Tag Archive for: Controls

Hackers Update Vultur Banking Malware With Remote Controls

/in


Cybercrime
,
Fraud Management & Cybercrime
,
Governance & Risk Management

Attackers Can Now Download, Alter and Delete Files – Plus Click, Scroll and Swipe

Prajeet Nair (@prajeetspeaks) •
April 2, 2024    

Hackers Update Vultur Banking Malware With Remote Controls
Image: Shutterstock

Threat actors are tricking banking customers with SMS texts into downloading new and improved banking malware named Vultur that interacts with infected devices and alters files.

See Also: Combating Cyber Fraud: Best Practices for Increasing Visibility and Automating Threat Response

First documented in March 2021 by Threat Fabric, Vultur garnered attention for its misuse of legitimate applications such as AlphaVNC and ngrok, enabling remote access to the VNC server on targeted devices. Vultur also automated screen recording and keylogging for harvesting credentials.

The latest iteration of this Android banking malware boasts a broader range of capabilities and enables attackers to assume control of infected devices, hinder application execution, display customized notifications, circumvent lock-screen protections and conduct various file-related operations such as downloading, uploading, installing, searching and deleting.

The new functionalities primarily focus on remote interaction with compromised devices, although Vultur still relies on AlphaVNC and ngrok for remote access, said NCC Group security researchers in a report on Thursday.

Vultur’s creators also…

Source…

Johnson Controls Ransomware Cleanup Costs Top $27M & Counting

/in


Johnson Controls International (JCI) spent $27 million remediating a September 2023 ransomware attack on its systems — an attack that government officials warned at the time could threaten physical security.

According to a filing with the US Securities & Exchange Commission (SEC) this week, the building automation, HVAC, and fire protection giant uncovered the attack the weekend of Sept. 23, after receiving reports of system outages. It was a ransomware hit that locked up internal IT infrastructure and allowed assailants to exfiltrate company data.

The filing didn’t mention which gang JCI determined to be behind the cyberattack, but at the time researchers attributed it to Dark Angels using a custom VMware ESXi encryptor.

“The company implemented its incident management and response plan and business continuity plans, including implementing remediation measures to mitigate the impact of the incident and restore affected systems and functions,” JCI noted in the SEC filing, adding that the $27 million price tag for the effort takes into account cyber insurance payouts, and includes the cost of retaining outside cybersecurity specialists.

The filing noted that the investigation and remediation efforts remain ongoing, “including the analysis of data accessed, exfiltrated or otherwise impacted during the cybersecurity incident,” and expects to spend more on the recovery as a result.

Contrary to fears floated by the Department of Homeland Security after the attack, JCI also said that there is “no evidence of any impact to its digital products, services, and solutions including OpenBlue and Metasys,” referring to its smart-building and AI-enabled lines of business, which are often deployed in industrial settings and bring operational technology (OT) together with IT systems.

Source…

Top Five Security Controls SMEs Must Have In Place In 2024

/in


Chief technology officer of Corvus Insurance.

We released our Q3 Global Ransomware Report in October 2023, which showed that 2023 has been a record-breaking year for ransomware events, with an 11.2% increase over Q2 and a 95.4% increase year-over-year. With the increasing risk of threats from ransomware along with business email compromise (BEC), hacking and social engineering, this article focuses on pragmatic ways small and medium-sized enterprises (SMEs) can secure their companies and systems.

Many Solutions, Few Resources

Tackling the complex and technical world of security controls is hard for any SME leader or IT person (who is often a team of one). You’re bombarded with “helpful” salespeople trying to sell you expensive solutions to problems you don’t fully understand. Worse, there are so many things you’re told you must do and that if you miss one of the steps, your organization may be left vulnerable.

Where Do I Start?

The NIST Cybersecurity Framework is a good starting point for organizations of any size looking to commence or improve their cybersecurity program, and solution partners frequently mention it as they map control actions back to the framework.

A key part of this is implementing security controls to mitigate the risks. To help prioritize the most critical security controls, security standards have emerged. Some of the most impactful are the Center for Internet Security’s (CIS) Critical Security Controls.

However, even these can be quite daunting for an SME, and certainly, not all security controls are created equal. Let’s dive into some of the most critical controls based on an analysis of tens of thousands of insurance claims data as well as threat intelligence insights from compromised assets and data breach notifications.

Five Security Controls To Have In Place In 2024

Knowing Your Assets

Today, almost every small business has a multitude of digital assets with the adoption of the Internet of Things (IoT), cloud SaaS services and bring-your-own-device policies (BYOD). Understanding what you’re trying to protect and its criticality to your business function is the foundation for any vulnerability management, configuration management or…

Source…

Johnson Controls Suffers Ransomware Attack

/in


Cybercrime
,
Fraud Management & Cybercrime
,
Incident & Breach Response

Also, New Malware Targets New Bitwarden Users

Anviksha More (AnvikshaMore) •
September 28, 2023    

Breach Roundup: Johnson Controls Suffers Ransomware Attack
Image: Shutterstock

Every week, Information Security Media Group rounds up cybersecurity incidents and breaches around the world. This week: Johnson Controls suffers a ransomware attack, the Philippine state health insurance program struggles to recover from a ransomware and Air Canada reports a cyberattack. Also: an APT group uses the American Red Cross as bait, new malware targets would-be users of Bitwarden, and the U.S. Department of Homeland Security kicked off a conference for Latin American cybersecurity.

See Also: Live Webinar | Cyber Resilience: Recovering from a Ransomware Attack


Johnson Controls Suffers Ransomware Attack

Global smart building and security systems maker Johnson Controls faces a major cybersecurity incident, it disclosed in a regulatory filing. “The incident has caused, and is expected to continue to cause, disruption to parts of the Company’s business operations,” it told the U.S. Securities and Exchange Commission.

Bleeping Computer reports the incident appears to be a ransomware attack from a recently-formed criminal group calling itself “Dark Angels.” The group is demanding $51 million, the outlet says.

The attack affects subsidiary brands, affecting operations. Some systems are offline, and the company is working to mitigate risks. Johnson Controls subsidiaries such Simplex and Ruskin, have displayed technical outage messages on their websites. “We are…

Source…