What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-05-17 13:00:00 | How Dangerous Is the Cyber Attack Risk to Transportation? (lien direct) | >If an attacker breaches a transit agency’s systems, the impact could reach far beyond server downtime or leaked emails. Imagine an attack against a transportation authority that manages train and subway routes. The results could be terrible. Between June of 2020 and June of 2021, the transportation industry witnessed a 186% increase in weekly ransomware […] | Ransomware | ||
 |
2022-05-17 09:45:04 | Thanos and Jigsaw ransomware linked to 55 year old doctor (lien direct) | The US Department of Justice announced yesterday that Moises Luis Zagala Gonzalez, a 55-year-old cardiologist currently residing in Ciudad Bolivar, Venezuela, created and rented Jigsaw and Thanos ransomware to cybercriminals. Known online as Nosophoros, Aesculapius, and Nebuchadnezzar, Gonzales supported cybercriminals in their use of the ransomware, and shared in the profits made. “As alleged, the […] | Ransomware | ||
 |
2022-05-17 08:30:00 | Doctor Accused of Being Prolific Ransomware Developer (lien direct) | Venezuelan linked to Jigsaw and Thanos variants | Ransomware | ||
 |
2022-05-17 01:50:51 | U.S. Charges Venezuelan Doctor for Using and Selling Thanos Ransomware (lien direct) | The U.S. Justice Department on Monday accused a 55-year-old cardiologist from Venezuela of being the mastermind behind Thanos ransomware, charging him with the use and sale of the malicious tool and entering into profit sharing arrangements. Moises Luis Zagala Gonzalez, also known by the monikers Nosophoros, Aesculapius, and Nebuchadnezzar, is alleged to have both developed and marketed the | Ransomware Tool | ||
 |
2022-05-16 22:10:00 | Kaspersky report identifies new ransomware trends for 2022 (lien direct) | >Ransomware is probably the type of cybercrime that has made headlines the most in 2021, and 2022 seems to follow that trend. Yet it is still evolving, and new ransomware seems more adaptive, resilient and more industrialized. | Ransomware | ||
 |
2022-05-16 16:46:50 | US links Thanos and Jigsaw ransomware to 55-year-old doctor (lien direct) | The US Department of Justice today said that Moises Luis Zagala Gonzalez (Zagala), a 55-year-old cardiologist with French and Venezuelan citizenship residing in Ciudad Bolivar, Venezuela, created and rented Jigsaw and Thanos ransomware to cybercriminals. [...] | Ransomware | ||
 |
2022-05-16 16:06:57 | Ransomware Gang Threatens to Overthrow Costa Rica Government (lien direct) | 
|
Ransomware | ||
|
2022-05-16 15:30:00 | US Manufacturing Giant Parker Hit by Conti Ransomware Gang (lien direct) | The company announced that employees' personally identifiable information was exposed in the breach | Ransomware | ||
 |
2022-05-16 13:26:55 | (Déjà vu) Webinar June 2nd 2022: Live Attack Simulation - Ransomware Threat Hunter Series (lien direct) |
|
Ransomware Threat | ||
 |
2022-05-16 10:28:48 | Kaspersky: 9 Of 10 Orgs Previously Hit With Ransomware Would Pay If Targeted Again (lien direct) | Kaspersky has released a new report, “How business executives perceive the ransomware threat” showing that in 88% of organizations around the world that were previously attacked by ransomware, business leaders would choose to pay a ransom if faced with another attack. Across organizations that have yet to be victimized, only 67% would be willing to pay, […] | Ransomware Guideline | ||
|
2022-05-16 10:17:58 | Engineering firm Parker discloses data breach after ransomware attack (lien direct) | The Parker-Hannifin Corporation announced a data breach exposing employees' personal information after the Conti ransomware gang began publishing allegedly stolen data last month. [...] | Ransomware Data Breach | ||
 |
2022-05-16 09:30:03 | The downside of \'debugging\' ransomware (lien direct) | >The decision to release a ransomware decryptor involves a delicate balancing act between helping victims recover their data and alerting criminals to errors in their code | Ransomware | ||
 |
2022-05-16 05:28:25 | Eternity Project: You can pay $260 for a stealer and $490 for a ransomware (lien direct) | >Researchers from threat intelligence firm Cyble analyzed the Eternity Project Tor website which offers any kind of malicious code. Researchers at cybersecurity firm Cyble analyzed a Tor website named named 'Eternity Project’ that offers for sale a broad range of malware, including stealers, miners, ransomware, and DDoS Bots. The experts discovered the marketplace during a […] | Ransomware Threat | ||
|
2022-05-13 16:58:23 | The Week in Ransomware - May 13th 2022 - A National Emergency (lien direct) | While ransomware attacks have slowed during Russia's invasion of Ukraine and the subsequent sanctions, the malware threat continues to affect organizations worldwide. [...] | Ransomware Malware Threat | ||
