Krebs on Security

JULY 25, 2023

Now new findings reveal that AVrecon is the malware engine behind a 12-year-old service called SocksEscort , which rents hacked residential and small business devices to cybercriminals looking to hide their true location online. ” According to Kilmer, AVrecon is the malware that gives SocksEscort its proxies.

Malware 203

Malware VPN Internet Internet 203

Krebs on Security

JUNE 1, 2023

This post is a deep dive on “ Megatraffer ,” a veteran Russian hacker who has practically cornered the underground market for malware focused code-signing certificates since 2015. One of Megatraffer’s ads on an English-language cybercrime forum. WHO IS MEGATRAFFER?

Malware 242

Malware Cybercrime Software Antivirus 242

Krebs on Security

NOVEMBER 16, 2022

A financial cybercrime group calling itself the Disneyland Team has been making liberal use of visually confusing phishing domains that spoof popular bank brands using Punycode , an Internet standard that allows web browsers to render domain names with non-Latin alphabets like Cyrillic. com — which was created to phish U.S.

Malware 273

Malware Banking Phishing DDOS 273

The Hacker News

JANUARY 5, 2023

A cybercrime group dubbed Bluebottle has been linked to a set of targeted attacks against the financial sector in Francophone countries located in Africa from at least July 2022 to September 2022.

Cybercrime 78

Cybercrime Malware Software 78

CyberSecurity Insiders

JUNE 26, 2023

In recent months, a cybercrime group known as Blacktail has begun to make headlines as they continue to target organizations around the globe. An interesting detail about the organization is that they do not make their own strains of malware. Two of the most popular tools that have been used by the cybercrime group are LockBit 3.0

Cybercrime 100

Cybercrime Social Engineering Ransomware Phishing 100

The Hacker News

DECEMBER 26, 2022

The pay-per-install (PPI) malware downloader service known as PrivateLoader is being used to distribute a previously documented information-stealing malware dubbed RisePro. A C++-based malware,

Malware 88

Malware Cybercrime Marketing 88

SecureList

JUNE 28, 2023

Introduction Andariel, a part of the notorious Lazarus group, is known for its use of the DTrack malware and Maui ransomware in mid-2022. Their campaign introduced several new malware families, such as YamaBot and MagicRat, but also updated versions of NukeSped and, of course, DTrack.

Malware 133

Malware Cybercrime Phishing Ransomware 133

The Hacker News

NOVEMBER 23, 2022

As many as 34 Russian-speaking gangs distributing information-stealing malware under the stealer-as-a-service model stole no fewer than 50 million passwords in the first seven months of 2022. The underground market value of stolen logs and compromised card details is estimated around $5.8

Passwords 88

Passwords Malware Cybercrime Marketing 88

SecureWorld News

MARCH 29, 2024

Malvertising acts as a vessel for malware propagation. Scammers and malware operators are increasingly adept at mimicking popular brands in their ad snippets, which makes it problematic for the average user to tell the wheat from the chaff. A stepping stone to impactful cybercrime This tactic has tangible real-world implications.

Cybercrime 83

Cybercrime Advertising Engineering Antivirus 83

Security Affairs

DECEMBER 26, 2023

Researchers at NCC Group reported that in November they observed the return of the infamous banking malware Carbanak in ransomware attacks. The cybersecurity firm NCC Group reported that in November the banking malware Carbanak was observed in ransomware attacks. ” reads the report published by NCC Group.

Malware 118

Malware Ransomware Banking Healthcare 118

Security Affairs

JULY 8, 2022

The operators behind the TrickBot malware are systematically targeting Ukraine since the beginning of the war in February 2022. Since February, the Conti ransomware group has taken over TrickBot malware operation and also planned to replace it with BazarBackdoor malware. ” concludes IBM. Pierluigi Paganini.

Cybercrime 94

Cybercrime Malware DDOS Ransomware 94

Security Affairs

APRIL 15, 2022

The cybercrime gang has been active since at least January 2020. The malware is also able to steal details from cryptocurrency wallets and load additional malware to conduct malicious operations. “It features the ability to steal sensitive information from victims and can download additional malware to infected systems.

Cybercrime 85

Cybercrime Malware Cryptocurrency Hacking 85

Krebs on Security

SEPTEMBER 13, 2023

In December 2022, KrebsOnSecurity broke the news that a cybercriminal using the handle “ USDoD ” had infiltrated the FBI ‘s vetted information sharing network InfraGard , and was selling the contact information for all 80,000 members. But on Sept. defense contractors. USDoD’s avatar used to be the seal of the U.S.

