The attacks and leaks were believed to be perpetrated by the threat actor Vice Society, which has conducted numerous ransomware and extortion campaigns targeting education institutions in the U.K and the U.S.
Automated Libra is a South African-based freejacking group that primarily targets cloud platforms offering limited-time trials of cloud resources in order to perform their cryptomining operations.
The variant analyzed by Trend Micro has made its way into the MacOS platform and has adopted a new technique to deliver documents embedded with malicious macros to users without having to pretend to be invoices or other business-related files.
The ASEC analysis team uncovered a new shell script compiler (shc)-based Linux malware dropping XMRig miner on compromised systems. The hackers pulled off the attack through a dictionary attack on mismanaged Linux SSH servers. An attack chain spotted in the campaign included both the shc downloader malware and a Perl-based DDoS IRC bot.
A phishing campaign by an actor group has been spotted taking advantage of the increasing interest of the security community in the Flipper Zero tool, a multi-functional portable cybersecurity tool. They are creating fake shops to fool security experts into giving up their personal details and cryptocurrency is nothing new.
Besides email, hackers are now shifting toward other delivery methods such as video conferencing platforms, workforce messaging apps, cloud-based file-sharing platforms, and SMSs. Hackers are actively using multi-stage cloud phishing techniques that combine traditional phishing with second-phase or even third-phase actions.
Research by Emsisoft revealed that ransomware attacks in 2022 affected 105 counties, 45 school districts, 44 universities, and 24 healthcare providers in the U.S. Overall, the number of incidents and the overall impact was more than that observed in 2021. Organizations are encouraged to implement the recommendations from CISA and the FBI to stay safe.
The notorious information-stealer known as Vidar is continuing to leverage popular social media services such as TikTok, Telegram, Steam, and Mastodon as an intermediate command-and-control (C2) server.
While the agencies emphasized that banks are not discouraged from providing services to crypto-asset customers, they said it is vital the risks related to this sector “that cannot be mitigated or controlled do not migrate to the banking systems.”
Five Guys appears to have started informing customers on December 29, when it also notified state authorities about the incident. The exposed information includes names, Social Security numbers, and driver’s license numbers.