Security researchers at Cybereason are warning of a new mobile banking trojan that steals details from financial apps and intercepts SMS messages to bypass two-factor authentication mechanisms. According to experts who have examined the code of the malware, known as EventBot, it differs substantially from previously known Android malware – suggesting that it might be written by a new group of cybercriminals.
Maze is a particularly sophisticated strain of Windows ransomware that has hit companies and organizations around the world and demanded that a cryptocurrency payment be made in exchange for the safe recovery of encrypted data.
Ransomware is a serious threat to institutions of all kinds, resulting in mounting costs for organizations that must literally pay ransom to regain access to their essential systems. A ransomware attack takes place when a cybercriminal denies an organization access to the data it needs to conduct business, usually by encrypting the data with a secret key. The attacker then offers to reveal the encryption key in exchange for a payment. The payment can vary in amount or kind.
Fear, uncertainty, and doubt are powerful emotions, and time and again, hackers attempt to leverage these for their own gain. As the coronavirus develops into a worldwide pandemic, hackers are taking advantage of the fear many of us feel to spread malware. We’re seeing an abundance of coronavirus-themed phishing, business email compromise (BEC), malware, and ransomware attacks targeting different industries, especially in the health sector.
AT&T Alien Labs® Open Threat Exchange® (OTX) recently created a pulse for a new threat entitled the RIG Exploit Kit which had been observed distributing ransomware to victim companies across a variety of industry verticals. This exploit was discovered by BroadAnalysis who outlined the exploit’s intricacies in a whitepaper that was released December 2, 2019.
At the beginning of March 2020, Fifth Domain reported that Colorado-based aerospace, automotive and industrial parts manufacturer Visser Precision LLC had suffered a DoppelPaymer ransomware infection. Those behind this attack ultimately published information stolen from some of Visser’s customers. Those organizations included defense contractors Lockheed Martin, General Dynamics, Boeing and SpaceX.
In 2019 multiple cities, hospitals and educational institutions in the U.S. were crippled by ransomware, including Baltimore, Atlanta, New York City, Regis University in Denver and Monroe University in New York. In the the last 12 months, the infosec community has seen these ransomware operators seriously upping their game (see Ryuk ransomware).
Throughout 2019 CyberInt Research observed multiple events related to Konni, remote administration tool, observed in the wild since early 2014. The Konni malware family is potentially linked to APT37, a North-Korean cyber espionage group active since 2012. The group primary victims are South-Korean political organizations, as well as Japan, Vietnam, Russia, Nepal, China, India, Romania, Kuwait, and other parts of the Middle East.
The world is currently gripped by the spread of Covid-19, more commonly referred to as coronavirus, and unsurprisingly, cybercriminals are making the most of the situation and public uncertainty through phishing scams. There are many different examples of Covid-19 phishing scams in active circulation. Some purport to share the latest guidance, others encourage people to apply for a tax rebate, and yet more ask for donations towards medical efforts. Some even claim to provide a magical cure.
