Skyrocketing Bitcoin prices prompt resurgence in mining malware
As the price of the cryptocurrency Bitcoin pushes record highs, there’s been a corresponding resurgence in cryptomining malware. Illicit miners had slipped off the radar as Bitcoin’s value plummeted in recent years, but now authors are hoping to profit off the latest price increase. Researchers have identified multiple forms of cryptominers, from browser-based applications to fileless script miners used against a variety of system configurations.
Major increase in malicious vaccine-related domains
The number of domains containing the word “vaccine” has increased 94.8% in the month since the first COVID-19 vaccine became publicly available. As with malicious COVID-related domains registered since March of last year, cybercriminals are taking advantage of the pandemic’s hold over the public’s consciousness in order to turn a profit. With over 2,000 new domains with COVID-related keywords, finding accurate and reliable information has become more difficult.
Millions of Nitro PDF user records leaked
A database containing over 77 million user records belonging to Nitro PDF has been found available for almost nothing on a dark web marketplace. The data was leaked in an October data breach, which Nitro confirmed, and was bundled for auction with a high price tag. Now, several months later, a member of the hacking group ShinyHunters has released access to the download link for a mere $ 3.
Scottish environmental agency falls victim to ransomware attack
Officials for the Scottish Environmental Protection Agency (SEPA) have confirmed that data stolen in a ransomware attack last month has been posted for sale on the dark web by the group responsible for the Conti ransomware variant. While it remains unclear how the attackers gained access to the agency’s systems, many of the infected systems are still not operational and have timetable for a return to service.
Hackers leak nearly 2 million Pixlr records
The ShinyHunters hacking group posted a database containing nearly 2 million user records for the Pixlr photo editing application to the web in recent days. The group claims to have stolen the database during a breach at another photo site, 123rf. Both sites are owned by the company Inmagine. Though Pixlr has yet to confirm the breach, it’s recommended users change passwords on Pixlr and any other sites sharing the same login credentials.
The post Cyber News Rundown: Cryptomining Malware Resurgent appeared first on Webroot Blog.
Dairy farm group faces $ 30 million ransom
The Dairy Farm Group, one of the largest retailers in Asia, has suffered a ransomware attack by the REvil group, which has demanded a roughly $ 30 million ransom. The attack is still ongoing nearly nine days after being first identified. The attackers still have full control over the company’s email systems, which they will likely use for additional phishing attacks or identity theft operations. Officials have confirmed the attack was isolated to a small number of devices, but they have not been able to stop the continuing transmission of data to the attacker’s systems.
Norway to fine dating app over user data sharing
The dating app Grindr will receive a fine from Norwegian government for sharing user data with several of their advertising partners. Multiple complaints were made against the app in the past year for making users accept their license agreement without being able to opt out of third-party data sharing. The fine equates to $ 11.7 million, or nearly 10 percent of Grindr’s annual revenue.
Multiple zero-day exploits patched by Apple
Apple has just released patches for three zero-day iOS exploits that may have already been used. Two of the exploits involved remote execution through a vulnerability in their WebKit browser, while the other could have been used to elevate privileges on multiple devices. An unknown researcher is responsible for bringing these vulnerabilities to Apple’s attention and likely received compensation through their bug bounty program.
Global authorities take down Emotet botnet
In the wake of a push earlier this week by global law enforcement, authorities have gained control of the servers responsible for operating the infamous Emotet botnet. This organization was responsible for infecting millions of devices across the world and using them to further the devastating spread. Police in Ukraine have also arrested individuals who face up to 12 years for their involvement in criminal activities. Emotet started out as a banking trojan but has since become an entry point for other ransomware variants.
Austrian crane manufacturer hit by ransomware
The Palfinger Group, which owns companies in 30 countries around the world, has recently fallen victim to a ransomware attack. For the past three days the organization has been under a steady assault on their networks, causing major issues with email communications and other crucial internal systems. It is still unclear on how the attack was initiated or the extent of the damage since the attack is ongoing.
The post Cyber News Rundown: Dairy Farm Ransomware appeared first on Webroot Blog.
Reading Time: ~ 2 min.
Thousands of Android Users fall Victim to Giveaway Fraud
Upwards of 65,000 Android users were potentially compromised after installing a malicious app promising free giveaways. Over the year the scam was in effect, roughly 5,000 apps were spoofed to lure victims into downloading in exchange for a phony giveaway. In reality, the infection pushes silent background ads which generate ad revenue for the scammers and decrease device performance.
North American Real Estate Firm Hit by Ransomware
A new ransomware variant known as DarkSide claimed its first victim, Brookfield Residential, after operating for nearly two weeks. The North American real estate developer recently noticed unauthorized access to several systems and was left a ransom note stating that over 200GB of data had been stolen. The data has since been published to DarkSide’s leak site, which has prompted many to speculate the ransom was not paid by Brookfield Residential.
Cryptominers Caught Using AI
Researchers have been at work creating an AI algorithm to detect malicious cryptocurrency miners while avoiding legitimate ones. The detection method compares currently running miners to graphs of both legitimate and illegitimate miners and monitors changes between the processes being used and the scheduling of mining activity. This type of detection may be put to use to decrease the overall use of malicious code that can often tax the system’s CPU usage to max capacity.
