Cybercrime, Malware and System Administration

Career Choice Tip: Cybercrime is Mostly Boring

Krebs on Security

MAY 29, 2020

But new research suggests that as cybercrime has become dominated by pay-for-service offerings, the vast majority of day-to-day activity needed to support these enterprises is in fact mind-numbingly boring and tedious, and that highlighting this reality may be a far more effective way combat cybercrime and steer offenders toward a better path.

Cybercrime

Cybercrime System Administration Marketing Malware

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Now new findings reveal that AVrecon is the malware engine behind a 12-year-old service called SocksEscort , which rents hacked residential and small business devices to cybercriminals looking to hide their true location online. ” According to Kilmer, AVrecon is the malware that gives SocksEscort its proxies.

Malware

Malware VPN Internet Internet

Russian-speaking cybercrime evolution: What changed from 2016 to 2021

SecureList

OCTOBER 20, 2021

Having been in the field for so long, we have witnessed some major changes in the cybercrime world’s modus operandi. This report shares our insights into the Russian-speaking cybercrime world and the changes in how it operates that have happened in the past five years. Malware developers — no longer hiring.

Cybercrime

Cybercrime Banking Malware Ransomware

FIN7 cybercrime gang creates fake cybersecurity firm to recruit pentesters for ransomware attacks

Security Affairs

OCTOBER 22, 2021

FIN7 is a Russian criminal group that has been active since mid-2015, it focuses on restaurants, gambling, and hospitality industries in the US to harvest financial information that was used in attacks or sold in cybercrime marketplaces. Once gained access to the target network, the threat actors could then drop malware and ransomware. .

Cybercrime

Cybercrime Ransomware Cybersecurity Backups

New iLOBleed Rootkit, the first time ever that malware targets iLO firmware

Security Affairs

DECEMBER 30, 2021

The module has full access to all the firmware, hardware, software, and operating system installed on the server. . The attacks were spotted by Iranian cybersecurity firm Amnpardaz, this is the first time ever that malware targets iLO firmware. ” reads the report published by the expers. ” continues the report.

Firmware

Firmware Malware System Administration Technology

FBI and CISA published a new advisory on AvosLocker ransomware

Security Affairs

OCTOBER 13, 2023

AvosLocker operators already advertised in the past a Linux variant, dubbed AvosLinux, of their malware claiming it was able to support Linux and ESXi servers. AvosLocker affiliates use legitimate software and open-source remote system administration tools to compromise the victims’ networks.

Ransomware

Ransomware System Administration Antivirus Malware

A member of the FIN7 group was sentenced to 10 years in prison

Security Affairs

APRIL 18, 2021

The Ukrainian national Fedir Hladyr (35), aka “das” or “AronaXus,” was sentenced to 10 years in prison for having served as a manager and systems administrator for the financially motivated group FIN7 , aka Carbanak. Between 2014 and 2016 the group used a new custom malware dubbed Carbanak that is considered a newer version of Anunak.

System Administration

System Administration Penetration Testing Malware Banking

FireEye experts found source code for CARBANAK malware on VirusTotal?

Security Affairs

APRIL 23, 2019

The Carbanak gang (aka FIN7 , Anunak or Cobalt ) stole over a billion euros from banks across the world, the name “Carbanak” comes with the name of the malware they used to compromise computers at banks, other financial institutions, restaurants, and other industries. Hladyr is suspected to be a system administrator for the group.

Malware

Malware Penetration Testing Banking System Administration

North Korean Lazarus APT group targets blockchain tech companies

Malwarebytes

APRIL 19, 2022

These days, financial cybercrimes often involve Bitcoin and other cryptocurrencies. Since 2018, one of the Lazarus Group’s tactics has been to disguse AppleJeus malware as cryptocurrency trading platforms for both Windows and Mac. Use endpoint protection to detect exploits and stop malware. Spearphishing campaigns.

Social Engineering

Social Engineering Cryptocurrency Computers and Electronics Engineering

A Closer Look at the Snatch Data Ransom Group

Krebs on Security

SEPTEMBER 30, 2023

.” New York City-based cyber intelligence firm Flashpoint said the Snatch ransomware group was created in 2018, based on Truniger’s recruitment both on Russian language cybercrime forums and public Russian programming boards. “The command requires Windows system administrators,” Truniger’s ads explained.

Ransomware

Ransomware Accountability Cybercrime Backups

Meet the Administrators of the RSOCKS Proxy Botnet

Krebs on Security

JUNE 22, 2022

.” The DOJ’s statement doesn’t mention that RSOCKS has been in operation since 2014, when access to the web store for the botnet was first advertised on multiple Russian-language cybercrime forums. Kloster says he’s worked in many large companies in Omsk as a system administrator, web developer and photographer.

