From Q1 to Q2 of 2022, hybrid vishing attacks on businesses and their employees increased 625%. The attacks start with an email enticing victims to make further contact over a mobile number. From there, victims are coerced and tricked into giving up confidential information. In other cybersecurity news, the Android banking trojan SOVA has added file encryption to their bag of tricks.
Several government sites belonging to the Judiciary of Córdoba in Argentina fell victim to a Play ransomware attack, leaving all their files encrypted with a “.PLAY” extension. One notable difference between Play and other ransomware groups is that their ransom note has only the word “PLAY” and an email address to negotiate with the attackers. It’s believed that this attack came as a result of a data breach earlier this year by the LAPSUS$ group that compromised several Judiciary email addresses.
Following a mention on the leak site for the Cl0p ransomware group regarding stolen data from South Staffordshire PLC, the company confirmed technical issues though they are still fully operational. Cyberattacks on service infrastructure is nothing new, but the staff at South Staffordshire PLC were able to deter much of the attack while maintaining functionality for their many clients across the UK. Investigators believe that the Cl0p group misidentified their victim organization and had instead been posting stolen data from a different water supplier.
Researchers monitoring an Android banking trojan SOVA identified file encryption in the latest version. Over the past year, SOVA has added bank app injection, capabilities to steal 2FA (2 Factor Authentication) credentials and now version 5 offers ransomware encryption for any victim device. Encryption has been on this malware’s development roadmap for nearly a year and seems to finally have made it into action.
Staff for the online item trading platform, CS.MONEY have announced a breach into their systems that resulted in the theft of 20,000 digital items valued at $6 million. CS.MONEY is one of the largest item skin trading sites for CS:GO, and has spent its third day of site outage by contacting other trading platforms to deny transactions with the stolen items: rendering them worthless. The hackers were able to access the site by compromising the mobile authentication service and taking control of the 100 bot accounts that CS.MONEY uses to store the items, before transferring them all to the attacker’s accounts.
From Q1 of 2022 to Q2, researchers identified an increase of 625% for hybrid vishing attacks on organizations and their employees. These hybrid vishing attacks start by contacting the victims via email in hopes of tricking them into contacting the provided mobile number and giving sensitive information to the attackers. Vishing attacks make up 25% of the total response-based scams for this period, with these types of attacks reaching 41% of overall email-based threats that organizations are facing and remain one of the most dangerous social engineering attacks.