Tag Archive for: Infiltrates

Cheap, independently produced ‘Junk Gun’ ransomware infiltrates dark web: Sophos

/in


Sophos, a global leader of innovative security solutions that defeat cyberattacks, recently released a new report titled, “‘Junk Gun’ Ransomware: Peashooters Can Still Pack a Punch,” which offers new insights into an emergent threat in the ransomware landscape.

Since June 2023, Sophos X-Ops has discovered 19 ‘junk gun’ ransomware variants—cheap, independently produced and crudely constructed ransomware variants—on the dark web, reads a press release.

The developers of these junk gun variants are attempting to disrupt the traditional affiliate-based ransomware-as-a-service (RaaS) model that has dominated the ransomware racket for nearly a decade.


The Business Standard Google News
Keep updated, follow The Business Standard’s Google news channel

Instead of selling or buying ransomware to or as an affiliate, attackers are creating and selling unsophisticated ransomware variants for a one-time cost—which other attackers sometimes see as an opportunity to target small and medium-sized businesses (SMBs), and even individuals.

As noted in the Sophos report, the median price for these junk-gun ransomware variants on the dark web was $375, significantly cheaper than some kits for RaaS affiliates, which can cost more than $1,000. The report indicates that cyber attackers have deployed four of these variants in attacks. While the capabilities of junk-gun ransomware vary widely, their biggest selling points are that the ransomware requires little or no supporting infrastructure to operate, and the users aren’t obligated to share their profits with the creators.

Junk gun ransomware discussions are taking place primarily on English-speaking dark web forums aimed at lower-tier criminals, rather than well-established Russian-speaking forums frequented by prominent attacker groups. These new variants offer an attractive way for newer cybercriminals to get started in the ransomware world, and, alongside the advertisements for these cheap ransomware variants, are numerous posts requesting advice and tutorials on how to get started.

To learn more about junk gun ransomware and the latest change in the ransomware ecosystem, read “Junk Gun Ransomware: Peashooters Can Still Pack a Punch” on Sophos.com.

Source…

Malware Infiltrates 500 eCommerce Sites

/in


An estimated 500 eCommerce websites were infiltrated by MageCart attackers, who seemingly installed credit digital card skimmers to lift users’ personal data, including card numbers, email addresses, phone numbers and more.

MageCart is a blanket term to define rival cyber gangs that troll eCommerce sites with the sole purpose of slipping skimmers into unsuspecting sites, which then triggers malicious code, according to Sansec, an eCommerce malware and vulnerability detection firm.

Once the skimmer is in place, visitors entering payment information for a purchase unknowingly send a code that relays the data to the attacker-controlled servers.

See also: Managing Remote FinTech Risk: In Digital Payments We Trust, But Verify Continuously

Sansec discovered the latest slew of infiltrations and said the jeopardized sites had used malicious scripts hosted at the domain naturalfreshmall.com.

“The Natural Fresh skimmer shows a fake payment popup, defeating the security of a (PCI compliant) hosted payment form,” Sansec tweeted, adding that all payments were being directed to a naturalfreshmall payment domain.

Read more: Credit Card Skimmer Leads to Costco Data Breach

The hackers made changes to the existing files and/or inserted different files that offered “no fewer than 19 backdoors that the hackers could use to retain control over the sites in the event the malicious script was detected and removed and the vulnerable software was updated,” according to Sansec.

“It is essential to eliminate each and every one of them because leaving one in place means that your system will be hit again next week,” per a Sansec article.

The files that were infiltrated were entirely malicious, or part of the Magento code “but had malicious code added to them.”

Sansec said regardless of the method, they recommend eCommerce sites run a malware scanner to ensure all skimmers are discovered.

You may also enjoy: Ransomware Reaches Beyond Money With More…

Source…

State-Sponsored DNS Hijacking Infiltrates 40 Firms Globally – Threatpost

/in
  1. State-Sponsored DNS Hijacking Infiltrates 40 Firms Globally  Threatpost
  2. A new state-backed hacker group is hijacking government domains at a phenomenal pace  TechCrunch
  3. The wave of domain hijackings besetting the Internet is worse than we thought  Ars Technica
  4. Cisco Talos details exceptionally dangerous DNS hijacking attack  Network World
  5. Nation-State Hacker Group Hijacking DNS to Redirect …  Dark Reading
  6. View full coverage on read more

“HTTPS hijacking” – read more

SonicSpy spyware infiltrates Android’s Google Play – TheUSBport

/in

TheUSBport

SonicSpy spyware infiltrates Android's Google Play
TheUSBport
Concretely, three messaging applications have made it to the official Android store: Soniac, Hulk Messenger, and Troy Chat. Since the cyber security firm reported their discoveries to Google late last week, the apps have been removed from the platform.
SonicSpy: Over a thousand spyware apps discovered, some in Google Play – Lookout Blog – Lookout SecurityLookout Blog – Lookout Security

all 28 news articles »

android security – read more