware Cybercrime Encryption Insurance 283

SecureWorld News

FEBRUARY 16, 2023

Cybersecurity and Infrastructure Security Agency (CISA) provides an overview of the DPRK's state-sponsored ransomware and "updates the July 6, 2022, joint CSA North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector. Demand ransom in cryptocurrency. Obfuscate identity.

Healthcare 91

Healthcare Ransomware Cryptocurrency Cybercrime 91

Security Affairs

SEPTEMBER 25, 2022

builder Over 39K unauthenticated Redis services on the internet targeted in cryptocurrency campaign Hackers stole $160 Million from Crypto market maker Wintermute U.S. builder Over 39K unauthenticated Redis services on the internet targeted in cryptocurrency campaign Hackers stole $160 Million from Crypto market maker Wintermute U.S.

Cryptocurrency 79

Cryptocurrency Data breaches DNS DDOS 79

CyberSecurity Insiders

APRIL 19, 2023

AhnLab, a South Korean cybersecurity firm, has issued an alert about a ransomware attack on Microsoft SQL Servers that are being bombarded with Trigona Ransomware payloads meant to encrypt files after stealing data. This includes details such as names, bank account numbers, transaction details of the property, and ID card details.

Ransomware 96

Ransomware Cryptocurrency Banking Cyber Attacks 96

Security Affairs

AUGUST 6, 2023

Reptile Rootkit employed in attacks against Linux systems in South Korea New PaperCut flaw in print management software exposes servers to RCE attacks A cyberattack impacted operations of multiple hospitals in several US states Married couple pleaded guilty to laundering billions in cryptocurrency stolen from Bitfinex in 2016 Malicious packages in (..)

Malware 72

Malware Cybercrime Cryptocurrency Social Engineering 72

Security Affairs

MARCH 23, 2023

However, Cleafy’s Threat Intelligence & Response Team reported having detected the first Nexus infections in June 2022, months before the MaaS was publicly advertised. The Nexus Trojan can target multiple banking and cryptocurrency in an attempt to take over customers’ accounts.

Banking 74

Banking Cryptocurrency Malware Advertising 74

SecureList

NOVEMBER 22, 2022

A look back on the year 2022 and what to expect in 2023. This report assesses how accurately we predicted the developments in the financial threats landscape in 2022 and ponder at what to expect in 2023. Analysis of forecasts for 2022. Also of note in 2022 are campaigns impersonating well-known software brands like Notepad++.

Cryptocurrency 92

Cryptocurrency Mobile Ransomware Banking 92

Malwarebytes

NOVEMBER 6, 2023

The intruder used this to access some of the employee’s accounts, including LinkedIn, as well as their work account. In 2022, Octo Tempest began selling SIM swaps to other criminals and performing account takeovers of high-net-worth individuals in order to steal their cryptocurrency. Stop malicious encryption.

Ransomware 103

Ransomware Backups Accountability Social Engineering 103

Security Affairs

JUNE 27, 2022

Threat actors have stolen $100 million in cryptocurrency from the Blockchain company Harmony on Thursday evening. Last week threat actors have stolen $100 million in cryptocurrency from the Blockchain company Harmony. peckshield) June 24, 2022. — Harmony (@harmonyprotocol) June 26, 2022. 99,334,302.58 99,334,302.58

Cryptocurrency 68

Cryptocurrency Encryption Hacking Accountability 68

Security Affairs

FEBRUARY 10, 2023

. “This advisory highlights TTPs and IOCs DPRK cyber actors used to gain access to and conduct ransomware attacks against Healthcare and Public Health (HPH) Sector organizations and other critical infrastructure sector entities, as well as DPRK cyber actors’ use of cryptocurrency to demand ransoms.” Obfuscate Identity.

Ransomware 76

Ransomware Healthcare Cryptocurrency Government 76

Security Affairs

MAY 6, 2023

Twitter confirmed that a security incident publicly exposed Circle tweets FBI seized other domains used by the shadow eBook library Z-Library WordPress Advanced Custom Fields plugin XSS exposes +2M sites to attacks Fortinet fixed two severe issues in FortiADC and FortiOS Pro-Russia group NoName took down multiple France sites, including the French (..)

Data breaches 90

Data breaches Malware Mobile Spyware 90

Security Affairs

MAY 21, 2023

This week, ReversingLabs researchers warned of the presence of two malicious packages, respectively named nodejs-encrypt-agent and nodejs-cookie-proxy-agent, in the npm package repository containing an open-source info-stealer called TurkoRat.

Social Engineering 84

Social Engineering Malware Cryptocurrency Engineering 84

eSecurity Planet

JUNE 16, 2022

Cyber criminals may damage, destroy, steal, encrypt, expose, or leak data as well as cause harm to a system. Also read: Best Antivirus Software of 2022. The 2022 SonicWall Cyber Threat Report found that all types of cyberattacks increased in 2021. Encrypted threats spiked 167%, ransomware increased 105%, and 5.4

Backups 145

Backups Ransomware Firewall Malware 145

CyberSecurity Insiders

JANUARY 19, 2023

Second is the news related to the government of Iran, whose servers have been targeted by a threat actor dubbed Backdoor Diplomacy between July and December 2022. Cybersecurity Insiders have resources data from its sources that the attack led to info leak related to companies in cryptocurrency and finance business fields.

Cyber Attacks 106

Cyber Attacks Social Engineering Financial Services Encryption 106

SecureWorld News

JULY 3, 2023

Human error accounts for 95% of all data breaches. Ransomware attacks grew by 41% in 2022, and identification and remediation for a breach took 49 days longer than the average breach. Ransomware is malware that encrypts the victim's data and demands a ransom for its decryption. million by 2022.

Cybercrime 83

Cybercrime Social Engineering Data breaches Education 83

Security Boulevard

AUGUST 3, 2022

Wed, 08/03/2022 - 10:48. 230 apps were leaking all four 0Auth authentication credentials and could be used to fully take over Twitter accounts to perform critical/sensitive actions. Some of those sensitive actions include reading Direct Messages, retweeting, deleting messages, liking messages, and getting account settings.

Mobile 98

Mobile Authentication Accountability Identity Theft 98

SecureList

MARCH 28, 2023

We have come across a series of clipboard injection attacks on cryptocurrency users, which emerged starting from September 2022. As long as such attacks continue to thrive in the modern ecosystem of the cryptocurrency world, it’s worth explaining how they work and where the danger lies. So does encrypting ransomware.

Cryptocurrency 107

Cryptocurrency Malware Banking Passwords 107