📊 2023 OpenText Cybersecurity Threat Report
News, Announcements, Tech Discussions
February 21, 2023 By Pierluigi Paganini Recently emerged HardBit ransomware gang adjusts their demands so the insurance company would cover the ransom cost.The HardBit ransomware group first appeared on the threat landscape in October 2022, but unlike other ransomware operations, it doesn’t use a double extortion model at this time.The gang threatens victims of further attacks if their ransom demands are not met. Once infected the network of an organization, the HardBit ransomware group instructs victims to contact them by email or via the Tox instant messaging platform.The group made the headline because it seeks to negotiate with victims to reach a settlement. >> Full Article <<
VMware issues a critical fix for a vulnerability that allows hacker to gain full access to the underlying server operating system. February 21, 2023 By Ryan Naraine Virtualization technology giant VMware on Tuesday pushed out a major security fix to cover a critical vulnerability in its enterprise-facing Carbon Black App Control product.A critical-severity advisory from VMware tracks the vulnerability as CVE-2023-20858 and warns that hackers can launch injection exploits to gain full access to the underlying server operating system. >> Full Article <<
February 21, 2023 By Pierluigi Paganini Researchers spotted a new information stealer, called Stealc, which supports a wide set of stealing capabilities.In January 2023, researchers at SEKOIA.IO discovered a new information stealer, dubbed Stealc, which was advertised in the dark web forums. The malware was developed by a threat actor that uses the moniker Plymouth who claims the info-stealer supports a wide set of stealing capabilities.According to the experts, the development of Stealc relied on Vidar, Raccoon, Mars and Redline stealers.In February the experts found several dozens of Stealc samples in the wild, they were showing similarities with Vidar and Raccoon. >> Full Article <<
By Derek Manky | February 22, 2023 In the first half of 2022, FortiGuard Labs observed an overall increase in attack frequency paired with the explosive growth of new variants associated with familiar tactics. While attack volume isn’t showing any signs of slowing, the back half of the year gave rise to some other distinct trends in activity. For starters, our team witnessed destructive wiper malware attacks impacting more organizations across the globe, as well as enterprising cybercriminals reimagining existing botnets and reusing code to power new—and more sophisticated—attacks.In our 2H 2022 Threat Landscape Report, we examine the cyber threat landscape over the year's second half to identify trends and offer insights on what security professionals should know to effectively protect their organizations in the new year and beyond. The report findings are based on the collective intelligence of FortiGuard Labs, drawn from Fortinet’s vast array of sensors collecting billions of threat
February 21, 2023 By Jérôme Segura One important aspect of data theft in criminal markets revolves around the authenticity of the data that is being resold. There are different services that exist to vet such things as credit card numbers so that buyers can purchase with confidence.Criminals are also very aware that anyone and in particular security researchers may want to interfere with their operations. Filling up phishing pages with junk data is a sport of its own, although it may also be counterproductive at times. Using special cards for tracing purposes can also be used by defenders to follow the money.We recently spotted a Magecart skimmer that collects the current victim's IP address and browser user-agent in addition to their email, address, phone number and credit card data. Because the victim already filled in their home address, we believe this is a fingerprinting effort much like what is done in traditional malware campaigns. >> Full Article <<
February 22, 2023 By Paul Ducklin Johnathan Swift is probably most famous for his novel Gulliver’s Travels, during which the narrator, Lemuel Gulliver, encounters a socio-political schism in Liiliputian society caused by unending arguments over whether you should open a boiled egg at the big end or the little end.This satirical observation has flowed diretly into modern computer science, with CPUs that represent integers with the least significant bytes at the lowest memory addresses called little-endian (that’s like writing the year AD 1984 as 4 8 9 1, in the sequenceunits-tens-hundreds-thousands), and those that put the most significant bytes first in memory (as numbers are conventionally written: 1 9 8 4) known as big-endian.Swift, of course, gave us another satirical note that applies rather neatly to open-source supply chain attacks, where programmers decide to use project X, only to find that X depends on Y, which itself depends on Z, which depends on A, B and C, which in turn……
February 22, 2023 By Bill Toulas A previously unknown threat actor named Hydrochasma has been targeting shipping and medical laboratories involved in COVID-19 vaccine development and treatments.The hackers's goal appears to be stealing intelligence and their activity has been tracked since last October by threat hunters at Symantec, a Broadcom company.A characteristic of Hydrochasma attacks is that they rely only on open-source tools and “living off the land” (LotL) tactics, leaving no traces that could lead to attribution. >> Full Article <<
February 23, 2023 By Ry Crozier Says findings of pentests ‘actioned’ and exchange is safe to use.Services Australia said it has “actioned” several security-related vulnerabilities found in an identity exchange it operates for the government’s digital identity system, including one rated 'high risk'.The vulnerabilities were uncovered in periodic security assessments commissioned by the agency, but only disclosed by the Office of the Australian Information Commissioner (OAIC) last week.The exact nature of the vulnerabilities isn’t discussed, but they are broadly described as “ICT security-related” and relate to how the identity exchange handles personal information. >> Full Article <<
