Onto the 2nd month of 2021, and we have seen supply-chain attacks, phishing campaigns, botnets, and ransomware such as the HelloKitty ransomware. CD Project disclosed that they were the target of HelloKitty ransomware attack that encrypted devices on their network and led to the theft of unencrypted files. Learn more about it and other cybersecurity news in this batch of InfoSec articles.

For more articles, check out our #onpatrol4malware blog.

HelloKitty ransomware

Operation NightScout: Supply‑chain attack targets online gaming in Asia

Source: WeLiveSecurity

In January 2021, a new supply-chain attack was discovered compromising the update mechanism of NoxPlayer, an Android emulator for PCs and Macs, and part of BigNox’s product range with over 150 million users worldwide. Read more.

Phishing campaign lures US businesses with fake PPP loans

Source: Bleeping computer

Threat actors are sending phishing emails impersonating a SBA lender to prey on US business owners who want to apply for a PPP loan to keep their business going during the COVID-19 crisis. Read more.

HelloKitty ransomware

Ransomware gangs are abusing VMWare ESXi exploits to encrypt virtual hard disks

Source: ZDNet

The RansomExx gang has been seen gaining access to a device on a corporate network and abusing this initial entry point to attack local ESXi instances and encrypt their virtual hard disks. Read more.

New Threat: Matryosh Botnet Is Spreading

Source: Netlab

Matryosh reused the Mirai framework, propagated through the ADB interface, and targeted Android-like devices with the main purpose of DDoS attacks. It redesigns the encryption algorithm and obtains TOR C2 and the TOR proxys from remote host. Read more.

HelloKitty ransomware

Cybercriminal ‘Cloud of Logs’

Source: Trend Micro

In this latest report by Trend Micro Research, they take a closer look at an emerging underground market that is driven by malicious actors who sell access to troves of stolen data, frequently advertised in the underground as “clouds of logs.” Read more.

Phishing scheme shows CEOs may be ‘most valuable asset,’ and ‘greatest vulnerability’

Source: SC Media

Cybercriminals have been using a phishing kit featuring fake Office 365 password alerts as a lure to target the credentials of chief executives, business owners and other high-level corporate leaders. Read more.

HelloKitty ransomware

Whatever happened to cryptojacking?

Source: TripWire

99% of the examined websites were no longer cryptojacking. Although the majority of cryptojacking websites were no longer cryptomining, the researchers were able to track eight unique mining scripts on the remaining 1%. Read more.

HelloKitty ransomware

HelloKitty ransomware behind CD Projekt Red cyberattack, data theft

Source: Bleeping Computer

CD Project disclosed that they were the target of a ransomware attack that encrypted devices on their network and led to the theft of unencrypted files. Read more.

PyPI, GitLab dealing with spam attacks

Source: ZDNet

Spammers have inundated the Python Package Index (PyPI) portal and the GitLab source code hosting website with garbage content, flooding both with ads for shady sites and services. Read more.

Patch now to stop hackers blindly crashing your Windows computers

Source: Naked Security

There were 56 newly-reported vulnerabilities fixed in this month’s patches from Microsoft, with four of them offering attackers the chance of finding remote code execution (RCE) exploits. Read more.