Over the last two weeks, we saw that KELA published a report on ransomware operators’ overall trends and movements over 2021. The cybersecurity firm says that the number of major organizations tracked as ransomware victims increased from 1460 to 2860. In addition, the new Pocket Guide to the MITRE ATT&CK Framework. The Mitre ATT&CK framework classifies attacker actions during the lifecycle of a cyberattack.
For more articles, check out our #onpatrol4malware blog.
Pocket Guide to the MITRE ATT&CK Framework
Source: LiveAction
The Mitre ATT&CK framework classifies attacker actions during the lifecycle of a cyberattack. It helps organizations answer a crucial question: how well can we defend against attacker tactics, techniques, and procedures during various phases of an attack? Read more.
CISA and FBI warning: Hackers used these tricks to dodge multi-factor authentication and steal email from NGO
Source: ZD Net
FBI and Cybersecurity and Infrastructure Security Agency (CISA) issued an alert about Russian state-sponsored activity that pre-dates recent warnings over cyber activity related to Russia’s military invasion of Ukraine. Read more.
Threat Actor UAC-0056 Targeting Ukraine with Fake Translation Software
Source: SentinelOne
This previously undiscovered set of activities centers around a Python-compiled binary that masquerades as Ukrainian language translation software, leading to the infection of GrimPlant, and GraphSteel. Read more.
Uncovering Trickbot’s use of IoT devices in command-and-control infrastructure
Source: Microsoft Security
In this blog, we will share our analysis of the said method and provide insights on how attackers gain access to MikroTik devices and use compromised IoT devices in Trickbot attacks. Read more.
B1txor20 Linux botnet use DNS Tunnel and Log4J exploit
Source: Security Affairs
Researchers uncovered a new Linux botnet, tracked as B1txor20, that exploits the Log4J vulnerability and DNS tunnel. The malware was first spotted on February 9, 2022, when 360Netlab’s honeypot system captured an unknown ELF file that was spreading by exploiting the Log4J vulnerability. Read more.
Franchises, partnerships emerge in Ransomware-as-a-Service operations
Source: ZD Net
On Friday, KELA published a report on ransomware operators’ overall trends and movements over 2021. The cybersecurity firm says that the number of major organizations tracked as ransomware victims increased from 1460 to 2860. Read more.
Hackers Target Bank Networks with new Rootkit to Steal Money from ATM Machines
Source: The Hackers News
A financially motivated threat actor has been observed deploying a previously unknown rootkit targeting Oracle Solaris systems with the goal of compromising Automatic Teller Machine (ATM) switching networks and carrying out unauthorized cash withdrawals at different banks using fraudulent cards. Read more.
Storm Cloud on the Horizon: GIMMICK Malware Strikes at macOS
Source: Volexity
This blog post provides an in-depth analysis of the macOS variant of GIMMICK, but also demonstrates the features and characteristics of the Windows variant. Read more.