Hackers will take anything newsworthy and turn it against you, including the world's most advanced AI-enabled chatbot. February 22, 2023 By Nate Nelson Scammers are capitalizing on the runaway popularity of and interest in ChatGPT, the natural language processing AI — impersonating it in order to infect victims with a Trojan malware called Fobo, in order to steal login credentials for business accounts.ChatGPT is the world's most advanced chatbot, published by developers OpenAI back in November. It’s been a resounding success: It's regularly overloaded with users demanding that it write marketing copy, or poems, or answer questions about philosophy. (In fact, OpenAI has developed a $20-per-month subscription plan for users who want to bypass these slowdowns.) And a meme has been making the Internet rounds recently, about how long it took the world's biggest apps to reach 1 million users. Netflix, for example, took 3.5 years. Facebook, 10 months. Spotify, five months. ChatGPT? Five days
February 22, 2023 By Pierluigi Paganini Researchers warn that the MyloBot botnet is rapidly spreading and it is infecting thousands of systems worldwide.The MyloBot botnet has been active since 2017 and was first detailed by cybersecurity firm Deep Instinct in 2018. MyloBot is a highly evasive Windows botnet that supports advanced anti-analysis techniques.The first sample of the bot analyzed by the experts (dated October 20, 2017) had three different stages. >> Full Article <<
Russia has greatly accelerated cyberattacks on its neighbor in the wake of its invasion.ANDY GREENBERG, WIRED.COM - 2/23/2023 Amidst the tragic toll of Russia's brutal and catastrophic invasion of Ukraine, the effects of the Kremlin's long-running campaign of destructive cyberattacks against its neighbor have often—rightfully—been treated as an afterthought. But after a year of war, it's becoming clear that the cyberwar Ukraine has endured for the past year represents, by some measures, the most active digital conflict in history. Nowhere on the planet has ever been targeted with more specimens of data-destroying code in a single year.Ahead of the one-year anniversary of Russia's invasion, cybersecurity researchers at Slovakian cybersecurity firm ESET, network security firm Fortinet, and Google-owned incident-response firm Mandiant have all independently found that in 2022, Ukraine saw far more specimens of “wiper” malware than in any previous year of Russia's long-running cyberwar tar
A Russian malware developer behind the NLBrute brute-forcing tool has been extradited to the United States from Georgia. February 23, 2023 By Eduard Kovacs A Russian national accused of developing a piece of malware named NLBrute has been extradited to the United States from the Eastern European country of Georgia. The suspect, Dariy Pankov, aka dpxaker, was extradited from Georgia in October 2022 and he appeared before a US judge this week. It’s unclear for how long he had been in Georgia before being detained, but more than 100,000 Russians reportedly fled to the neighboring country last year, often in an effort to avoid being drafted into Russia’s armed forces as the country wages its war against Ukraine. >> Full Article <<
A novel threat group, utilizing new malware, is out in the wild. But the who, what, where, and why are yet to be determined, and there's evidence of a false-flag operation. February 22, 2023 By Nate Nelson On Feb. 22, Symantec revealed evidence of a previously undocumented threat actor it's calling "Clasiopa." Clasiopa has been observed deploying a unique malware backdoor called "Atharvan" in its campaign against a materials manufacturer based in Asia."From what we can see, the main motivation of the attack was spying or information theft," Dick O'Brien, principal intelligence analyst at the Symantec Threat Hunter Team, tells Dark Reading. Symantec declined to elaborate on the nature of the victim, the files, or whether the attackers were successful. >> Full Article <<
February 24, 2023 By Zeljka Zorz Last year, Microsoft announced automatic attack disruption capabilities in Microsoft 365 Defender, its enterprise defense suite. On Wednesday, it announced that these capabilities will now help organizations disrupt two common attack scenarios: BEC (business email compromise) and human-operated ransomware attacks. Reaction speed is paramount for disrupting attacksA fast defensive response to initiated cyber attacks is becoming increasingly crucial for organizations: According to IBM Security’s X-Force team, the average time to complete a ransomware attack dropped from 2 months down to less than 4 days and the rate at which attackers target employees via compromised email accounts and by exploiting existing email threads has doubled. >> Full Article <<
February 24, 2023 By Pierluigi Paganini Experts warn of threat actors actively exploiting the critical CVE-2022-47966 (CVSS score: 9.8) flaw in Zoho ManageEngine.Multiple threat actors are actively exploiting the Zoho ManageEngine CVE-2022-47966 (CVSS score: 9.8) in attacks in the wild, Bitdefender Labs reported.“Starting on January 20 2023, Bitdefender Labs started to notice a global increase in attacks using the ManageEngine exploit CVE-2022-47966.” reads the report published by Bitdefender Labs.The CVE-2022-47966 flaw is an unauthenticated remote code execution vulnerability that impacts multiple Zoho products with SAML SSO enabled in the ManageEngine setup. The issue also impacts products that had the feature enabled in the past. >> Full Article <<
February 24, 2023 By Christopher Boyd Over the last few days, scammers have been sending out phishing mails that disguise bogus URLs with something called Slinks—shortened Linkedin URLs.The shortened URLs redirect users to a different URL when they are clicked. If you’ve ever seen a Tiny URL, or a Bit.ly link, you’ll already be familiar with how these work. Shortened links are a common tool in the phishing armoury because they obscure the final destination of their links, and because familiar shortening services may be seen as more trustworthy.As you would expect, a LinkedIn shortened link is going to carry a certain amount of trust for someone on the receiving end. This has been put to the test a number of times. For example, in February of last year Slinks were being used to send people to IRS and PayPal phishes. As Brian Krebs notes, this tactic has been around for some years and was spotted in 2016 being sent out via Skype spam.Now they're being used in a scam based on Amazon's po
The Cybersecurity and Infrastructure Security Agency advises US and European nations to prepare for possible website attacks marking the Feb. 24 invasion of Ukraine by Russia. February 24, 2023 By Dark Reading Staff The one-year anniversary of the start of the war in Ukraine could spur "disruptive and defacement attacks" on US and European websites, the US Cybersecurity and Infrastructure Security Agency (CISA) warned this week. >> Full Article <<
