Round Up of Major Breaches and Scams
Multiple members of QQAAZZ multinational cybercriminal gang were charged for providing money-laundering services to high-profile malware operations. 20 members of the multinational cybercriminal group QQAAZZ were charged this week in the US, Portugal, Spain, and the UK for providing money-laundering services. The arrests are the result of an unprecedented international law enforcement operation, coordinated by the Europol and dubbed Operation 2BaGoldMule, involving agencies from 16 countries.
Unidentified hackers attacked the servers of Noida-based Haldiram’s Snacks private limited with ransomware, stealing sensitive data and demanding a ransom of Rs 7.5 lakh to release the information. A case was registered at Noida Sector 58 police station on Wednesday. The incident occurred on the intervening night of July 12 and 13 when issues were reported with the company server which later turned out to be ransomware attacks.
Fraudsters encourage Bank customers to withdraw funds at a branch or ATM on their own and then transfer money to the account of the attackers. “There are cases when fraudsters, through psychological influence on the client, ask to transfer funds through an ATM and/or withdraw funds through the cashier, while providing fake documents from the Bank,” said Mikhail Ivanov, Director of the Information Security Department of RosBank.
Google delivered over 33,000 alerts to its users during the first three quarters of 2020 to warn them of attacks from nation-state actors. Google delivered 33,015 alerts to its users during the first three quarters of 2020 to warn them of phishing attacks, launched by nation-state actors, targeting their accounts. Google sent 11,856 government-backed phishing warnings during Q1 2020, 11,023 in Q2 2020, and 10,136 in Q3 2020.
Round Up of Major Malware and Ransomware Incidents
The Emotet botnet has begun to use a new malicious attachment that pretends to be a message from Windows Update telling you to upgrade Microsoft Word. Emotet is a malware infection that spreads through spam emails containing malicious Word or Excel documents. These documents utilize macros to download and install the Emotet Trojan on a victim’s computer, which uses the computer to send spam email and ultimately leads to a ransomware attack on a victim’s network.
The financially-motivated hacker group FIN11 has started spreading ransomware to monetize its cybercriminal activities. The financially-motivated hacker group FIN11 has switched tactics starting using ransomware as the main monetization method. The group carried out multiple high-volume operations targeting companies across the world, most of them in North America and Europe. In recent attacks, the group was observed deploying the Clop ransomware into the networks of its victims.
Iran-linked cyberespionage group Silent Librarian has launched a new phishing campaign aimed at universities around the world. Iran-linked APT group Silent Librarian has launched another phishing campaign targeting universities around the world. The Silent Librarian, also tracked as Cobalt Dickens and TA407, targeted tens of universities in four continents in the last couple of years. In August 2018, the security firm SecureWorks uncovered a phishing campaign carried out by the APT group targeting universities worldwide.
Google’s Threat Analysis Group sheds more light on targeted credential phishing and malware attacks on the staff of Joe Biden’s presidential campaign. Hackers sent Joe Biden’s presidential campaign staffers malicious emails that impersonated anti-virus software company McAfee, and used a mix of legitimate services (such as Dropbox) to avoid detection. The emails were an attempt to steal staffers’ credentials and infect them with malware.
A ransomware attack targeting medical technology firm slowed down clinical trials for the past two weeks, according to the New York Times. The attack targeted a Philadelphia company that develops software for clinical trials, including the crash effort to develop rapid coronavirus tests, treatment, and the vaccine. The attack on eResearch Technology forced clinicians to track their patients with pen and paper after locking the researchers out of their data.
ThunderX has changed its name to Ranzy Locker and launched a data leak site where they shame victims who do not pay the ransom. ThunderX is a ransomware operation that was launched at the end of August 2020. Soon after launching, weaknesses were found in the ransomware that allowed a free decryptor to be released by Tesorion. The ransomware operators quickly fixed their bugs and released a new version of the ransomware under Ranzy Locker name.
It exploits the vulnerability “CVE-2020-0688” and deploys the servers with web shells, and again attaches the similar malware after downloading and installing the files. However, according to ClearSky, the second malware is not your everyday malware that is common but rather a unique malware with activities that have been noticed only once before. The Powershell threat is called “Powgoop” and was discovered last month by the experts. Palo Alto Network says that Thanos malware was installed using Powgoop.
Round Up of Major Vulnerabilities and Patches
A bug in the latest release of Chrome, and other Chromium-based browsers, is causing random debug.log files to be created on user’s desktops and other folders. On October 6th, 2020, Google released Chrome 86 to the ‘Stable’ branch, and all users were auto-updated to this version. Other browsers based on Chromium, such as Brave and Microsoft Edge, also upgraded to this version around the same time.
Microsoft released two out-of-band security updates to address remote code execution (RCE) bugs in the Microsoft Windows Codecs Library and Visual Studio Code. Microsoft has released two out-of-band security updates to address two remote code execution (RCE) vulnerabilities that affect the Microsoft Windows Codecs Library and Visual Studio Code. The two vulnerabilities, tracked as CVE-2020-17022 and CVE-2020-17023, have been rated as important severity.
The U.K. National Cyber Security Centre (NCSC) issued an alert to urge organizations to patch CVE-2020-16952 RCE vulnerability in MS SharePoint Server. The U.K. National Cyber Security Centre (NCSC) issued an alert to warn of the risks of the exploitation for the CVE-2020-16952 remote code execution (RCE) vulnerability in Microsoft SharePoint Server and urges organizations to address the flaw. Attackers could exploit this vulnerability to run arbitrary code and execute operations in the context of the local administrator on vulnerable SharePoint servers.