Cybercrime 286

Cybercrime Passwords Authentication Malware 286

Security Affairs

DECEMBER 1, 2022

Redigo is a new Go-based malware employed in attacks against Redis servers affected by the CVE-2022-0543 vulnerability. Researchers from security firm AquaSec discovered a new Go-based malware that is used in a campaign targeting Redis servers. In March 2022, the U.S. ” reads the analysis published by AquaSec.

Malware 143

Malware DDOS Architecture Cryptocurrency 143

Security Affairs

FEBRUARY 17, 2024

Ukrainian national Vyacheslav Igorevich Penchukov has pleaded guilty to his key roles in the Zeus and IcedID malware operations. Vyacheslav Igorevich Penchukov was a leader of two prolific malware groups that infected thousands of computers with malicious software.

Malware 94

Malware Cybercrime Banking Hacking 94

Security Affairs

MAY 12, 2024

Black Basta ransomware affiliates have breached over 500 organizations between April 2022 and May 2024, FBI and CISA reported. Black Basta ransomware-as-a-service (RaaS) has been active since April 2022, it impacted several businesses and critical infrastructure entities across North America, Europe, and Australia.

Ransomware 115

Ransomware Hacking Healthcare Retail 115

Security Affairs

MAY 20, 2023

FIN7 is a Russian criminal group (aka Carbanak ) that has been active since mid-2015, it focuses on restaurants, gambling, and hospitality industries in the US to harvest financial information that was used in attacks or sold in cybercrime marketplaces. They then use OpenSSH and Impacket to move laterally and deploy Clop ransomware.

Cybercrime 88

Cybercrime Ransomware Security Intelligence Hacking 88

Krebs on Security

AUGUST 29, 2023

government today announced a coordinated crackdown against QakBot , a complex malware family used by multiple cybercrime groups to lay the groundwork for ransomware infections. Qakbot/Qbot was once again the top malware loader observed in the wild in the first six months of 2023.

Hacking 253

Hacking Malware Ransomware Government 253

SecureList

MARCH 29, 2023

However, traditional financial threats – such as banking malware and financial phishing, continue to take up a significant share of such financially-motivated cyberattacks. In 2022, we saw a major upgrade of the notorious Emotet botnet as well as the launch of massive campaigns by Emotet operators throughout the year.

Banking 71

Banking Phishing Cryptocurrency Mobile 71

Security Affairs

MARCH 11, 2024

The financially motivated hacking group Magnet Goblin uses various 1-day flaws to deploy custom malware on Windows and Linux systems. These include: Magento – CVE-2022-24086 Qlik Sense – CVE-2023-41265, CVE-2023-41266 , and CVE-2023-48365 Ivanti Connect Secure – CVE-2023-46805 and CVE-2024-21887 , CVE-2024-21888 and CVE-2024-21893.

Malware 102

Malware VPN Encryption Hacking 102

Security Affairs

NOVEMBER 3, 2022

Further evidence linking the two includes IP addresses and specific TTPs (tactics, techniques, and procedures) used by FIN7 in early 2022 and seen months later in actual Black Basta attacks. Black Basta has been active since April 2022, like other ransomware operations, it implements a double-extortion attack model. .

Cybercrime 96

Cybercrime Ransomware Antivirus Malware 96

SecureList

NOVEMBER 1, 2022

This is our latest installment, focusing on activities that we observed during Q3 2022. We can confirm a Maui ransomware incident in 2022, but we would expand their “first seen” date from the reported May 2021 to April 15, 2021, and the geolocation of the target to Japan and India. The most remarkable findings.

Malware 139

Malware Ransomware Spyware Encryption 139

Security Affairs

MAY 1, 2023

The previously undetected LOBSHOT malware is distributed using Google ads and gives operators VNC access to Windows devices. Threat actors are using an elaborate scheme of fake websites through Google Ads to spread their malware, the backdoors are embedded in installers for apparently legitimate applications, such as AnyDesk.

Malware 88

Malware Cybercrime Banking Software 88

Security Affairs

MAY 30, 2022

The researchers attribute the botnet to the cybercrime group Keksec which focuses on DDoS-based extortion. Experts pointed out that the malware is being actively developed. The botnet was first discovered by Fortinet in March, the DDoS botnet targeted several routers and web servers by exploiting known vulnerabilities.

Malware 142

Malware DDOS IoT Cybercrime 142

Security Affairs

NOVEMBER 1, 2022

Compared to the second quarter of 2022, the activity decreased by 8%, falling from July to August but increasing from August to September. In Q3 2022, the most prolific ransomware and data leak actors in Q3 were LockBit , Black Basta , Hive , Alphv(aka BlackCat) and the new entry BianLian group. SecurityAffairs – hacking, cybercrime).