Advertising

Advertising Cybercrime System Administration Hacking

StealthWorker botnet targets Synology NAS devices to drop ransomware

Security Affairs

AUGUST 9, 2021

Synology’s security researchers believe the botnet is primarily driven by a malware family called “StealthWorker.” ” At present, Synology PSIRT has seen no indication of the malware exploiting any software vulnerabilities.” ” reads the security advisory published by the vendor. Pierluigi Paganini.

Ransomware

Ransomware System Administration Malware Authentication

WeSteal, a shameless commodity cryptocurrency stealer available for sale

Security Affairs

MAY 2, 2021

A new cryptocurrency stealer dubbed WeSteal is available on the cybercrime underground, unlike other commodity cryptocurrency stealers, its author doesn’t masquerade its purpose and promises “the leading way to make money in 2021.”. There is the name of the malware itself. ” reads the post published by Palo Alto Networks.

Cryptocurrency

Cryptocurrency Malware Advertising System Administration

Caketap, a new Unix rootkit used to siphon ATM banking data

Security Affairs

MARCH 18, 2022

Mandiant researchers discovered a new Unix rootkit named Caketap, which is used to steal ATM banking data, while investigating the activity of the LightBasin cybercrime group (aka UNC1945 ). Experts spotted a new Unix rootkit, called Caketap, that was used to steal ATM banking data. ” concludes the report.

Banking

Banking Telecommunications System Administration Hacking

FIN7 sysadmin behind “billions in damage” gets 10 years

Malwarebytes

APRIL 20, 2021

In 2018 three high-ranking members of a sophisticated international cybercrime group operating out of Eastern Europe were arrested and taken into custody by US authorities. The Carbanak campaign first made international headlines in 2015 as one of the first malware campaigns that specialized in remote ATM robberies. The malware.

System Administration

System Administration Banking Malware Penetration Testing

Black Hat AI Tools Fuel Rise in Business Email Compromise (BEC) Attacks

eSecurity Planet

JULY 13, 2023

They found a tool called WormGPT “through a prominent online forum that’s often associated with cybercrime,” Kelley wrote in a blog post. WormGPT can be used for “everything blackhat related,” its developer claimed in the cybercrime forum. Promotion of jailbreaks for AI platforms.

Cybercrime

Cybercrime Phishing Marketing System Administration

FireEye experts found source code for CARBANAK malware on VirusTotal?

Security Affairs

APRIL 23, 2019

The Carbanak gang (aka FIN7 , Anunak or Cobalt ) stole over a billion euros from banks across the world, the name “Carbanak” comes with the name of the malware they used to compromise computers at banks, other financial institutions, restaurants, and other industries. Hladyr is suspected to be a system administrator for the group.

Malware

Malware Penetration Testing Banking System Administration

Florence, Ala. Hit By Ransomware 12 Days After Being Alerted by KrebsOnSecurity

Krebs on Security

JUNE 9, 2020

That last effort prompted a gracious return call the following day from a system administrator for the city, who thanked me for the heads up and said he and his colleagues had isolated the computer and Windows network account Hold Security flagged as hacked. ” A DoppelPaymer ransom note. Image: Crowdstrike.

Ransomware

Ransomware System Administration Backups Technology

How Did Authorities Identify the Alleged Lockbit Boss?

Krebs on Security

MAY 13, 2024

This post examines the activities of Khoroshev’s many alter egos on the cybercrime forums, and tracks the career of a gifted malware author who has written and sold malicious code for the past 14 years. was used by a Russian-speaking member called Pin on the English-language cybercrime forum Opensc. Image: treasury.gov.

Ransomware

Ransomware Cybercrime Accountability Malware

Microsoft warns of Human-Operated Ransomware as a growing threat to businesses

Security Affairs

MARCH 10, 2020

Microsoft is warning of human-operated ransomware, this kind of attack against businesses is becoming popular in the cybercrime ecosystem. Human-operated ransomware is a technique usually employed in nation-state attacks that is becoming very popular in the cybercrime ecosystem. ” reads the post published by Microsoft.

Ransomware

Ransomware Cybercrime Social Engineering Banking

Administrators of bulletproof hosting sentenced to prison in the US

Security Affairs

OCTOBER 21, 2021

The United States Department of Justice sentenced two individuals that were providing bulletproof hosting to various malware operations. The two individuals, Aleksandr Skorodumov (33) of Lithuania, and Pavel Stassi (30) of Estonia, administrated the bulletproof hosting service between 2009 and 2015.

System Administration

System Administration Malware Accountability Marketing

US authorities charged Dridex gang members for stealing over $100 Million

Security Affairs

DECEMBER 7, 2019

US DoJ charged two Russian citizens for deploying the Dridex malware and for their involvement in international bank fraud and computer hacking schemes. The Bugat malware a multifunction malware package designed to automate the theft of confidential personal and financial information. Attorney Brady.

