Tag Archive for: families

58 percent of malware families sold as a service are ransomware

/in


58 percent of malware families sold as a service are ransomware.jpg

The Kaspersky Digital Footprint Intelligence team presented a new study that reveals ransomware as the most widespread Malware-as-a-Service (MaaS) over the past seven years. The study is based on research conducted on 97 malware families been distributed on the dark web and other resources. Additionally, the researchers found that cybercriminals often lease infostealers, botnets, loaders, and backdoors to carry out their attacks.

Malware-as-a-Service (MaaS) is an illicit model of business involving the leasing of software to carry out cyberattacks*.* Typically, clients of such services are offered a personal account through which they can control the attack, as well as technical support. It lowers the initial threshold of expertise needed by would-be cybercriminals. 

Ransomware to be the most popular Malware-as-a-Service 

Kaspersky’s experts examined various malware families’ sale volumes, as well as mentions, discussions, posts, and search ads on the darknet and other resources regarding MaaS to identify the most popular types. The leader turned out to be ransomware, or malicious software that encrypts data and demands to payment for decryption. It accounted for 58 percent of all families distributed under the MaaS model between 2015 and 2022. The popularity of ransomware can be attributed to its ability to generate higher profits in a shorter space of time than other types of malware.

Cybercriminals can “subscribe” to Ransomware-as-a-service (RaaS) for free. Once they become partners in the program, they pay for the service after the attack happens. The payment amount is determined by a percentage of the ransom paid by the victim, typically ranging from 10 percent to 40 percent of each transaction. However, entering the program is no simple task, as it entails meeting rigorous requirements.

Infostealers accounted for 24 percent of malware families distributed as a service over the analyzed period. These are malicious programs designed to steal data such as credentials, passwords, banking cards and accounts, browser history, crypto wallets data, and more. 

Infostealer services are paid through a subscription model. They are priced between 100 and 300 U.S. dollars per…

Source…

Emerging information-stealing malware families examined

/in


Information-stealing operations unveiled over the past 12 months have been gaining traction amid the continued dominance of the Raccoon, RedLine, and Vidar info stealers, according to BleepingComputer.

Included among the emergent info stealers is Titan, a Go-based stealer with the capability to exfiltrate data from 20 different web browsers, which has amassed more than 600 subscribers on its Telegram channel since its initial appearance in November, a KELA report showed. Operators of Titan have also been continuously updating the stealer, with the latest version released in March and an upcoming version teased the following month.

On the other hand, more than 70 browsers, two-factor authentication extensions, and cryptocurrency wallets are being targeted by the LummaC2 stealer, which has been sold via RussianMarket in February after being rebooted on Telegram in January.

More threat actors have also been using the Stealc stealer that features automated exfiltration for 75 plugins, 25 desktop wallets, and 22 web browsers, while the WhiteSnake stealer for Windows and Linux systems has gained more than 750 Telegram subscribers. Such stealers have been gaining traction due to competitive pricing, ensuring the continued popularity of malware-as-a-service operations, said KELA researchers.

Source…

Data Tracking Concerns Parents Most In U.S., Families Spend Most Time Online: Study 01/20/2023

/in


Data tracking and the role that big tech companies play online has become one of the most concerning issues for parents in the U.S. — at 24% — yet is one of the least concerning for parents in
the U.K. at 6%, according to data released Thursday.

The issue centers …

Source…

New threat groups and malware families emerging

/in


Mandiant announced the findings of an annual report that provides timely data and insights based on frontline investigations and remediations of high-impact cyber attacks worldwide. The 2022 report––which tracks investigation metrics between October 1, 2020 and December 31, 2021—reveals that while significant progress has been made in threat detection and response, adversaries are still innovating and adapting to achieve their mission in targeted environments.

adversaries innovating and adapting

Global median dwell time drops to three weeks

According to the report, the global median dwell time––which is calculated as the median number of days an attacker is present in a target’s environment before being detected––decreased from 24 days in 2020 to 21 days in 2021. Digging deeper, the report notes that the APAC region saw the biggest decline in median dwell time, dropping to just 21 days in 2021 compared to 76 days in 2020. Median dwell time also fell in EMEA, down to 48 days in 2021 compared to 66 days the year before. In the Americas, median dwell time stayed steady at 17 days.

When comparing how threats were detected across different regions, the report found that in EMEA and APAC, the majority of intrusions in 2021 were identified by external third parties (62% and 76%, respectively), a reversal of what was observed in 2020. In the Americas, the detection by source remained constant with most intrusions detected internally by organizations themselves (60%).

Organizations’ improved threat visibility and response as well as the pervasiveness of ransomware––which has a significantly lower median dwell time than non-ransomware intrusions––are likely driving factors behind reduced median dwell time, per the report.

New threats emerge as China ramps up espionage activity

Mandiant began tracking 733 new malware families, of which 86% were not publicly available, continuing the trend of availability of new malware families being restricted or likely privately developed, according to the report.

The report also notes a realignment and retooling of China cyber espionage operations to align with the implementation of China’s 14th Five-Year Plan in 2021. The report warns that the…

Source…