Ransomware 96

Ransomware Cybercrime Hacking Information Security 96

McAfee

OCTOBER 26, 2021

What cyber security threats should enterprises look out for in 2022? Skilled engineers and security architects from McAfee Enterprise and FireEye offer a preview of how the threatscape might look in 2022 and how these new or evolving threats could potentially impact the security of enterprises, countries, and civilians.

Cybercrime 118

Cybercrime Ransomware Risk B2C 118

Security Affairs

APRIL 11, 2023

The experts pointed out that while the majority of zero-days they have discovered in the past were used by APT groups, this zero-day was exploited by a sophisticated cybercrime group. This group is known to have used similar CLFS driver exploits in the past that were likely developed by the same author.

Cybercrime 92

Cybercrime Ransomware Education Media 92

Security Affairs

NOVEMBER 17, 2022

A suspected leader of the Zeus cybercrime gang, Vyacheslav Igorevich Penchukov (aka Tank), was arrested by Swiss police. Swiss police last month arrested in Geneva Vyacheslav Igorevich Penchukov (40), also known as Tank, which is one of the leaders of the JabberZeus cybercrime group. Pierluigi Paganini.

Cybercrime 92

Cybercrime Banking Identity Theft Hacking 92

Security Affairs

DECEMBER 1, 2023

The Black Basta ransomware gang infected over 300 victims accumulating ransom payments exceeding $100 million since early 2022. The Black Basta ransomware group has been active since April 2022, like other ransomware operations, it implements a double-extortion attack model. ” reads the Elliptic’s report.

Ransomware 87

Ransomware Retail Malware Insurance 87

Security Affairs

FEBRUARY 10, 2023

A recently discovered threat actor, tracked as TA886 by security firm Proofpoint, is targeting organizations in the United States and Germany with new malware dubbed Screenshotter. The experts first spotted the attacks attributed to this threat actor in October 2022, they believe that the group is financially motivated.

Malware 84

Malware Phishing Spyware Cybercrime 84

Security Affairs

AUGUST 1, 2023

Threat actors are targeting Italian organizations with a phishing campaign aimed at delivering a new malware called WikiLoader. WikiLoader is a new piece of malware that is employed in a phishing campaign that is targeting Italian organizations. ” reads the post published by Proofpoint. ” continues the report.

Malware 92

Malware Phishing Banking Hacking 92

IT Security Guru

AUGUST 30, 2022

As such, the cost of cybercrime is set to increase with the global cybersecurity market estimated to reach $403.01 This article will look at some of the biggest trends affecting cybersecurity in 2022. This resulted in over 18,000 SolarWinds customers installing the malicious updates, thereby spreading the malware without detection.

Cybersecurity 101

Cybersecurity Phishing Ransomware Marketing 101

Security Affairs

JUNE 12, 2022

Ransomware gangs are actively exploiting CVE-2022-26134 remote code execution (RCE) flaw in Atlassian Confluence Server and Data Center. Multiple ransomware groups are actively exploiting the recently disclosed remote code execution (RCE) vulnerability, tracked as CVE-2022-26134 , affecting Atlassian Confluence Server and Data Center.

Ransomware 127

Ransomware Encryption Malware Hacking 127

SecureList

NOVEMBER 10, 2022

Cryptocurrency prices were dropping from the end of 2021 and throughout the first half of 2022. Cybercriminals pay neither for equipment, nor for electricity, which is rather expensive in 2022. If the cryptomining malware is installed successfully on the victim’s computer, it delivers its operator stable earnings.

Cryptocurrency 106

Cryptocurrency Malware Software Ransomware 106

Security Affairs

DECEMBER 22, 2022

. “South Korea’s main spy agency, the National Intelligence Service, said North Korea’s capacity to steal digital assets is considered among the best in the world because of the country’s focus on cybercrimes since U.N. The report states that North Korea-linked attacks employed the AppleJeus malware to steal cryptocurrency.

Cryptocurrency 130

Cryptocurrency Cybercrime Media Government 130

Malwarebytes

SEPTEMBER 18, 2023

In a public announcement , Free Download Manager has acknowledged that a specific web page on its site was compromised by a Ukrainian cybercrime group, exploiting it to distribute malware. All the Free Download Manager users who downloaded FDM for Linux between 2020 and 2022 should scan their computers for malware.

Malware 111

Malware Cryptocurrency Cybercrime Software 111

McAfee

OCTOBER 31, 2021

McAfee Enterprise and FireEye recently released its 2022 Threat Predictions. In this blog, we take a deeper dive into the continuingly aggressive role Nation States will play in 2022. By getting an executive on the hook, they could potentially convince them to download a job spec that is malware. By Raj Samani. Prevention.

Cybercrime 115

Cybercrime Government Malware Backups 115