Antivirus, Cybercrime, Document and Information Security

Experts link the Black Basta ransomware operation to FIN7 cybercrime gang

Security Affairs

NOVEMBER 3, 2022

The Sentinel Labs’s analysis revealed that Black Basta ransomware operators develop and maintain their own toolkit, they documented only collaboration with a limited and trusted set of affiliates. The DisableAntiSpyware parameter allows disabling the Windows Defender Antivirus in order to deploy another security solution.

Cybercrime

Cybercrime Ransomware Antivirus Malware

UNC2465 cybercrime group launched a supply chain attack on CCTV vendor

Security Affairs

JUNE 17, 2021

UNC2465 cybercrime group that is affiliated with the Darkside ransomware gang has infected with malware the website of a CCTV camera vendor. In the documented attack, once the backdoor is deployed, UNC2465 interactively established an NGROK tunnel and performed lateral movements in less than 24 hours. ” concludes the report.

Cybercrime

Cybercrime Ransomware Antivirus Software

Russian nation sentenced to 48 months in prison for helping Kelihos Botnet to evade detection

Security Affairs

DECEMBER 12, 2021

. “A Russian national was sentenced today to 48 months in prison for operating a “crypting” service used to conceal the Kelihos malware from antivirus software, which enabled hackers to systematically infect approximately hundreds of thousands of victim computers around the world with malicious software, including ransomware.”

Antivirus

Antivirus Malware Cybercrime Cyber threats

Webinars

Human-Centered Cyber Security Training: Driving Real Impact on Security Culture

MORE WEBINARS

Avast researchers released a free BianLian ransomware decryptor for some variants of the malware

Security Affairs

JANUARY 16, 2023

Antivirus firm Avast released a free decryptor for the BianLian ransomware family that allows victims to recover locked files. Security firm Avast has released a free decryptor for the BianLian ransomware to allow victims of the malware to recover locked files. It is also recommendable to check the virus vault of your antivirus.

Ransomware

Ransomware Malware Antivirus Encryption

Threat actors abuse Adobe Acrobat Sign to distribute RedLine info-stealer

Security Affairs

MARCH 20, 2023

Avast researchers reported that threat actors are abusing the legitimate Adobe Acrobat Sign service to distribute the RedLine information stealer. Adobe Acrobat Sign allows registered users to sign documents online and send a document signature request to anyone. ” reads the anaysis published by Avast.

Antivirus

Antivirus Malware Engineering Hacking

Global Effort Seizes EMOTET Botnet

SecureWorld News

JANUARY 28, 2021

This is a unique and new approach to effectively disrupt the activities of the facilitators of cybercrime.". EMOTET gained notoriety for being one of the most professional and longest lasting cybercrime services to exist. One way that EMOTET was so effective was due to its ability to spread via word documents.

Cybercrime

Cybercrime Malware Antivirus Banking

4 Android banking trojans were spread via Google Play infecting 300.000+ devices

Security Affairs

NOVEMBER 30, 2021

“VirusTotal does not showcase the evolution of detections of antivirus products over time, but almost all campaigns have or had a 0/62 FUD score on VirusTotal at some point in time, confirming the difficulty of detecting dropper apps with a minimal footprint.” ” reads the analysis published by the experts.

Banking

Banking Antivirus Malware Authentication

France national cyber-security agency warns of a surge in Emotet attacks

Security Affairs

SEPTEMBER 7, 2020

Recent spam campaigns used messages with malicious Word documents, or links to them, pretending to be an invoice, shipping information, COVID-19 information , resumes, financial documents, or scanned documents. Generally speaking, removal/cleaning by antivirus is not a sufficient guarantee.

Malware

Malware Advertising Antivirus Banking

U.S. taxpayers hit by a phishing campaign delivering the Amadey bot

Security Affairs

SEPTEMBER 20, 2019

Security experts at Cofense uncovered a phishing campaign that is targeting taxpayers in the United States attempting to infect them with a new piece of malware named Amadey. Experts revealed that the botnet was used by the TA505 cybercrime gang to distribute the FlawedAmmy RAT and some email stealers.