 |
2022-05-13 14:11:10 | Most organizations hit by ransomware would pay up if hit again (lien direct) | Nine out of ten organizations would do it all over again, keeping attackers in business Almost nine in 10 organizations that have suffered a ransomware attack would choose to pay the ransom if hit again, according to a new report, compared with two-thirds of those that have not experienced an attack.… | Ransomware | ||
 |
2022-05-13 12:06:33 | Threat Actors Use Telegram to Spread \'Eternity\' Malware-as-a-Service (lien direct) | An account promoting the project-which offers a range of threat activity from info-stealing to crypto-mining to ransomware as individual modules-has more than 500 subscribers. | Ransomware Threat | ||
 |
2022-05-13 12:04:41 | Homeland Security: U.S. Ransomware Attacks Have Doubled in the Last Year (lien direct) |
A March 2022 report from the Senate Committee on Homeland Security and Governmental Affairs zeros in on the growing problem of ransomware and lessons learned so far. |
Ransomware | ||
 |
2022-05-13 08:52:13 | Follow the Money: How eCriminals Monetize Ransomware (lien direct) | The transaction details and monetization patterns of modern eCrime reveal critical insights for organizations defending against ransomware attacks. Cybercrime has evolved over the past several years from simple “spray and pray” attacks to a sophisticated criminal ecosystem centered around highly effective monetization techniques that enable adversaries to maximize success and profitability. Monetization is the step […] | Ransomware | ||
|
2022-05-13 06:52:53 | Iran-linked COBALT MIRAGE group uses ransomware in its operations (lien direct) | Iranian group used Bitlocker and DiskCryptor in a series of attacks targeting organizations in Israel, the US, Europe, and Australia. Researchers at Secureworks Counter Threat Unit (CTU) are investigating a series of attacks conducted by the Iran-linked COBALT MIRAGE APT group. The threat actors have been active since at least June 2020 and are linked […] | Ransomware Threat | APT 15 APT 15 | ★★★★ |
 |
2022-05-12 23:53:15 | Destructive Onyx ransomware in the wild (lien direct) | FortiGuard Labs is aware that a new ransomware "Onyx" is in the wild. The ransomware was first discovered in late April, 2022. The malware appears to be based on Chaos ransomware and overwrites files bigger than 2MB, making file recovery very difficult. What is this Significant?This is significant because the threat actor opted to have Onyx ransomware overwrite files bigger than 2MB on the compromised machine rather than encrypting them. Although the threat actor promises to decrypt the affected files after ransom payment is made, recovery of the overwritten files will be difficult.What does Onyx Ransomware do?The ransomware overwrites files bigger than 2MB on the compromised machine, encrypts files smaller than 2MB, and adds file extension ".ampkcz" to them. It also collects sensitive information such as credentials from the affected machine. It then displays the following ransom message and demands ransom from the victim in order to recover the affected files:"All of your files are currently encrypted by ONYX strain.As you already know, all of your data has been encrypted by our software.It cannot be recovered by any means without contacting our team directly.DON'T TRY TO RECOVER your data by yourselves. Any attempt to recover your data (including the usage of the additional recovery software) can damage your files. However,if you want to try - we recommend choosing the data of the lowest value.DON'T TRY TO IGNORE us. We've downloaded a pack of your internal data and are ready to publish it on our news website if you do not respond.So it will be better for both sides if you contact us as soon as possible.DON'T TRY TO CONTACT feds or any recovery companies.We have our informants in these structures, so any of your complaints will be immediately directed to us.So if you will hire any recovery company for negotiations or send requests to the FBI, we will consider this as a hostile intent and initiate the publication of whole compromised data immediately.To prove that we REALLY CAN get your data back - we offer you to decrypt two random files completely free of charge.You can contact our team directly for further instructions through our website :TOR VERSION :(you should download and install TOR browser first https://torproject.org)http://[Removed}].onionLogin: [Removed]Password: [Removed]YOU SHOULD BE AWARE!We will speak only with an authorized person. It can be the CEO, top management, etc.In case you are not such a person - DON'T CONTACT US! Your decisions and action can result in serious harm to your company!Inform your supervisors and stay calm!"What is the Status of Coverage?FortiGuard Labs provides the following AV detection for known Onyx ransomware samples:MSIL/Filecoder.F9C3!tr.ransom | Ransomware Malware Threat | ★★ | |
