The company discovered a new stolen data sharing website and new platforms used for phishing
Phishing schemes with new working tools, a new forum for sharing leaked data and updating cryptographic lock tools have already caused a lot of dangers on the web. Check out the main threats to personal equipment and corporate networks identified by ISH Tecnologia in April.
Phishing with Adobe Acrobat Sign: This scheme is implemented by emulating the widely used platform these days to digitally sign documents, Adobe Acrobat Sign. Phishing is a popular method of data theft. Generally, an attractive message is sent in bulk so that the recipient clicks on a malicious link without realizing it.
In this case, an exact copy of the verification of the real site is sent for the signatures – however, the victim is redirected to another site to answer the captcha containing a file .zoom. This file contains a variant of the Redline Trojan malware, which has the ability to steal passwords, cryptographic wallets, data, and other sensitive information.
Jellyfish: The Medusa family is one of the best known in the world of ransomware. Following its successful history of attacks in recent years with MedusaLocker, the malicious group has positioned Medusa ransomware and its extension, the Medusa botnet Mirai, as an obvious attack in early 2023.
Medusa, for now, only has the ability to run on Windows. This malware is capable of stopping the operation of more than 280 processes and Windows services that are necessary for the functioning of the device, as well as preventing their restoration. Once the data has already been isolated, the malicious group asks the victim to retrieve this obtained information, and if this does not happen, it is all published through a video generated by the group.
Botnet Mirai is a more modern and simpler extension than Medusa, which is camouflaged in a service (malware-as-a-service) format. It “pretends” to be a dedicated security portal, promising stability, support and easy commands, but in reality it’s quite the opposite. Once you use the Contracted Service, it encrypts most of your data within 24 hours, tries to access the recordings with passwords, and puts ransom messages on the screen, which actually act as phishing to get more information from the victim.
Sphynx (BlackCat 2.0): According to the developers of the popular BlackCat ransomware, the attack has been updated to be more powerful. Sphynx, or BlackCat 2.0, brings a version of the most difficult to fight ransomware, the already used and installed AlphV.
Sphynx is a rewritten version of AlphV from scratch that has been optimized not to fall under security system detections. Technologies such as masking the encryption process and distributing a “readme” (“read me” in English) file were incorporated into this new version of the well-known malware.
OneNote attacks: To diversify, malicious groups exploit new attack vectors within device systems, and one of them is the OneNote application. The application is increasingly iterated in business environments for initial access.
In the attack, emails are sent with files to open in OneNote, which actually contain embedded scripts to download malware such as Emotet, QakBot, AgentTesla, and many more.
dropout rule: A new data leak forum has been identified. To occupy a previously hacked space, LeakBase has become a pillar of malicious groups to share confidential data, cryptography, attack techniques, share configurations, hacking tips, and tutorials, among other information.
LeakBase is a forum actively looking for associates to collaborate with their group. The site is still in its infancy and needs many updates and improvements to reach a “breakthrough” peak, which had a similar function to the community. In any case, LeakBase is already causing real harm to the community, considering that in Brazil alone, 5.2 million Brazilian data has already been sold on the site.
SNMP Attacks on Cisco Routers: Some government security bodies such as the UK’s National Center for National Security, the US National Security Agency and the FBI have revealed that one of the world’s most sophisticated hacking groups, Fancy Bear, has discovered some attack techniques that bypass the SNMP protocol vulnerability for Cisco routers.
SNMP is very important for these routers because it monitors and controls the health status of connected devices. However, the Simple Network Management Protocol is vulnerable to several types of attacks, such as brute force, denial of service (DDoS), malicious code injection into the system and known vulnerabilities.
“Friendly zombie guru. Avid pop culture scholar. Freelance travel geek. Wannabe troublemaker. Coffee specialist.”
