Tag Archive for: credit

Lockbit 3.0 Claims Credit for Ransomware Attack on Japanese Port

/in


After a ransomware attack shuttered operations at container terminals at the Port of Nagoya in Japan, the Lockbit 3.0 ransomware gang claimed responsibility and demanded the port pay up.

The attack on the port, which is responsible for 10% of the country’s cargo trade and is used by companies like Toyota Motor Corporation, was attacked on July 4, 2023, forcing the suspension of all container trailer operations, according to a notice from the Nagoya Harbor port authority.

The port authority said at the time it was working tirelessly to get the Nagoya Port Unified Terminal System (NUTS) back up and restart operations quickly. While authorities did not name perpetrator in the attack, Lockbit 3.0 eventually claimed credit.

“This incident at the Port of Nagoya highlights the serious vulnerabilities that critical infrastructure faces in the digital age,” said Craig Jones, vice president of security operations at Ontinue.

“Ransomware attacks are a growing concern for both private corporations and public entities, and this case underscores the potential for significant disruption to essential services and supply chains,” said Jones. “It’s clear that such attacks not only pose security risks but also can have considerable economic impacts.”

He added that since “the Port of Nagoya is Japan’s busiest port, handling approximately one-tenth of the country’s total trade volume, the effects of this disruption are likely to be far-reaching and could possibly ripple through the global economy.”

It could also have resounding and profound effects on a supply chain already marked by unprecedented disruption. “The impact may be especially significant considering the current global supply chain issues already exacerbated by the COVID-19 pandemic,” Jones said.

The security community is well-acquainted with Lockbit 3.0, the pro-Russian cybercriminal gang that said it was behind the attack on the port. “Lockbit 3.0, also known as Lockbit Black, represents a new era of ransomware sophistication. The Cybersecurity and Infrastructure Security Agency (CISA) previously warned about its modular and evasive nature, drawing similarities with other notorious ransomware variants such as…

Source…

Biden administration takes credit for warning hundreds of targets before ransomware attacks

/in


The federal government’s leading domestic cyber agency said Wednesday it has warned hundreds of entities about looming ransomware attacks before they occurred, which enabled people to prevent getting victimized.

Ransomware gangs have ripped through American computer networks during President Biden’s tenure, particularly affecting critical infrastructure targets including healthcare, gas pipelines and government systems.

The Cybersecurity and Infrastructure Security Agency is in the early stages of implementing new programs to warn people about cyberattacks inside networks and vulnerabilities in devices that are likely to be exploited.

CISA executive director Brandon Wales said Wednesday that his agency has leveraged relationships with cybersecurity companies to gather the information it uses to alert people that they are in hackers’ crosshairs before a cyberattack starts.

Source…

This macOS malware can steal your private data, passwords, and credit card info — what we know

/in


While macOS doesn’t have as big of a target on its back for hackers as Windows, it isn’t actually immune from malware and a new threat has emerged for modern Macs.

The aptly named MacStealer malware targets macOS laptops and desktops running macOS Catalina or above. That includes those running Intel, M1, or M2 chips. The goal is to steal a wide variety of data from you including iCloud Keychain data, credit card info, passwords, files, images, and more (via The Hacker News).

How does MacStealer work?

The Uptycs researchers that discovered the malware and covered it in their blog were unable to determine how it is being distributed, but it relies on a DMG (macOS installer file) called weed.dmg, which once triggered will open a password prompt that can then be used to gain access to your data. 

Fake password prompt created by MacStealer malware

(Image credit: Uptycs)

The malware was spotted in online hacking forums earlier this month and its authors intend to expand on its current features to add support for capturing data from the Safari browser and Apple Notes app. It is currently focused on Google Chrome, Mozilla Firefox, Brave browsers, Microsoft Office files, image files, PDFs, archives, and Python scripts. 

How to protect your Mac from MacStealer

Source…

167,000 stolen credit card numbers Exposed via PoS Malware

/in


Cybercriminals are increasingly targeting credit card payment terminals to steal sensitive information, reveals new research from Group-IB Botnet Monitoring Team.

The team’s head Nikolay Shelekhov and the company’s analyst, Said Khamchiev, shared details of how cybercriminals used a PoS (point-of-sale) malware to steal over 167,000 payment records from 212 compromised devices. Almost all of the affected users were based in the USA.

The campaign was discovered in April 2022, but researchers believe the campaign occurred between February 2021 and September 8, 2022.

Researchers blamed a poorly configured C2 server for PoS malware MajikPOS. The configuration allowed them to assess the server. They discovered that the server hosted a separate C2 administrative panel for a unique POS malware variant identified as Treasure Hunter (first detected in 2014). This malware also collects compromised card data.

For your information, MajikPOS and Treasure Hunter malware infect Windows POS terminals. For infecting a store, MajikPOS (first detected in 2017) scans the network for open or poorly secured RDP and VNC remote-desktop services. It then brute forces into the network or purchases access to the systems’ credentials.

Both malware can scan the devices and look to exploit the card when the device is reading card data. The malware then stores the information in plain text in memory. Moreover, Treasure Hunter can perform RAM scraping, which pores over the memory of all running processes on the register to locate freshly swiped magnetic stripe data from a shopper’s bank card. Conversely, MajikPOS can scan infected PCs for card details. The information is then sent over to the attacker’s C2 server.

During their month-long investigation, Group-IB assessed around 77,400 card dumps from MajikPOS and 90,000 from Treasure Hunter panels. Around 75,455 or 97% of MajikPOS compromised cards were issued by US banks, and the rest were from banks worldwide. Regarding Treasure Hunter, 96% or 86,411 cards were issued in the USA. They also detected eleven victim firms in the USA.

Further probe revealed that cybercriminals used two POS malware strains to steal details of…

Source…