|
2022-05-12 20:24:54 | Costa Rica Declares Emergency in Ongoing Cyberattack (lien direct) |
|
Ransomware | ★★ | |
|
2022-05-12 18:30:55 | Ransomware: How executives should prepare given the current threat landscape (lien direct) | As the number of ransomware attacks continue to increase, the response at C-level must be swift and decisive. | Ransomware Threat | ★★★ | |
 |
2022-05-12 16:45:59 | Ransomware cyber-attacks in Costa Rica and Peru drives national response (lien direct) | >Highlights Effectively, one out of every 60 organizations globally have been impacted by attempted ransomware attacks every week, so far in in the first four months of 2022 A 14% increase of attempted ransomware attacks to organizations globally every week compared to the same period last year. To mark the 5th anniversary of the WannaCry… | Ransomware | Wannacry | |
|
2022-05-12 15:18:45 | Eternity malware kit offers stealer, miner, worm, ransomware tools (lien direct) | Threat actors have launched the 'Eternity Project,' a new malware-as-a-service where threat actors can purchase a malware toolkit that can be customized with different modules depending on the attack being conducted. [...] | Ransomware Malware Threat | ||
|
2022-05-12 13:18:29 | Iranian Cyberspy Group Launching Ransomware Attacks Against US (lien direct) | Over the past several months, Iran-linked cyberespionage group Charming Kitten has been engaging in financially-motivated activities, the Secureworks Counter Threat Unit (CTU) reports. | Ransomware Threat Conference | APT 35 APT 35 | ★★★ |
|
2022-05-12 10:32:00 | CISO Q&A: Ransomware: A Top of Mind Threat Still Today (lien direct) | Ransomware has grown into increasingly sophisticated and destructive attacks. Fortinet Field CISOs discuss the state of ransomware and provide some key takeaways to stay on top of this threat. Read more.
|
Ransomware Threat | ★★ | |
 |
2022-05-12 10:21:16 | College closes down after ransomware attack (lien direct) | >Lincoln College is the first US college or university ransomware affected so badly that it could not cope and had to close shop. | Ransomware | ||
|
2022-05-12 06:56:45 | Iranian Hackers Leveraging BitLocker and DiskCryptor in Ransomware Attacks (lien direct) | A ransomware group with an Iranian operational connection has been linked to a string of file-encrypting malware attacks targeting organizations in Israel, the U.S., Europe, and Australia. Cybersecurity firm Secureworks attributed the intrusions to a threat actor it tracks under the moniker Cobalt Mirage, which it said is linked to an Iranian hacking crew dubbed Cobalt Illusion (aka APT35, | Ransomware Malware Threat Conference | APT 35 APT 15 | ★★★★ |
|
2022-05-12 00:37:30 | How the evolution of ransomware has changed the threat landscape (lien direct) | >From WannaCry to Conti: A 5-Year Perspective Five years ago, on May 12, 2017, the world fell victim to a major ransomware attack known as 'WannaCry'. The attack had an unprecedented scale, and spread around the world like wildfire, with more than 200,000 Windows computers across 150 countries affected outbreaking only a few days.… | Ransomware Threat | Wannacry Wannacry | |
|
2022-05-12 00:27:14 | Everything We Learned From the LAPSUS$ Attacks (lien direct) | In recent months, a cybercriminal gang known as LAPSUS$ has claimed responsibility for a number of high-profile attacks against technology companies, including: T-Mobile (April 23, 2022) Globant Okta Ubisoft Samsung Nvidia Microsoft Vodafone In addition to these attacks, LAPSUS$ was also able to successfully launch a ransomware attack against the Brazilian Ministry of Health. While | Ransomware | ★★★★ | |
 |
2022-05-12 00:00:00 | COBALT MIRAGE Conducts Ransomware Operations in U.S. (lien direct) | COBALT MIRAGE Conducts Ransomware Operations in U.S.The Iranian threat group blurs the line between financially motivated attacks and espionage.Learn how the Iranian threat group blurs the line between financially motivated attacks and espionage. | Ransomware Threat | APT 15 APT 15 | |
|
2022-05-12 00:00:00 | How Ransomware Works: The Five Questions You Need to Know (lien direct) | How Ransomware Works: The Five Questions You Need to KnowTake on the guise of the adversary to learn how ransomware works. I've spent countless hours attacking organizations like yours with ransomware. And based on that experience as a ransomware attacker, I've come up with five questions you need to ask yourself as if you were a bad guy. | Ransomware | ||
