Tag Archive for: malicious

Security News This Week: US Energy Firm Targeted With Malicious QR Codes in Mass Phishing Attack

/in


At the Defcon security conference in Las Vegas last weekend, thousands of hackers competed in a red-team challenge to find flaws in generative AI chat platforms and help better secure these emerging systems. Meanwhile, researchers presented findings across the conference, including new discoveries about strategies to bypass a recent addition to Apple’s macOS that is supposed to flag potentially malicious software on your computer. 

Kids are facing a massive online scam campaign that targets them with fake offers and promotions related to the popular video games Fortnite and Roblox. And the racket all traces back to one rogue digital marketing company. The social media platform X, formerly Twitter, has been filing lawsuits and pursuing a strategic legal offensive to oppose researchers who study hate speech and online harassment using data from the social network.

On Thursday, an innovation agency within the US Department of Health and Human Services announced plans to fund research into digital defenses for health care infrastructure. The goal is to rapidly develop new tools that can protect US medical systems against ransomware attacks and other threats.

But wait, there’s more! Each week, we round up the stories we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.

A large phishing campaign that’s been active since May has been targeting an array of companies with malicious QR codes in attempts to steal Microsoft account credentials. Notably, researchers from the security firm Cofense observed the attacks against “a major Energy company based in the US.” The campaign also targeted organizations in other industries, including finance, insurance, manufacturing, and tech. Malicious QR codes were used in nearly a third of the emails reviewed by researchers. QR codes have disadvantages in phishing, since victims need to be compelled to scan them for the attack to progress. But they make it more difficult for victims to evaluate the trustworthiness of the URL they’re clicking on, and it’s more likely that emails containing a QR code will reach their target, because it’s more difficult for spam filters to assess QR…

Source…

Watch out for this new malicious ransomware disguised as Windows updates

/in


Is that really a Windows update you are about to click on? Or ransomware in disguise? As first documented by Fortinet FortiGuard Labs and followed up by Trend Micro, new ransomware is currently on the rise and disguising itself as fake Windows updates and Word installers as part of a malvertising campaign. Also, multiple variants of this ransomware have been discovered.

Here’s what we know so far and what you can do to protect yourself.

CLICK TO GET KURT’S FREE CYBERGUY NEWSLETTER WITH SECURITY ALERTS, QUICK TIPS, TECH REVIEWS AND EASY HOW-TO’S TO MAKE YOU SMARTER

The ransomware, which is called Big Head, infects devices and encrypts the device’s files by displaying a fake Windows update alert on the victim’s computer. Three encrypted executable files are deployed in the attack – one for propagating the malware, one for facilitating communications via Telegram, and one for encrypting the files and displaying the fake Windows update.

If a person clicks on this fake Windows update alert, Big Head will begin its attack by deleting backups, checking the virtualized environment, disabling the computer’s Task Manager to prevent the user from deleting it, and more.

Trend Micro flow chart

The ransomware, which is called Big Head, infects devices and encrypts the device’s files by displaying a fake Windows update alert on the victim’s computer.

There have also been variants discovered of the Big Head ransomware that are capable of stealing web browser history, directory lists, running processes, product keys and network information. Most of the samples of this ransomware have been submitted from the U.S., France, Turkey and Spain.

READ ON THE FOX NEWS APP

RUSSIAN RANSOMWARE ATTACK SOFTWARE TARGETS APPLE MAC AND MACBOOK

Ransomware criminals will try to get you to pay money to them to get your files back. However, paying the ransom does not guarantee that you will regain access to anything a criminal takes from you and will only permit them to do it more.

Your best bet is to prevent an attacker from gaining access to your files altogether so that you don’t have to try to fight to get them back. Here are some of my tips for avoiding having your files stolen in a ransomware attack.

If you receive an…

Source…

Malicious Microsoft Office docs drop LokiBot malware

/in


It’s been a busy week for Microsoft. Lost in the crush of news about a Chinese APT attack and exploited zero-days fixed in Patch Tuesday, FortiGuard Labs observed several malicious Microsoft Office documents that, when executed, drop the LokiBot malware onto a victim’s system.

In a blog post July 12, FortiGuard Labs said the malicious Microsoft Office documents exploited known remote code execution vulnerabilities: CVE-2021-40444 (CVSS 7.8) and CVE-2022-30190 (CVSS 7.8). Patches have been available for both bugs for well over a year.

The researchers said LokiBot, also known as Loki PWS, has been a well-known information-stealing trojan active since 2015. LokiBot primarily targets Windows systems and aims to gather sensitive information from infected machines.

LokiBot exploits various vulnerabilities and employs Visual Basic for Applications (VBA) macros to launch attacks. It also leverages a Visual Basic injector to evade detection or analysis. Leveraging the injector, it can bypass certain security measures and pose a significant threat to users.

“Users should exercise caution when dealing with any Office documents or unknown files, especially those that contain links to external websites,” the researchers said. “It’s essential to be vigilant and avoid clicking on suspicious links or opening attachments from untrusted sources. Additionally, keeping the software and operating systems up-to-date with the latest security patches can help mitigate the risk of exploitation by malware.”

Andrew Barratt, vice president at Coalfire, said these are challenging known vulnerabilities that leverage the classic social engineering methods preying on end users — dropping an alluring attachment in the hopes that a misguided or under protected end user will open it.

Barratt said that fortunately Microsoft has been on top of the problem from a resolution-and-workaround perspective, so it’s imperative that we remind security teams to keep their endpoint protection products current. 

“As with any remote code execution vulnerability, it’s very important to consider them the highest threat,” said Barratt. “Teams that are concerned it may have slipped through should look through the…

Source…

Can Organizations Combat Malicious Password-Protected File Attacks?

/in


Password-protected files are an intelligent way in which attackers are working to evade enterprise security defenses and infect endpoints. 

Not long ago, phishing attacks were nearly always delivered via email. However, today’s threat actors are increasingly targeting other channels – be it SMS, social media direct messaging and even collaboration tools – to evade common anti-malware engines, content filters and signature-based detection tools.

Across these varied platforms, password-protected files remain a common attack vector. Here, malicious payloads are hidden within seemingly benign, safe, and accepted file formats. Because the files are encrypted, security tools can’t read and analyze them. When this is done using commonly used file extensions, organizations often allow malicious files to pass through security sandboxes or automated analysis tools.

As a result, password-protected files containing malware are all too often able to evade network or gateway security defenses and endpoint detection solutions, reaching the threat actor’s target destination. Once this has been achieved, individuals are exposed to increasingly sophisticated and convincing social engineering and spear phishing tactics used by attackers to trick their targets into clicking on attachments and entering the required password, leading to infection of the endpoint. 

To reiterate, this no longer happens exclusively over email. Indeed, threat actors are increasingly directing potential victims to web browsers and external storage applications, such as Dropbox and Google Drive, to the same effect. 

Three Malicious Password-Protect File Attacks

Password-protected files have resulted in widespread breaches and made headlines recently – one example stemming from the North Korean Lazarus group.

Here, threat actors delivered malicious Office documents hidden in ZIP files as they targeted Russian organizations. When its intended victims clicked on these ZIP files, they would find themselves presented with what looks like a legitimate and indeed safe Word document. 

However, this was used to launch macros and infect the target endpoint. Once this had been achieved, the…

Source…