Phishing

Phishing Social Engineering Malware Advertising

Ryuk ransomware operations already made over $150M

Security Affairs

JANUARY 7, 2021

“Both exchanges require identity documents in order to exchange cryptocurrencies for fiat or to make transfers to banks, however it isn’t clear if the documents they accept are scrutinized in any meaningful way. ” If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Ransomware

Ransomware Cryptocurrency Antivirus Banking

GO#WEBBFUSCATOR campaign hides malware in NASA’s James Webb Space Telescope image

Security Affairs

AUGUST 31, 2022

Upon opening the document, a malicious template file is downloaded and saved on the system. At the time of publication, this particular file is undetected by all antivirus vendors according to VirusTotal” The Base64 encoded payload, once decrypted, is a Windows 64-bit executable (1.7MB) called “msdllupdate.exe.”.

Malware

Malware DNS Antivirus Encryption

CERT France – Pysa ransomware is targeting local governments

Security Affairs

MARCH 19, 2020

“The purpose of this document is to describe the operating mode used during these attacks and the associated compromise indicators, then to provide recommendations to limit the impact of this type of incident.” SecurityAffairs – Pysa ransomware, cybercrime). ” reads the issued by French CERT. Pierluigi Paganini.

Government

Government Ransomware Encryption Penetration Testing

US authorities charged Dridex gang members for stealing over $100 Million

Security Affairs

DECEMBER 7, 2019

“According to the indictment, Bugat is a malware specifically crafted to defeat antivirus and other protective measures employed by victims. For over a decade, Maksim Yakubets and Igor Turashev led one of the most sophisticated transnational cybercrime syndicates in the world,” said U.S. Attorney Brady. Treasury Department.

Banking

Banking Malware Cybercrime Accountability

Dutch police arrested the author of Dryad and Rubella Macro Builders

Security Affairs

JULY 19, 2019

” Both macro builders allow crooks to easily create malicious Office documents that are usually involved in hacking campaigns as a first-stage loader for other malware. According to Flashpoint , Rubella is not particularly sophisticated, the builder is used to create Microsoft Word or Excel weaponized documents to use in spam email.

Malware

Malware Social Engineering Advertising Antivirus

Ransomware Revival: Troldesh becomes a leader by the number of attacks

Security Affairs

NOVEMBER 19, 2019

To bypass antivirus systems, hackers send out malicious emails in non-working hours with delayed activation. The first half of 2019 saw a 10-fold increase in the number of password-protected objects, such as documents and archive files, being used to deliver malware. More than 80% of all malicious files were disguised as .zip

Ransomware

Ransomware Antivirus Malware Banking

Brazilian trojan impacting Portuguese users and using the same capabilities seen in other Latin American threats

Security Affairs

MARCH 14, 2022

In addition, most artifacts extracted also matched a threat documented in 2020 and available here. At this moment, the infection chain is able to bypass the antivirus detection, with the latter EXE ( WpfApp14.exe Maxtrilha – one of the most active trojans in Portugal – uses the same templates to target users.

Banking

Banking Encryption Malware Phishing

TA505 is expanding its operations

Security Affairs

MAY 29, 2019

Information about initial dropper. The document is weaponized with malicious macro code triggered when the user opens the document to see the content under the obfuscated view. XLS document. Information about MPress packer used in “winserv.exe” payload. Part of the macro’s content is shown in the following figure.

Retail

Retail Banking Advertising Encryption

Pirate Ship Sailing to Developing World: Group-IB Uncovers Real Captains of Online Piracy Crew

Security Affairs

JULY 28, 2020

The document uncovers major players and driving forces of a criminal digital piracy syndicate which has been flourishing in the post-Soviet space, its safe harbor, for years and now has extended its tentacles as far as to Latin America and Asia. Group-IB exposes financial crime network of online pirates in developing countries.“

Marketing

Marketing Banking Advertising Cybercrime

[SI-LAB] EMOTET spread in Chile impacted hundreds of users and targeted financial and banking services

Security Affairs

APRIL 10, 2019

This threat is known as a banking trojan malware that collects financial information by injecting malicious code into a computer. That file was delivered via malscam campaigns around the world and its source-code is obfuscated in order to evade antivirus detection and complicate its analysis.