 |
2022-05-11 16:54:19 | Quantum Ransomware Strikes Quickly, How to Prepare and Recover (lien direct) | NYC-area cybersecurity expert shares the anatomy of a Quantum Ransomware attack and how to prevent, detect and recover from a ransomware attack, in a new article from eMazzanti Technologies. | Ransomware | ★★★★★ | |
 |
2022-05-11 14:00:58 | Ransomware DarkSide : qui sont ses opérateurs et ses affiliés ? (lien direct) | >by Gustav Elkjær Rødsgaard, Junior Security Analyst Le 15 janvier 2022, le Service fédéral de sécurité russe a arrêté plusieurs membres du gang du ransomware REvil. L'une des personnes arrêtées faisait également partie des opérations du ransomware DarkSide et était directement impliquée dans l'attaque de Colonial Pipeline. Enquêtons à présent sur les activités passées du [...] | Ransomware | ||
|
2022-05-11 13:07:49 | Healthcare Technology Provider Omnicell Discloses Ransomware Attack (lien direct) | Healthcare technology company Omnicell revealed in a filing with the United States Securities and Exchange Commission (SEC) that it recently fell victim to a ransomware attack. | Ransomware | ★★★ | |
|
2022-05-11 12:57:31 | Wannacry – 5 Years On, 68% Of Enterprises Are Still At Risk (lien direct) | 5 years on from one of the world’s most damaging ransomware attacks, research from network detection and response leader ExtraHop has found that 68% of enterprises are still running insecure protocol that were exploited by the North Korean ransomware. | Ransomware Guideline | Wannacry | ★★★ |
 |
2022-05-11 12:00:23 | New ransomware trends in 2022 (lien direct) | This year, ransomware is no less active than before: cybercriminals continue to threaten nationwide retailers and enterprises, old variants of malware return while the new ones develop. | Ransomware Malware | ★★★★ | |
|
2022-05-11 11:02:21 | Ransomware Deals Deathblow to 157-year-old College (lien direct) | Why a private college that stayed in business for 157 years had to close after the combo of COVID-19 and ransomware proved too much. | Ransomware | ★★★★ | |
 |
2022-05-11 10:14:04 | US college set to permanently close after 157 years, following ransomware attack (lien direct) | A predominantly Black college, based in Illinois, USA, is closing its doors after 157 years - citing the challenges it faced due to the Coronavirus pandemic, and the aftermath of a ransomware attack. Read more in my article on the Hot for Security blog. | Ransomware | ||
|
2022-05-11 08:30:00 | Microsoft: Ransomware Relies on the Gig Economy (lien direct) | Report reveals big variety in affiliate groups | Ransomware | ★★★ | |
 |
2022-05-11 07:45:00 | Analysts confirm return of REvil ransomware gang (lien direct) | Pas de details / No more details | Ransomware | ||
|
2022-05-11 00:36:09 | Hackers Hit Web Hosting Provider Linked to Oregon Elections (lien direct) | A week before Oregon's primary election, the secretary of state's office is moving to protect the integrity of its online system where campaign finance records are published after a web hosting provider was hit by a ransomware attack. | Ransomware | ★★★★ | |
|
2022-05-10 18:02:52 | New Malware Samples Indicate Return of REvil Ransomware (lien direct) | New malware samples and a new Tor-based leak website suggest that the REvil ransomware operation has been resumed. Secureworks, which tracks the group behind REvil as Gold Southfield, has conducted an analysis of malware samples apparently created in March and April, and determined that the developer likely has access to the original REvil source code. | Ransomware Malware | ★★★ | |
 |
2022-05-10 17:08:00 | Anomali Cyber Watch: Moshen Dragon Abused Anti-Virus Software, Raspberry Robin Worm Jumps from USB, UNC3524 Uses Internet-of-Things to Steal Emails, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Cyberespionage, Phishing, Ransomware, Sideloading, and Ukraine. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Attackers Are Attempting to Exploit Critical F5 BIG-IP RCE
(published: May 9, 2022)
CVE-2022-1388, a critical remote code execution vulnerability affecting F5 BIG-IP multi-purpose networking devices/modules, was made public on May 4, 2022. It is of high severity (CVSSv3 score is 9.8). By May 6, 2022, multiple researchers have developed proof-of concept (PoC) exploits for CVE-2022-1388. The first in-the-wild exploitation attempts were reported on May 8, 2022.
Analyst Comment: Update your vulnerable F5 BIG-IP versions 13.x and higher. BIG-IP 11.x and 12.x will not be fixed, but temporary mitigations available: block iControl REST access through the self IP address and through the management interface, modify the BIG-IP httpd configuration.
