Tag: world | SpinSafe

A sneaky new steganography malware is exploiting Microsoft Word — hundreds of firms around the world hit by attack

April 16, 2024/in Computer Security

Hackers have been observed using steganography to target hundreds of organizations in Latin America with infostealers, remote access trojans (RAT), and more.

The campaign, dubbed SteganoArmor, was discovered by researchers from Positive Technologies.

For those unfamiliar with steganography, it’s a technique of hiding data inside benign files. Hackers use it to hide malware in JPG and similar files, and thus bypass email security solutions.

Infostealers and other malware

As per the researchers, a threat actor dubbed TA558 sent out hundreds of phishing emails, through which they shared Microsoft Word and Excel files.

These files exploit a seven-year-old flaw tracked as CVE-2017-1182. To minimize the chances of the emails being picked up by email security solutions, they were sent from compromised SMTP servers.

If the victim runs the files, they will download a Visual Basic Script (VBS) from the legitimate “paste upon opening the file.ee” service. This script will download a JPG file holding a base-64 encoded payload. This payload will, ultimately, result in the download and installation of one of these malware variants:

AgentTesla, FormBook, Remcos, LokiBot, Guloader, Snake Keylogger, and XWorm. The majority of these are infostealers, with a few RATs and stage-two downloaders. While the attackers do seem to have cast a wide, global net, the majority of the victims are located in Latin America, the researchers added. So far, more than 320 attacks were discovered.

Defending against this attack is relatively easy. First, users should be wary of incoming emails, especially those carrying files and links, as that’s the usual modus operandi of cybercriminal groups. Also, they could patch their Office suite to prevent the malware from exploiting CVE-2017-1182. The patch for this vulnerability has been around for more than half a decade.

TA558 has been around for almost a decade, mostly targeting organizations in the hospitality and tourism industries.

Via BleepingComputer

More from TechRadar Pro

Source…

Moroccan Child Impresses International Companies With Cybersecurity Mastery – Morocco World News

February 9, 2024/in Internet Security

Moroccan Child Impresses International Companies With Cybersecurity Mastery Morocco World News

Source…

Ethical Hackers Hack into $1.323 Million Worth of Vulnerabilities at Automotive World

February 6, 2024/in Internet Security

VicOne, a leading provider of automotive cybersecurity solutions, hosted “Pwn2Own Automotive 2024”, its first ethical hacking event exclusively for the automotive sector, at Automotive World in Tokyo (January 24-26, 2024) to explore and address cybersecurity challenges in the automotive industry.

The event was dedicated to discovering and fixing digital security vulnerabilities of connected cars to protect the cybersecurity of vehicles. Specifically, 17 white hat hacker team and individuals from nine countries participated in a total of over 50 entries both remotely and on-site in four categories:

Tesla
In-Vehicle Infotainment (IVI)
EV Chargers
Operating System

The participants competed for cash and prizes worth US $1,323,750. A total of 49 unknown security vulnerabilities (zero-day vulnerabilities) were discovered by the participants over the three days. To win, participants had to take advantage of newly discovered vulnerabilities to attack target systems and devices and execute arbitrary instructions. The event was not only about prestige and competition between the best white hat hackers on the scene, but also about collaboration within the automotive industry and with external IT cybersecurity experts to make the entire industry safer.

VicOne’s parent company, global cybersecurity leader Trend Micro™, co-hosted the event through the Zero Day initiative™ (ZDI), the world’s largest vendor-agnostic bug bounty program. Electric vehicle manufacturer Tesla, as the main sponsor of the event, put its own products to the test including a modem, infotainment system, and Model Y vehicle. Individual hackers and hacking teams from countries including the USA, Vietnam, Japan, the UK, Hungary, the Netherlands, France, and Germany took part.

The winning team Synacktiv from France came away with a total profit of US $450,000, and now holds the title of “Master of Pwn.” With a total profit of US $177,500, the German fuzzware.io team took second place. The hackers from fuzzware.io targeted the Sony XAV-AX5500 and the Alpine Halo9 iLX-F509 in the In-Vehicle Infotainment (IVI) category, as well as the ChargePoint Home Flex, the Autel MaxiCharger AC Wallbox Commercial,…

Source…

Shadowy world of ransomware-for-hire revealed by online account activity linked to the Medibank hack | Medibank

January 28, 2024/in Internet Security

Who is the hacker being linked to the Medibank cyberattack?

The government has named 33-year-old Aleksandr Gennadievich Ermakov, a Russian citizen, IT worker and alleged cybercriminal, in new sanctions legislation in connection with the most damaging cyberattack on Australians in 2022.

When the UK, the US and Australia announced sanctions against him this week over the ransom attack, they released details of several aliases he operated under.

Experts have now pieced together the online history of the accounts said to be linked to Ermakov, revealing a broader picture of his alleged cybercrime activity in the years leading up to the Medibank attack.

Cybercrime-for-hire

The hack on Medibank resulted in the personal details of 9.7 million current and former customers – including 5.1 million Medibank customers, 2.8 million ahm customers and 1.8 million international customers – being published on the dark web.

Additionally, health claims for about 160,000 Medibank customers, 300,000 ahm customers and 20,000 international customers were accessed. The information included service provider names and codes associated with diagnosis and procedures.

While the Optus hack drew the bulk of media attention in 2022, the Medibank was much worse in terms of the kind and scale of data exposed.

It’s unclear from government information what exactly Ermakov’s alleged role was, but experts suggest he may be one of a group of attackers. When the Australian government published its sanction notice under its relatively new Magnitsky-type powers, it listed four usernames Ermakov was also known as: GustaveDore, aiiis_ermak, blade_runner and JimJones.

Cybersecurity firm Intel471 pieced together the online history of the accounts, finding they had been active on cybercrime forums and in the cybercrime-for-hire economy, both as buyers and providers of ransomware.

Intel471 said that an account named JimJones advertised a malware development service on the Exploit forum in September 2020 and sought investors for ransomware development, claiming they would provide “ready-to-use” malware, with Jimjones taking 5% of ransoms paid. Although it is the same username it is not clear whether Ermakov himself was behind…

Source…

Tag Archive for: world

Cybercrime-for-hire