Tag: Threat Intelligence

Magecart claims another victim in Newegg merchant data theft

Earlier this week researchers confirmed a massive payment card skimming scheme operated by Magecart which compromised the online store of broadcaster ABS-CBN; now, the cyberthreat group has claimed a fresh victim in Newegg.

Researchers from RiskIQ, together with Volexity, revealed that California-based retailer Newegg is the latest well-known merchant to succumb to the threat actors. The security firm said in a blog post that a payment skimming scheme has been in operation since August 13.

Read more about the recent activities of hacking group Magecart on ZDNet.

FBI: Phishing Attacks Aim to Swap Payroll Information

The FBI’s Internet Crime Complaint Center (IC3) reports a wave of social engineering attacks aiming to steal employees’ login credentials so they can break into online payroll accounts.

Attackers send their targets phishing emails designed to capture login credentials, the IC3 states. They use these to access employees’ payroll, change their bank account data, and add rules so the victim doesn’t receive alerts regarding direct deposit changes. From that point, money is redirected to an account controlled by the attacker; usually a prepaid card.

Read more about the new wave of social engineering scams on DarkReading.

New Xbash Malware a Cocktail of Malicious Functions

Adding to the rapidly growing list of multi-functional malware, a particularly nasty – and unique — data-destroying malware tool has been discovered that combines botnet, coin mining, ransomware, and self-propagation capabilities. The malware, dubbed Xbash, contains capabilities that when fully implemented, can help it spread very quickly inside an organization’s network.

Palo Alto Network researchers say their analysis shows the malware is being used to target Linux servers for their ransomware and botnet capabilities, and Windows servers for coin mining and self-propagation purposes.

Read more about the newly discovered Xbash malware on DarkReading.

This new UK phishing attack uses an old trick to steal passwords and credit card details

A new phishing campaign in the UK is using an old trick in an effort to steal login credentials, payment details and other sensitive information from victims by claiming to offer them a tax refund which can only be claimed online. The message claims to be the UK government’s tax office, HMRC, and tells potential victims that they’re due a tax refund of £542.94 “directly” onto their credit card.

In an attempt to pressure targets into falling for the scheme, they’re told that the link to the “customer” portal” expires on the day the message is received.

Read more about the new phishing campaign on ZDNet.

What is a botnet? And why they aren’t going away anytime soon

Botnets act as a force multiplier for individual attackers, cyber-criminal groups and nation-states looking to disrupt or break into their targets’ systems. By definition, they are a collection of any type of internet-connected device that an attacker has compromised. Commonly used in distributed denial of service (DDoS) attacks, botnets can also send large volumes of spam, steal credentials at scale, or spy on people and organizations.

Malicious actors build botnets by infecting connected devices with malware and then managing them using a command and control server. Once an attacker has compromised a device on a specific network, all the vulnerable devices on that network are at risk of being infected.

Read more about botnets and why they are a persistent threat, on CSO.

DeepLocker: When malware turns artificial intelligence into a weapon

Cybersecurity has become a race between white hats and threat actors. Artificial intelligence (AI) has been touted as a potential solution which could learn to detect suspicious behavior and stop cyberattackers in their tracks. However, the same technology can also be used by threat actors to augment their own attack methods.

According to IBM, the “AI era” could result in weaponized artificial intelligence. In order to study how AI could one day become a new tool in the arsenal of threat actors, IBM Research has developed an attack tool dubbed DeepLocker that is powered by artificial intelligence.

Read more about DeepLocker and learn how AI can be weaponized on ZDNet.

What is malware? Viruses, worms, trojans, and beyond

Malware—a blanket term for viruses, worms, trojans, and other harmful computer programs—has been with us since the early days of computing. But malware is constantly evolving and hackers use it to wreak destruction and gain access to sensitive information; fighting malware takes up much of the day-to-day work of infosec professionals.

Malware is short for malicious software, and, as Microsoft puts it, “is a catch-all term to refer to any software designed to cause damage to a single computer, server, or computer network.” In other words, software is identified as malware based on its intended use, rather than a particular technique or technology used to build it.

Read more about what malware is and how you can prevent, detect and remove it, on CSO.

What are phishing kits? Web components of phishing attacks explained

Phishing is a social attack, directly related to social engineering (which takes advantage of human traits like curiosity and compasion and a desire to help).  Commonly centered around email, criminals use phishing to obtain access or information. A phishing attack with a directed focus is called spear phishing.

Phishing attacks can trick users to clicking on a link to a site with malicious code or downloading code directly. Or they can trick users into revealing confidential information.

If a criminal wants to target a group or person within a company, they will use spear phishing to make the email look and feel legitimate. A phishing kit is the web component, or the back-end to a phishing attack. It’s the final step in most cases, where the criminal has replicated a known brand or organization. The kit helps the bad guys mirror legitimate websites, like the one from your bank.

Read more about phishing kits and how they work on CSO.

And to help protect yourself from this threat inform your strategy with insights from our Strategy Page.

Mirai, Gafgyt Botnets Return to Target Infamous Apache Struts, SonicWall Flaws

Researchers have discovered new variants for the infamous Mirai and Gafgyt IoT botnets. The new Mirai strain targets the Apache Struts flaw associated with the 2017 Equifax breach, while the Gafgyt variant uses a newly-disclosed glitch impacting older, unsupported versions of SonicWall’s Global Management System, according to researchers with Palo Alto Networks.

Researchers said that they discovered samples of a Mirai variant on Sept. 7 incorporating exploits that targeted 16 separate vulnerabilities, including the Apache Struts vulnerability.

Read more about the new Mirai and Gafgyt variants on Threatpost.

New ‘Fallout’ EK Brings Return of Old Ransomware

There’s a new malware carrier in town, and it’s bringing an old piece of ransomware with it in an initial campaign, though researchers warn that there’s no reason that the new exploit kit (which was named “Fallout” by the researchers who found it) could not deliver multiple malware packages.

The Japanese security researchers, nao_sec, found the initial instance of the software they dubbed the Fallout Exploit Kit because of its similarity to the previously known Nuclear Pack Exploit Kit. The exploit kit, which nao-sec saysuses CVE-2018-4878 and CVE-2018-8174, using first VBScript, then Flash vulnerabilities to infect the victim.

Read more about thew Fallout exploit kit on DarkReading.