Banking

Banking Malware Cybercrime Accountability

Canadian Police Raid ‘Orcus RAT’ Author

Krebs on Security

APRIL 2, 2019

Canadian police last week raided the residence of a Toronto software developer behind “ Orcus RAT ,” a product that’s been marketed on underground forums and used in countless malware attacks since its creation in 2015. An advertisement for Orcus RAT. Tips from international private cyber security firms triggered the investigation.”.

Advertising

Advertising Malware Marketing Software

Bye Bye Emotet, law enforcement pushed the uninstall code via the botnet

Security Affairs

APRIL 26, 2021

European law enforcement has conducted an operation aimed at performing a mass-sanitization of computers infected with the infamous Emotet Windows malware. European law enforcement agencies automatically wiped the infamous Emotet malware from infected systems across the world as part of a mass sanitization operation.

Malware

Malware Banking System Administration Hacking

SysAdmin Gets 10 Years in Prison

SecureWorld News

APRIL 19, 2021

Being a systems administrator can be a fulfilling job with a lot of rewards. Some were hackers, others developed the malware installed on computers, and still others crafted the malicious emails that duped victims into infecting their company systems.

System Administration

System Administration Hacking Malware Encryption

BatLoader campaign impersonates ChatGPT and Midjourney to deliver Redline Stealer

Security Affairs

MAY 21, 2023

Unfortunately, as system administrators seek ways to control access to these platforms, users may seek out alternative ways to gain access.” However, this recent campaign shows malicious ads can still slip by moderators and deliver victims malware.” In this case, the visitors were downloading Midjourney-x64.msix,

System Administration

System Administration Advertising Malware Hacking

City of Dallas has set a budget of $8.5 million to mitigate the May Royal ransomware attack

Security Affairs

SEPTEMBER 23, 2023

At the time, BleepingComputer reported that the City’s court system canceled all jury trials and jury duty for several days starting from May 2nd. CBS News Texas obtained an image the ransomware note dropped by the malware on the infected systems.

Ransomware

Ransomware Surveillance Healthcare Accountability

Three members of FIN7 (Carbanak) gang charged with stealing 15 million credit cards

Security Affairs

AUGUST 2, 2018

Three members of the cybercrime group tracked as FIN7 and Carbanak have been indicted and charged with 26 felony counts. Three members of the notorious cybercrime gang known as FIN7 and Carbanak have been indicted and charged with 26 felony counts of conspiracy, wire fraud, computer hacking, access device fraud and aggravated identity theft.

Banking

Banking Cybercrime Identity Theft Penetration Testing

How to stay secure from ransomware attacks this Labor Day weekend

Malwarebytes

AUGUST 27, 2021

Indeed, while many people are looking forward to catching up with friends and family this Labor Day weekend, cybercrime gangs are likely huddling, too, planning to attack somebody. . You never think you’re gonna be hit by ransomware,” says Ski Kacoroski , a system administrator with the Northshore School District in Washington state.

Ransomware

Ransomware System Administration Encryption Cybercrime

New Linux/DDosMan threat emerged from an evolution of the older Elknot

Security Affairs

APRIL 1, 2019

The popular expert unixfreaxjp analyzed a new China ELF DDoS’er malware tracked as “Linux/DDoSMan” that evolves from the Elknot malware to deliver new ELF bot. But what kind of malware is this Elknot Trojan? This malware is an update and reuse from the Elknot’s malware source code.

DDOS

DDOS Malware Encryption Penetration Testing

LockBit ransomware group claims to have hacked Bridgestone Americas

Security Affairs

MARCH 13, 2022

All we do is provide paid training to system administrators around the world on how to properly set up a corporate network. “For us it is just business and we are all apolitical. We are only interested in money for our harmless and useful work.

Hacking

Hacking Ransomware Manufacturing Cyber Attacks

Dissecting the malicious arsenal of the Makop ransomware gang

Security Affairs

MARCH 14, 2023

The tool is basically a search engine for local and network shared files inside a Windows environment: unlike the default Windows search, it is designed to locate files and folders by filename instantly, speeding up system information discovery. Its name is YDArk and it is an open-source tool available even on GitHub ( link ).

Ransomware

Ransomware Software System Administration Encryption

Ransomware Gangs and the Name Game Distraction

Krebs on Security

AUGUST 5, 2021

It’s nice when ransomware gangs have their bitcoin stolen, malware servers shut down, or are otherwise forced to disband. Reinvention is a basic survival skill in the cybercrime business. REvil’s last big victim was Kaseya , a Miami-based company whose products help system administrators manage large networks remotely.

