Tag: Attack | Page 3

A sneaky new steganography malware is exploiting Microsoft Word — hundreds of firms around the world hit by attack

April 16, 2024/in Computer Security

Hackers have been observed using steganography to target hundreds of organizations in Latin America with infostealers, remote access trojans (RAT), and more.

The campaign, dubbed SteganoArmor, was discovered by researchers from Positive Technologies.

For those unfamiliar with steganography, it’s a technique of hiding data inside benign files. Hackers use it to hide malware in JPG and similar files, and thus bypass email security solutions.

Infostealers and other malware

As per the researchers, a threat actor dubbed TA558 sent out hundreds of phishing emails, through which they shared Microsoft Word and Excel files.

These files exploit a seven-year-old flaw tracked as CVE-2017-1182. To minimize the chances of the emails being picked up by email security solutions, they were sent from compromised SMTP servers.

If the victim runs the files, they will download a Visual Basic Script (VBS) from the legitimate “paste upon opening the file.ee” service. This script will download a JPG file holding a base-64 encoded payload. This payload will, ultimately, result in the download and installation of one of these malware variants:

AgentTesla, FormBook, Remcos, LokiBot, Guloader, Snake Keylogger, and XWorm. The majority of these are infostealers, with a few RATs and stage-two downloaders. While the attackers do seem to have cast a wide, global net, the majority of the victims are located in Latin America, the researchers added. So far, more than 320 attacks were discovered.

Defending against this attack is relatively easy. First, users should be wary of incoming emails, especially those carrying files and links, as that’s the usual modus operandi of cybercriminal groups. Also, they could patch their Office suite to prevent the malware from exploiting CVE-2017-1182. The patch for this vulnerability has been around for more than half a decade.

TA558 has been around for almost a decade, mostly targeting organizations in the hospitality and tourism industries.

Via BleepingComputer

More from TechRadar Pro

Source…

How a ransomware attack would disrupt the food supply chain

April 16, 2024/in Internet Security

Massive financial gains continue to be one of the top motivating factors behind cyberattacks.

The Information Technology – Information Sharing and Analysis Center (IT-ISAC) has been tracking ransomware incidents and trends since 2021.

Despite government and law enforcement efforts to take down malicious infrastructure, new ransomware strains continue to emerge.

The company just released its analysis of the 2023 ransomware landscape report and insights for 2024.

Jonathan Braley, Director of the Food and Ag-ISAC joins Veronica Dudo to discuss. #IN AMERICA TODAY #featured #ransomware #ransomwareattacks #foodsupplychain

Source…

Ransomware attack hits top chipmaker Nexperia, huge hoard of data set to be leaked

April 16, 2024/in Internet Security

Top chipmaker Nexperia suffered a ransomware attack last month which saw threat actors get away with a terabyte of sensitive corporate data.

“Nexperia has become aware that an unauthorized third party accessed certain Nexperia IT servers in March 2024,” the company said in a statement shared with BleepingComputer. “We promptly took action and disconnected the affected systems from the internet to contain the incident and implemented extensive mitigation.”

The company later brought in third-party security experts to determine the nature and the scope of the incident, and took “strong measures” to terminate the unauthorized access.

Dark Angels

In the meantime, a threat actor calling itself Dunghill Leak assumed responsibility for the attack, claiming they were in possession of a terabyte of confidential data. To prove its claims, the group shared a sample, which included microscope scans of electronic components, employee passports, non-disclosure agreements, and other information.

The group is now demanding an unknown ransom payment, and if Nexperia declines, they will allegedly leak:

371 GB of design and product data, including QC, NDAs, trade secrets, technical specifications, confidential schematics, and production instructions.
246 GB of engineering data, including internal studies and manufacturing technologies.
96 GB of commercial and marketing data, including pricing and marketing analysis.
41.5 GB of corporate data, including HR, employee personal details, passports, NDAs, etc.
109 GB of client and user data, including brands such as SpaceX, IBM, Apple, and Huawei.
121.1 GB of various files and miscellaneous data, including email storage files.

Nexperia is a subsidiary of Wingtech Technology, a major Chinese chipmaker that operates plants in Germany and the UK. It builds transistors, diodes, MOSFETs, and logic divides, it was said. Its annual revenue exceeds $2 billion.

In its writeup, BleepingComputer claims the Dunghill Leak site is linked to the Dark Angels ransomware group.

More from TechRadar Pro

Source…

Ransomware Attack on Brewery Shows Cybersecurity Risks

April 15, 2024/in Internet Security

The recent ransomware attack against the Duvel Moortgat Brewery demonstrated the very real risk that cybersecurity incidents pose to the alcohol industry, reportedly halting operations for several days at four of Duvel Moortgat’s facilities in Europe and the United States. This attack comes after other major alcohol producers experienced disruptive ransomware attacks in the last several years. Incidents like these can be devastating for a company’s business and reputation, and hackers’ strategies are constantly evolving to maximize their damage. But companies can be prepared with an information security program designed to prevent successful attacks and quickly respond if one occurs. Experienced partners such as McDermott are critical resources throughout this process, enabling companies to better update and fortify their security programs.

The Growing Threat of Attack

Hackers have extorted companies through ransomware attacks for decades, but hacker strategies have evolved to increase the risks to companies, often resulting in a larger ransom for the hacker. A “ransomware” attack traditionally refers to a strategy in which a hacker gains access to a victim’s computer system, encrypts the information on those systems and demands a ransom payment to unlock that information. Victims may try to avoid paying the ransom by restoring most of their systems from backups, but hackers have recently introduced additional strategies that can complicate that recovery. Today, hackers often try to steal the victim’s information before encrypting it on the victim’s system, so that they can sell or publish the information if the victim refuses to pay the ransom. Hackers also may try to “corrupt” backups so that the victim cannot effectively restore its system without the hacker’s assistance. One ransomware group, AlphV, says that it also reports its publicly traded victims to the US Securities and Exchange Commission if they don’t pay the ransom.

Determining whether to pay a ransom is a complicated decision, with either choice presenting notable risks. The ransom will likely be expensive and must be paid without any guarantee that the hacker will make good on its promises….

Source…

Tag Archive for: Attack

Massive financial gains continue to be one of the top motivating factors behind cyberattacks.