Los Angeles School District Suffers Cyber Attack
Just weeks after the FBI issued a warning about the threat of cyberattacks against school districts, the Rialto School District in California has fallen victim to just such an attack. These setbacks have made the return to online schooling particularly difficult. The extent of the attack remains unclear and officials are still working to determine the effects on the 25,000 enrolled students.
Maze Ransomware Cartel Adds New Variant Team
The authors of the lesser-known ransomware variant SunCrypt have recently joined forces with the Maze ransomware cartel. It’s believed the new cartel members were brought in to assist with the high volume of attacks that the Maze Group is handling and are being paid with a portion of its profits. In addition to new revenue streams from its partnership with the organization, cartel members also benefit from access to the Maze Group’s resources including obfuscation techniques and posting cartel member’s stolen data to their dedicated leak site.
The post Cyber News Rundown: Android Giveaway Fraud appeared first on Webroot Blog.
Reading Time: ~ 2 min.
Florida City Sees Lasting Effects of Ransomware Attack
Nearly three weeks after the City of Jupiter, Florida suffered a ransomware attack that took many of their internal systems offline, the city has yet to return to normal. City officials announced they would be working to rebuild their systems from backups, rather than paying any ransom, and were able to get their main website up and running again, along with many essential services. The timing of the attack couldn’t have been worse, as most of the City’s staff were under lockdown and unable to access compromised machines in a quick and safe manner.
Hackers Breach San Francisco International Airport
Late last Month, Russia-based hackers attempted to breach the internal networks of San Francisco International Airport using a simple injection script to obtain employee credentials. By forcing the use of the SMB file-sharing protocol, the hackers could quickly grab the usernames and hashed passwords, which would then allow them to deploy any number of malicious payloads or access extremely sensitive information. Shortly after the attack was detected and subsequently ended, the IT staff issued a forced password reset for all staff in hopes of minimizing any further damage.
Critical Exploits Patched by Microsoft
Recently, Microsoft patched three zero-day exploits that could allow remote code execution, privilege increases, and even creating new accounts with full OS permissions. Two of the patched flaws related to the Adobe Type Manager Library and were functional on multiple Windows® operating systems, but performed different tasks based on the environment in which they were deployed.
DDoS Suspect Arrested in Netherlands
Two Dutch government websites that were created to distribute information related to the COVID-19 pandemic fell victim to a DDoS attack for several hours. Dutch authorities, who have been heavily involved in many cybersecurity operations, have arrested at least one suspect and shut down 15 sites offering DDoS services. Hopefully, the shutdowns will help reduce the number of these types of attacks going forward.
RagnarLocker Takes Down Portuguese Energy
One of the largest energy providers in Europe, Energias de Portugal (EDP), became the victim of a ransomware attack that used the RagnarLocker variant. In exchange for the estimated 10TB of data stolen during the attack, attackers demanded a ransom of $ 10.9m to be paid in cryptocurrency. The authors behind RagnarLocker have already begun posting segments of the stolen data to their main website, along with the promise to release the rest and make their entire client list aware of the breach, if the ransom isn’t met.
The post Cyber News Rundown: Ransomware Wrecks Florida City appeared first on Webroot Blog.
Reading Time: ~ 2 min.
MedusaLocker Ransomware Spotted Worldwide
While it’s still unclear how MedusaLocker is spreading, the victims have been confirmed around the world in just the last month. By starting with a preparation phase, this variant can ensure that local networking functionality is active and maintain access to network drives. After shutting down security software and deleting Shadow Volume copies, it begins encrypting files while setting up self-preservation tasks.
Bargain Website Server Exposes Customer Data
Several websites used by UK customers to find bargains have left a database filled with customer data belonging to nearly 3.5 million users completely unprotected and connected to the internet. Along with the names and addresses of customers, the database also included banking details and other sensitive information that could be used to commit identity fraud. The researchers who initially discovered the breach notified the site owners, but received no response or any indication the leak would be resolved until nearly six weeks after the database was left exposed.
Arrests Made Following Major BEC Scam
At least three individuals have been arrested in Spain for their connection to a business email compromise (BEC) scam that netted over 10 million euros and affected 12 companies across 10 countries. It appears the operation began in 2016 and involved the cooperation of multiple law enforcement agencies. By creating a web of fake companies and bank accounts, the group was able to successfully launder money into various investments, including real estate, in an attempt to remain undetected.
LA Court System Hacked
The perpetrator of a 2017 spear phishing attack on the LA court system was sentenced to 145 months in prison following convictions on charges of wire fraud, unauthorized access to a computer, and identity theft. The individual was able to compromise employee email accounts and use them to launch a malspam campaign that distributed over 2 million emails.
Pennsylvania School District Hacked
Multiple students are being questioned after school district officials noticed unauthorized access to the student assistance site Naviance, a hack which appears to have been an attempt “to gain a competitive edge in a high-stakes water gun fight.” Access to the site would have also given them access to other student’s personal data, though no financial or social security information is stored on the site. District officials determined the security practices for the site lacking but have not currently released plans for improvement.
The post Cyber News Rundown: MedusaLocker Ransomware appeared first on Webroot Blog.