Researchers have been tracking multiple malware strains that have been spreading through the download and installation of modifying files for video games, plus NY's Department of Financial Services targeted in attacks. That and more in this week's Cyber News Rundown.
New York Department of Financial Services suffers constant cyberattacks
Workers for New York’s Department of Financial Services (NY DFS) have begun contacting citizens regarding cyberattacks targeting sensitive information belonging to thousands of New Yorkers. This campaign is one of many that have popped up during the pandemic attempting to steal information for various forms of healthcare and unemployment fraud. In just 2020 alone, over 1.4 million reports were issued for identity theft and other fraud claims, a significant rise over the previous year.
Ransoms more likely to be paid by younger victims
A study conducted over the past year on victims of ransomware attacks found that those over the age of 55 were unlikely to pay a ransom to return their stolen/encrypted data. Victims from 16 to 24 and 35 to 44, however, were reported to have paid the ransom more than half the time. Unfortunately, barely a quarter of all ransomware victims were able to fully restore all files to their original capacity, with 1 in 7 not being able to restore any of their data regardless of whether they paid a ransom.
Theft an increasingly common feature of ransomware attacks
While encryption has been the primary means of generating profit from ransomware attacks, in 2020 nearly half of all ransomware attacks included some form of data theft as well. This has increased the severity of ransomware attacks, with companies now fearing both encryption and having their data sold or leaked with malicious intent. Theft during a ransomware attack was only perpetrated by a single ransomware family in 2019, but spread to over 15 different families over the course of 2020.
Gaming mods used to distribute several malware strains
Researchers are tracking multiple malware strains spreading through the download and installation of modifying files for video games, which have long been known as a potential container for malware, though the quantity has risen quickly in recent months. Many malware strains identified are remote access Trojans (RATs), which are used to gain unauthorized access to compromised systems.
New malware campaign relies on call centers for distribution
An email phishing campaign has taken up the tactic of directing recipients to a call center phone number to stop a fake subscription from being automatically renewed if targets do not call to cancel. Upon calling, victims of ‘BazarCall’ are then directed to a website to download a “cancellation form.” Instead, the form downloads and executes a malicious payload, an info-stealing Trojan.