Banking

Banking Malware Antivirus Cyber threats

Epic Manchego gang uses Excel docs that avoid detection

Security Affairs

SEPTEMBER 7, 2020

A recently discovered cybercrime gang, tracked as Epic Manchego , is using a new technique to create weaponized Excel files that are able to bypass security checks. The phishing messages carry weaponized Excel documents that are able to bypass security checks and that had low detection rates. EPPlus is such a tool.”

Cybercrime

Cybercrime Phishing Advertising Antivirus

How to Protect Your Business Data with Cyber security

CyberSecurity Insiders

NOVEMBER 25, 2021

5 Cyber Security Best Practices to Protect Your Business Data. Today, any company can fall victim to cybercrime, which has become a major problem around the world. That’s why large, medium-sized, and small businesses need to become more proactive in their approach to cyber security. . . Source [link]. Back Up Your Data.

Computers and Electronics

Computers and Electronics Cyber Attacks Data breaches Passwords

Clipper attacks use Trojanized TOR Browser installers

Security Affairs

MARCH 29, 2023

. “However, even if you do download a rogue file masked as something else, using a decent antivirus solution or uploading the file to VirusTotal could help identify any malicious intent” If you want to have full confidence that your system was not infected with clipper malware copy a wallet address and paste it into a text document.

Malware

Malware Passwords Cryptocurrency Antivirus

EP 49: LoL

ForAllSecure

JUNE 21, 2022

Hanslovan: So we noticed it was a trend like all things cat and mouse base and hackers were really getting ticked off that their malicious payloads were getting caught by the antivirus. Why don't I use the trusted ones that I'll get by antivirus. So good tactic it can be deployed both ways cybercrime and more traditional espionage.

Ransomware

Ransomware Marketing Software Antivirus

Cybersecurity Awareness Month: Security Experts Reflect on Safety

CyberSecurity Insiders

NOVEMBER 1, 2021

“The security risks of remote working have been well documented. And, the system must be intuitive and convenient, so executives remain within its workflows and processes without straying to other systems and creating security gaps. Jon Clemenson, director of information security, TokenEx.

Cybersecurity

Cybersecurity Backups Ransomware Passwords

ChatGPT: Cybersecurity friend or foe?

Malwarebytes

MAY 21, 2023

For example, Malwarebytes asked ChatGPT to write the opening paragraph of a novel about an antiquated antivirus program that relies on signature-based detection to stop new and emerging threats. Here's what the program came back with: “The antivirus program blinked to life, its archaic interface flickering on the outdated CRT monitor.

Cybersecurity

Cybersecurity Artificial Intelligence Social Engineering Engineering

Cyber Security Informer

Experts link the Black Basta ransomware operation to FIN7 cybercrime gang

UNC2465 cybercrime group launched a supply chain attack on CCTV vendor

Webinars

Trending Sources

Russian nation sentenced to 48 months in prison for helping Kelihos Botnet to evade detection

Webinars

Avast researchers released a free BianLian ransomware decryptor for some variants of the malware

Threat actors abuse Adobe Acrobat Sign to distribute RedLine info-stealer

Global Effort Seizes EMOTET Botnet

4 Android banking trojans were spread via Google Play infecting 300.000+ devices

France national cyber-security agency warns of a surge in Emotet attacks

U.S. taxpayers hit by a phishing campaign delivering the Amadey bot

Ryuk ransomware operations already made over $150M

GO#WEBBFUSCATOR campaign hides malware in NASA’s James Webb Space Telescope image

CERT France – Pysa ransomware is targeting local governments

US authorities charged Dridex gang members for stealing over $100 Million

Dutch police arrested the author of Dryad and Rubella Macro Builders

Ransomware Revival: Troldesh becomes a leader by the number of attacks

Brazilian trojan impacting Portuguese users and using the same capabilities seen in other Latin American threats

TA505 is expanding its operations

Pirate Ship Sailing to Developing World: Group-IB Uncovers Real Captains of Online Piracy Crew

[SI-LAB] EMOTET spread in Chile impacted hundreds of users and targeted financial and banking services

Epic Manchego gang uses Excel docs that avoid detection

How to Protect Your Business Data with Cyber security

Clipper attacks use Trojanized TOR Browser installers

EP 49: LoL

Cybersecurity Awareness Month: Security Experts Reflect on Safety

ChatGPT: Cybersecurity friend or foe?

Stay Connected