MITRE ATT&CK: [MITRE ATT&CK] Exploit Public-Facing Application - T1190
Tags: CVE-2022-1388, F5, Vulnerability, Remote code execution, Missing authentication
Mobile Subscription Trojans and Their Little Tricks
(published: May 6, 2022)
Kaspersky researchers analyzed five Android trojans that are secretly subscribing users to paid services. Jocker trojan operators add malicious code to legitimate apps and re-upload them to Google Store under different names. To avoid detection, malicious functionality won’t start until the trojan checks that it is available in the store. The malicious payload is split in up to four files. It can block or substitute anti-fraud scripts, and modify X-Requested-With header in an HTTP request. Another Android malware involved in subscription fraud, MobOk trojan, has additional functionality to bypass captcha. MobOk was seen in a malicious app in Google Store, but the most common infection vector is being spread by other Trojans such as Triada.
Analyst Comment: Limit your apps to downloads from the official stores (Google Store for Android), avoid new apps with low number of downloads and bad reviews. Pay attention to the terms of use and payment. Avoid granting it too many permissions if those are not crucial to the app alleged function. Monitor your balance and subscription list.
MITRE ATT&CK: [MITRE ATT&CK] Ingress Tool Transfer - T1105 | [MITRE ATT&CK] User Execution - T1204 | [MITRE ATT&CK] Data Manipulation - T1565
Tags: Android, Jocker, MobOk, Triada, Vesub, GriftHorse, Trojan, Subscription fraud, Subscription Trojan, Russia, target-country:RU, Middle East, Saudi Arabia, target-country:SA, Egypt, target-country:EG, Thailand, target-country:TH
Raspberry Robin Gets the Worm Early
(published: May 5, 2022)
Since September 2021, Red Canary researchers monitor Raspberry Robin, a new worm |
Ransomware Malware Tool Vulnerability Threat | APT 29 APT 28 | ★★★ |
 |
2022-05-10 15:04:50 | Security Roundup May 2022 (lien direct) | >Curated advice, guidance, learning and trends in cybersecurity and privacy, as chosen by our consultants. Nothing random about ransomware victims as attacks increase Ransomware: it hasn't gone away, you know. Europol recently warned that ransomware operators are choosing their targets based on their ability to pay higher financial costs, and their need to get back running quickly ... | Ransomware | ||
|
2022-05-10 11:54:03 | Conti Ransomware Attack Spurs State of Emergency in Costa Rica (lien direct) | The threat group has leaked data that it claims was stolen in the breach and is promising more government-targeted attacks. | Ransomware Threat | ★★★★ | |
|
2022-05-10 06:02:32 | New REvil Samples Indicate Ransomware Gang is Back After Months of Inactivity (lien direct) | The notorious ransomware operation known as REvil (aka Sodin or Sodinokibi) has resumed after six months of inactivity, an analysis of new ransomware samples has revealed. "Analysis of these samples indicates that the developer has access to REvil's source code, reinforcing the likelihood that the threat group has reemerged," researchers from Secureworks Counter Threat Unit (CTU) said in a | Ransomware Threat | ★★★ | |
 |
2022-05-10 03:00:00 | Cohesity launches FortKnox to protect data from ransomware attacks (lien direct) | Data management specialist Cohesity is launching a new data isolation and recovery tool called FortKnox, in a bid to help customers protect their data from ransomware attacks.FortKnox provides an additional layer of off-site protection for customers by keeping data in a secure 'vault,' with physical separation, network and management isolation to keep threat actors from accessing sensitive data.An object lock requires a minimum of two or more people to approve critical actions, such as changes of vault policy, and access can be managed using granular role-based access control, multi-factor authentication, and encryption both in-flight and at rest.To read this article in full, please click here | Ransomware Tool Threat | ||
|
2022-05-10 01:40:08 | (Déjà vu) U.S. Proposes $1 Million Fine on Colonial Pipeline for Safety Violations After Cyberattack (lien direct) | The U.S. Department of Transportation's Pipeline and Hazardous Materials Safety Administration (PHMSA) has proposed a penalty of nearly $1 million to Colonial Pipeline for violating federal safety regulations, worsening the impact of the ransomware attack last year. The $986,400 penalty is the result of an inspection conducted by the regulator of the pipeline operator's control room management ( | Ransomware | ★★★ | |
|
2022-05-09 21:09:18 | Costa Rica Declares State of Emergency Under Sustained Conti Cyberattacks (lien direct) | Conti's ransomware attack cripples Costa Rica's Treasury, sparking the US to offer a $15M bounty on the group. | Ransomware |
To see everything:
Our RSS (filtrered)
