Tag Archive for: Lures

‘Nitrogen’ Ransomware Effort Lures IT Pros via Google, Bing Ads

/in


Hackers are planting fake advertisements — “malvertisements” — for popular IT tools on search engines, hoping to ensnare IT professionals and perform future ransomware attacks.

The scheme surrounds pay-per-click ads on sites like Google and Bing, which link to compromised WordPress sites and phishing pages mimicking download pages for software such as AnyDesk, Cisco AnyConnect, TreeSize Free, and WinSCP. Unsuspecting visitors end up downloading the actual software they intended, alongside a trojanized Python package containing initial access malware, which the attackers then use to drop further payloads.

Researchers from Sophos are calling the campaign “Nitrogen.” It has already touched several technology companies and nonprofits in North America. Though none of the known cases have yet been successful, the researchers noted that “hundreds of brands co-opted for malvertising of this sort across multiple campaigns in recent months.”

“The key thing here is that they’re targeting IT people,” says Christopher Budd, director of Sophos X-Ops. Skipping right to the people closest to an organization’s most sensitive systems, he says, “is actually a fairly efficient and effective way of targeting.”

Honeypots for IT Pros

Search engine surfers who click on a Nitrogen malvertisement will typically end up on a phishing page mimicking the actual download page for the software they’re attempting to download — for example, “winsccp[.]com,” with that extra “c” subtly added in.

In one case, instead of a mere phishing page, the researchers discovered a compromised WordPress site at mypondsoftware[.]com/cisco. The researchers noted that “all other links on the myponsdsoftware[.]com point to legitimate cisco.com Web pages, except for the download link for this particular installer,” which directs to a malicious phishing page.

Hitting “download” on any of these pages will download a trojanized ISO installer, which sideloads a malicious dynamic link library (DLL) file. The DLL file does, in fact, contain the user’s desired software, but also initial access malware.

From here, the malicious attack chain establishes a connection to attacker-controlled command and control (C2) infrastructure, and drops…

Source…

Malware increasingly spread via ChatGPT-themed lures – SC Media

/in



Malware increasingly spread via ChatGPT-themed lures  SC Media

Source…

The black hat hacker trap: Why unethical hacking lures young people

/in


Check out all the on-demand sessions from the Intelligent Security Summit here.

Hackers are often thought of as individuals who sow chaos for the organizations they target. However, some hackers put their abilities to good use to become ethical hackers, making up for the damage caused. Despite there being huge growth in ethical hacking and prosperous career opportunities in this area, black hat hacking continues to attract young people due to their fascination with risky online behavior and tech savviness.  

In 2017 the UK National Crime Agency commissioned a report that found the average age of a hacker was 17. Today, this is still true — consider recent incidents, such as when a 17-year-old led the charge on the Uber and Rockstar attacks.

What separates black hat hackers from white hat hackers is intent. Black hat hackers use their technical capabilities to maliciously compromise businesses’ data, while white hat hackers support organizations in finding weak points in their systems. But, at the end of the day, both use the same methods.

>>Don’t miss our special issue: The CIO agenda: The 2023 roadmap for IT leaders.<<

Event

Intelligent Security Summit On-Demand

Learn the critical role of AI & ML in cybersecurity and industry specific case studies. Watch on-demand sessions today.


Watch Here

Even though there is a thin line between what ethical and unethical hackers do, young people can easily become more interested in attacking organizations due to peer pressure, or to seek social acceptance. This leaves many considering the attraction of unethical hacking and what organizations and communities can do to put young people’s talents to good use.

A slippery slope into a life of cybercrime

The love for coding and hacking often has humble beginnings. Starting out, young people may innocently taunt friends and siblings by hacking into their personal computers. Once hooked, young people begin to unearth more and more forums that outline organizations’ weak points and access tools, making hacking…

Source…

Investigating NATO-Themed Phishing Lures With EclecticIQ Intelligence Center and Endpoint Response Tool

/in


tool-stix-icon

Synopsis

With cyberattacks such a common occurrence, analysts must be able to stay ahead of the curve by investigating files and indicators of compromise quickly and efficiently. The EclecticIQ Intelligence Center (IC) is the perfect tool to facilitate investigations like these. This post will describe how EclecticIQ’s Intelligence & Research analysts used the IC to investigate the potential maliciousness of files leveraging NATO-themed phishing lures, and how they operationalized this intelligence by feeding it into the EclecticIQ Endpoint Response (ER) security tool.

The Need for Targeted Collection: The Benelux Region’s Unique Concerns About Cyber Threats

If past attacks are any indicator of future risk, Belgium, the Netherlands, and Luxembourg (collectively Benelux) region of Europe is an attractive target for cyber threat actors. A review of past cyberattacks targeting Benelux shows that the number of attacks targeting this region has grown in a way that is typical for what one might expect in a relatively connected, business-intense region. (1, 2) It is difficult to know the exact number of cyberattacks since many go unreported, but based on those that are reported, analysts note a few patterns. Most Belgium, Luxembourg, and The Netherlands-focused cyberattacks remain localized; they are severe enough to make news and to be disruptive by reducing or suspending services, but generally, the damage from attacks is contained. Often, individuals or assets in the region may be caught up in wide-reaching software vulnerabilities or supply chain issues, simply because they are part of an international network of users. Judging from news and press, cyberattacks were also typical in that they appear opportunistic with attackers pursuing any vulnerable target they find, regardless of industry; schools and universities, businesses, and government entities have been victimized in recent years. (3, 4, 5, 6, 7, 8, 9)

DevOps Experience 2022

Defining Initial Collection Requirements: Identify and Sample Benelux-Based Potential Targets

To dig deeper into the Benelux cyber threat landscape, analysts developed a list of possible high-profile targets in those three countries; the list included government and…

Source…