Malicious Chrome Extension Rising
The top trend concerning the report is the rise in campaigns that involve Chrome extensions. The extensions, often masked as genuine tools, are made to hack into users' browsers and do various activities. After installing, threat actors can hack login credentials, take screenshots, and deploy malicious scripts into web pages. The report stresses that these extensions are specifically dangerous as they can evade traditional security checks and stay hidden for longer periods.
CyberCartel and its Role
The report also sheds light on the notorious activities of the cybercriminal group known as CyberCartel. The group has been associated with various high-profile attacks on financial organizations and government officials in LATAM. CyberCartel works via the Malware-as-a-Service (MaaS) model, offering other threat actors the tools and infrastructure needed to launch sophisticated attacks. This has allowed amateur cybercriminals to give access and contribute to the frequency and severity of attacks.
Attacking High-Profile Entities
CyberCartel's main targets are high-profile entities like government offices and financial institutions. These forms are lucrative targets because of the sensitive info they manage and the possible financial gain for threat actors. The report mentions various incidents where CyberCartel successfully hacked these organizations, causing reputational and financial damage. The group's potential to adjust and develop its techniques makes it a dangerous adversary for cybersecurity experts.
Advanced Tactics and Techniques
One sophisticated technique is using social engineering to fool users into installing malicious software. Cybercriminals make believable phishing emails and fake websites that impersonate genuine institutions. Hackers access their accounts and launch fraudulent transactions once users are tricked into giving their credentials.
Another sophisticated technique is using polymorphic malware, infamous for changing its code to escape detection by antivirus software. This kind of malware is difficult to address as it requires consistent updates to security systems to keep up with changing threat scenarios.