Ransomware

Ransomware Cybercrime Malware System Administration

Exclusive: Lighting the Exfiltration Infrastructure of a LockBit Affiliate (and more)

Security Affairs

OCTOBER 3, 2023

Our investigation revealed that this remote endpoint is associated with criminal activities dating back to 2019, indicating that these hosts were likely under the control of the same technical administration. This hostname connection is particularly heterogeneous, but it technically makes sense.

Scams

Scams Ransomware System Administration Malware

Updates from the MaaS: new threats delivered through NullMixer

Security Affairs

MARCH 27, 2023

A technical analysis of NullMixer malware operation revealed Italy and France are the favorite European countries from the attackers’ perspective. Executive Summary Our insights into a recent NullMixer malware operation revealed Italy and France are the favorite European countries from the opportunistic attackers’ perspective.

Malware

Malware Social Engineering Encryption Marketing

IT threat evolution Q2 2021

SecureList

AUGUST 12, 2021

We discovered the malware as part of an attack against a high-profile organization in Vietnam. We found the loader for this file so interesting that we decided to base one of the tracks of our Targeted Malware Reverse Engineering course on it. The exploit-chain attempts to install malware in the system through a dropper.

Ransomware

Ransomware Malware Banking Encryption

Top Cybersecurity Accounts to Follow on Twitter

eSecurity Planet

DECEMBER 3, 2021

Brian Krebs is an independent investigative reporter known for his coverage of technology, malware , data breaches , and cybercrime developments. Russian software engineer Eugene Kaspersky’s frustration with the malware of the 80s and 90s led to the founding of antivirus and cybersecurity vendor Kaspersky Lab.

Accountability

Accountability Cybersecurity Penetration Testing InfoSec

Advanced threat predictions for 2023

SecureList

NOVEMBER 14, 2022

This reveals a likely blind spot for defenders and endpoint vendors: in a number of cases, perhaps even the majority, attackers have no need for 0-days and malware deployment to gain access to the information they need. SIGINT-delivered malware. 2023 will very likely be a year of 0-days for all major email software. The next WannaCry.

Firmware

Firmware Surveillance Mobile Telecommunications

Career Choice Tip: Cybercrime is Mostly Boring

Who and What is Behind the Malware Proxy Service SocksEscort?

Trending Sources

Russian-speaking cybercrime evolution: What changed from 2016 to 2021

FIN7 cybercrime gang creates fake cybersecurity firm to recruit pentesters for ransomware attacks

New iLOBleed Rootkit, the first time ever that malware targets iLO firmware

FBI and CISA published a new advisory on AvosLocker ransomware

A member of the FIN7 group was sentenced to 10 years in prison

FireEye experts found source code for CARBANAK malware on VirusTotal?

North Korean Lazarus APT group targets blockchain tech companies

A Closer Look at the Snatch Data Ransom Group

Meet the Administrators of the RSOCKS Proxy Botnet

StealthWorker botnet targets Synology NAS devices to drop ransomware

WeSteal, a shameless commodity cryptocurrency stealer available for sale

Caketap, a new Unix rootkit used to siphon ATM banking data

FIN7 sysadmin behind “billions in damage” gets 10 years

Black Hat AI Tools Fuel Rise in Business Email Compromise (BEC) Attacks

FireEye experts found source code for CARBANAK malware on VirusTotal?

Florence, Ala. Hit By Ransomware 12 Days After Being Alerted by KrebsOnSecurity

How Did Authorities Identify the Alleged Lockbit Boss?

Microsoft warns of Human-Operated Ransomware as a growing threat to businesses

Administrators of bulletproof hosting sentenced to prison in the US

US authorities charged Dridex gang members for stealing over $100 Million

Canadian Police Raid ‘Orcus RAT’ Author

Bye Bye Emotet, law enforcement pushed the uninstall code via the botnet

SysAdmin Gets 10 Years in Prison

BatLoader campaign impersonates ChatGPT and Midjourney to deliver Redline Stealer

City of Dallas has set a budget of $8.5 million to mitigate the May Royal ransomware attack

Three members of FIN7 (Carbanak) gang charged with stealing 15 million credit cards

How to stay secure from ransomware attacks this Labor Day weekend

New Linux/DDosMan threat emerged from an evolution of the older Elknot

LockBit ransomware group claims to have hacked Bridgestone Americas

Dissecting the malicious arsenal of the Makop ransomware gang

Ransomware Gangs and the Name Game Distraction

Exclusive: Lighting the Exfiltration Infrastructure of a LockBit Affiliate (and more)

Updates from the MaaS: new threats delivered through NullMixer

IT threat evolution Q2 2021

Top Cybersecurity Accounts to Follow on Twitter

Advanced threat predictions for 2023

Stay Connected