Onto the 2nd month of 2021, and we have seen supply-chain attacks, phishing campaigns, botnets, and ransomware such as the HelloKitty ransomware. CD Project disclosed that they were the target of HelloKitty ransomware attack that encrypted devices on their network and led to the theft of unencrypted files. Learn more about it and other cybersecurity news in this batch of InfoSec articles.
For more articles, check out our #onpatrol4malware blog.
Operation NightScout: Supply‑chain attack targets online gaming in Asia
Source: WeLiveSecurity
In January 2021, a new supply-chain attack was discovered compromising the update mechanism of NoxPlayer, an Android emulator for PCs and Macs, and part of BigNox’s product range with over 150 million users worldwide. Read more.
Phishing campaign lures US businesses with fake PPP loans
Source: Bleeping computer
Threat actors are sending phishing emails impersonating a SBA lender to prey on US business owners who want to apply for a PPP loan to keep their business going during the COVID-19 crisis. Read more.
Ransomware gangs are abusing VMWare ESXi exploits to encrypt virtual hard disks
Source: ZDNet
The RansomExx gang has been seen gaining access to a device on a corporate network and abusing this initial entry point to attack local ESXi instances and encrypt their virtual hard disks. Read more.
New Threat: Matryosh Botnet Is Spreading
Source: Netlab
Matryosh reused the Mirai framework, propagated through the ADB interface, and targeted Android-like devices with the main purpose of DDoS attacks. It redesigns the encryption algorithm and obtains TOR C2 and the TOR proxys from remote host. Read more.
Cybercriminal ‘Cloud of Logs’
Source: Trend Micro
In this latest report by Trend Micro Research, they take a closer look at an emerging underground market that is driven by malicious actors who sell access to troves of stolen data, frequently advertised in the underground as “clouds of logs.†Read more.
Phishing scheme shows CEOs may be ‘most valuable asset,’ and ‘greatest vulnerability’
Source: SC Media
Cybercriminals have been using a phishing kit featuring fake Office 365 password alerts as a lure to target the credentials of chief executives, business owners and other high-level corporate leaders. Read more.
Whatever happened to cryptojacking?
Source: TripWire
99% of the examined websites were no longer cryptojacking. Although the majority of cryptojacking websites were no longer cryptomining, the researchers were able to track eight unique mining scripts on the remaining 1%. Read more.
HelloKitty ransomware behind CD Projekt Red cyberattack, data theft
Source: Bleeping Computer
CD Project disclosed that they were the target of a ransomware attack that encrypted devices on their network and led to the theft of unencrypted files. Read more.
PyPI, GitLab dealing with spam attacks
Source: ZDNet
Spammers have inundated the Python Package Index (PyPI) portal and the GitLab source code hosting website with garbage content, flooding both with ads for shady sites and services. Read more.
Patch now to stop hackers blindly crashing your Windows computers
Source: Naked Security
There were 56 newly-reported vulnerabilities fixed in this month’s patches from Microsoft, with four of them offering attackers the chance of finding remote code execution (RCE) exploits. Read more.