Cybercrime

Cybercrime / Industry Updates

The Fight Against Hive Ransomware May Not Be Done as Yet-Unidentified Artifacts Show

The Hive Ransomware Group has had more than 1,500 victims across more than 80 countries worldwide. They attacked hospitals, school districts, financial firms, and critical infrastructure until the U.S. Department of Justice (DOJ) disrupted their operations. Have we seen the fall of the group's entire infrastructure? more

Gauging How Big a Threat Gigabud RAT Is Through an IoC List Expansion Analysis

Targeting governments the world over in cyber attacks is not a novel concept. Doing that using mobile apps, however, is quite new as a tactic. And that's what Cyble researchers reported as Gigabud RAT's modus operandi - trailing its sights on citizens of Thailand, the Philippines, and Peru who use government-owned institutions' mobile apps. more

Sifting for Digital Breadcrumbs Related to the Latest Zoom Attack

Threat actors have been targeting Zoom and its users since the platform's launch, and it's easy to see why -- the latest stats show it accounts for 3.3 trillion annual meeting minutes worldwide. It's not surprising, therefore, that cyber attackers trailed their sights yet again on the communication app. more

From Data Breach to Phishing to Lapsus$: Cyber Attacks That Echoed in 2022

As a New Year treat, Threat Intelligence Platform (TIP) researchers decided to look back at some of the most newsworthy cybersecurity incidents in 2022 - the Revolut Data Breach, the series of attacks launched by Lapsus$, and a newly detected PayPal phishing tactic. more

Uncovering Other DarkTortilla Threat Vectors

As an age-old digital threat, phishing just continues to grow in sophistication over time, as DarkTortilla showed. Cyble Research and Intelligence Labs (CRIL) published a technical analysis of the threat specifically targeting Cisco and Grammarly. Are there other potential threat vectors, though? more

Supply Chain Security: A Closer Look at the IconBurst and Material Tailwind Attacks

Earlier this month, ReversingLabs published a report on the current state of software supply chain security. They stated that the volume of such attacks using npm and PyPI code have increased by a combined 289% in the past four years. The research also cited two npm attacks as evidence -- IconBurst and Material Tailwind. more

RedLine Stealer: IoC Analysis and Expansion

For roughly US$100, threat actors can purchase RedLine Stealer, a malware-as-a-service (MaaS) program first detected in March 2020 that continues to wreak havoc to this day. The malware can steal information from infected devices, including autocomplete and saved information on browsers. more

Own a Facebook Business? Beware of Ducktail

WithSecure recently unveiled a malicious campaign dubbed "Ducktail," which trailed its sights on Facebook business owners and advertisers. Believed to be run by Vietnamese operators, Ducktail uses malware to steal data from victims and hijack vulnerable Facebook business properties. more

Exposing the New Potential Ways Royal Ransomware Gets Delivered

DEV -- 0569, a threat actor Microsoft has been monitoring, was recently observed deploying Royal ransomware via pages posing as legitimate software download sites and repositories, among other stealthy tactics. He has so far used fake download sites for Adobe Flash Player, AnyDesk, Zoom, and TeamViewer in phishing emails and domains. more

Why Domain Seizure May Not Stop Money Mule Recruitment Campaigns

In the realm of cybersecurity, seizing domains unfortunately doesn't always mean the end for the threats they pose. Such could be the case for the 18 domains U.S. law enforcement agents recently took offline for their ties to a money mule recruitment operation reported by Bleeping Computer. more