Tag Archive for: infections

Researchers spot an increase in Jupyter infostealer infections

/in


Infections involving the Jupyter infostealer have increased over the last two weeks, in particular targeting organizations in the education and healthcare sectors, researchers said Monday.

VMware’s Carbon Black Threat Analysis Unit published a report on Monday highlighting a wave of new incidents involving the malware, which was first seen in late 2020. It allows hackers to steal credentials and exfiltrate data.

“New Jupyter Infostealer variants continue to evolve with simple yet impactful changes to the techniques used by the malware author. This improvement aims to avoid detection and establishes persistence, enabling the attacker to stealthily compromise victims,” the researchers said.

“This malware continues to be one of the top ten infections we’ve detected in our clients’ network primarily targeting the Education and Health sectors.” The report does not mention specific victims.

The malware has evolved to target the Chrome, Edge, and Firefox browsers while the hackers using it have also exploited search engines to get people to download malicious files with the malware attached, Carbon Black said.

In the most recent incidents, the researchers found the infostealer posing as legitimately signed files, using “a valid certificate to further evade detection” and allow initial access to a victim machine.

Common delivery methods for the malware include “malicious websites, drive-by downloads, and phishing emails,” as well as “malicious ads,” they said.

The researchers shared samples of infected files, including generalized how-to documents as well as more specific files. One example was a copy of the U.S. government’s budget for 2024.

In another instance, Carbon Black saw hackers exploiting a signed Autodesk Create Installer. Autodesk is a popular remote desktop application frequently exploited in past cyberattacks.

The report does not attribute Jupyter to a specific hacking group, but past research by other companies has suggested Russia as a point of origin.

Hackers are constantly evolving their efforts to deliver powerful infostealing malware. Last week, cybersecurity researchers at Bitdefender uncovered a campaign that saw hackers use Facebook ads…

Source…

Cabinet Office tight-lipped on number of government cyberattacks and malware infections

/in


A minister has declined to provide any data on the number of cyberattacks targeted at government or malware infections suffered by departments during the past year.

In recent parliamentary questions, Labour peer Lord Steve Bassam asked the Cabinet Office to provide information on “how many individual devices issued by government departments have been identified as containing malware”, as well as data on “how many successful, and unsuccessful, cyberattacks have been identified in each government department”. In each case, Bassam requested figures covering the prior 12 months.

In response, Baroness Lucy Neville-Rolfe – a minister of state at the Cabinet Office – declined to provide any numbers, indicating in each case that this is reflective of a policy that “the government does not comment on issues concerning national security”.

She added that the Government Security Strategy, published last year, will help public bodies ensure their resilience against both attempted and successful attacks.

“A key objective of the strategy covers how the government will minimise the impact of cybersecurity incidents,” she said. “Departments will need to prepare for incidents, be able to respond and contain when they inevitably do happen and learn the lessons from them after the event.”

The minister added: “The strategy outlines how departments must be able to minimise the impact when malware is found.”

Despite Neville-Rolfe’s comments, government bodies do provide some data on security incidents, with departments’ yearly accounts providing annual comparative information on the volume, nature, and impact of data breaches during the prior 12 months.

Ministers have also previously answered questions about topics such as the volume of government-owned devices lost or stolen each year.

Sam Trendall is editor of CSW’s sister title PublicTechnology, where this story first appeared

Source…

Over 5 lakh malware infections detected in local telco users

/in


A staggering 5,25,820 counts of malware infections have been identified amongst the users of the four telecom operators in the country, according to the Horizon Scanning Report for Bangladesh Telecom Operators prepared by the cyber threat intelligence researchers of Bangladesh e-Government CIRT (Computer Incident Response Team). These counts of malware infections have been accounted for during the first quarter of this year, i.e. from January 2022 to April 2022.

All four telecom operators in Bangladesh have a significant infection rate of numerous malware for network communications. The total malware infections amongst the users have been accounted for during the first quarter of this year, i.e. from January 2022 to April 2022 in the Horizon Scanning Report for Bangladesh Telecom Operators.

For all latest news, follow The Daily Star’s Google News channel.

Grameenphone, having the highest subscriber base with 83.02 million users, leads the way with 294,657 total malware counts and 47 unique counts of malware infections. The virus called ‘android.hummer’ has the highest infection rate of 24.4%.

Coming in second place is Robi Axiata, with 104,578 total malware counts, having 40 unique counts of malware infections. The ‘avalanche-andromeda’ virus has a 12.85% infection rate and leads the malware chart for the second-largest telecom operator in the country.

Meanwhile, Banglalink, having the third-highest subscriber base with 37.41 million users, has a total malware count of 98,423 with 31 unique cases of software infections. The infection rate is highest for the ‘android.hummer’ virus, as it has an infection rate of 21.64%.

Teletalk, the government-based telecom operator, has a total malware count of 28,162 with 31 unique malware infections. The ‘avalanche-andromeda’ virus has the highest count having an infection rate of 11.39%.

Unsurprisingly, all the operators have the highest number of infections in Dhaka, the capital city of Bangladesh.

According to a globally accessible knowledge base of hacking techniques based on real-world observations, developing and refining the necessary analytics is vital as it can aid in detecting evidence which can confirm the presence of…

Source…

Ransomware infections follow precursor malware – Lumu • The Register

/in


Ransomware is among the most feared of the myriad cyberthreats circulating today, putting critical data at risk and costing some enterprises tens of millions of dollars in damage and ransoms paid. However, ransomware doesn’t occur in a vacuum, according to security startup Lumu Technologies.

A ransomware infection is usually preceded by what Lumu founder and CEO Ricardo Villadiego calls “precursor malware,” essentially reconnaissance malicious code that has been around for a while and which lays the groundwork for the full ransomware campaign to come. Find and remediate that precursor malware and a company can ward off the ransomware attack is the theory.

“The moment you see your network – and by network, I mean the network defined the modern times, whatever you have on premises, whatever is out in the clouds, whatever you have with your remote users – when you see any assets from your network contacting an adversarial infrastructure, eliminate that contact because that puts you in your zone of maximum resistance to attacks,” Villadiego told The Register.

If a company detects their network is contacting what looks like the command-and-control servers of malware, such as Emotet, Phorpiex, SmokeLoader, Dridex and TrickBot, shutting down those contacts right away “is going to eliminate the catastrophic effect, which is the ransomware attack,” he said.

Lumu outlined the idea of the warning signs of an impending ransomware attack in a quick report – what the company calls a “flashcard” – this month. In it the startup outlines what it says is a vicious cycle of ransomware.

Citing statistics from cybersecurity consultancy CyberEdge, Lumu said that victims that pay the ransom are increasingly recovering their data, from 19.4 percent in 2018 to 71.6 percent last year. This has made companies more willing to pay the ransom – 38.7 percent in 2018, 57 percent now – despite recommendations and pleas from the…

Source…