Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cybersecurity Attack. Show all posts
Ransomware
cyberattacks trending news Cybersecurity Attack malware News Ransomware

Cisco Talos Uncovers Lotus Blossom’s Multi-Campaign Cyber Espionage Operations

Cisco Talos has uncovered a series of cyber espionage campaigns attributed to the advanced persistent threat (APT) group Lotus Blossom, also known as Spring Dragon, Billbug, and Thrip. 

The group has been active since at least 2012, targeting government, manufacturing, telecommunications, and media sectors in regions such as the Philippines, Vietnam, Hong Kong, and Taiwan. Talos identified Sagerunex, a backdoor tool used exclusively by Lotus Blossom, as the core malware in these campaigns. 

The investigation revealed multiple variants of Sagerunex, evolving from its original form to leverage third-party cloud services such as Dropbox, Twitter, and Zimbra webmail as command-and-control (C2) tunnels, instead of traditional Virtual Private Servers (VPS). This shift helps the group evade detection while maintaining control over infected endpoints. 

The group has been observed gaining persistence on compromised systems by embedding Sagerunex into the system registry and configuring it to run as a service. The malware operates as a dynamic link library (DLL), executed directly in memory to avoid detection. The campaigns also showcase long-term persistence strategies, allowing attackers to remain undetected for months. 

Beyond Sagerunex, Lotus Blossom employs an arsenal of hacking tools to facilitate credential theft, privilege escalation, and data exfiltration. These include a Chrome cookie stealer from GitHub, a customized Venom proxy tool, a privilege adjustment tool, and an archiving tool for encrypting and stealing data. 

Additionally, the group utilizes mtrain V1.01, a modified HTran proxy relay tool, to route connections between compromised machines and external networks. The attack chain follows a structured multi-stage approach, starting with reconnaissance commands such as “net,” “tasklist,” “ipconfig,” and “netstat” to gather system details. 

If an infected machine lacks direct internet access, the attackers leverage proxy settings or the Venom tool to establish connectivity. A notable tactic involves storing malicious tools in the “public\pictures” subfolder, a non-restricted directory, to avoid detection.

Talos’ research underscores the growing sophistication of Lotus Blossom, which continues to refine its techniques and expand its capabilities. With high confidence, Cisco attributes these campaigns to Lotus Blossom, highlighting its sustained cyber espionage operations against high-value targets.
Read more »
News
Cyber Security Cyber Threats Cybersecurity Attack financial attack News

Lending App Data Breach Leaves Sensitive Customer Information Unprotected

 

A major digital lending platform has reportedly exposed sensitive customer data due to a misconfigured Amazon AWS S3 bucket that was left unsecured without authentication. Security researchers discovered the breach on November 28, 2024, but the issue remained unresolved until January 16, 2025, leaving the data vulnerable for over a month. While there is no direct evidence that cybercriminals accessed the information, experts warn that only a thorough forensic audit could confirm whether any unauthorized activity took place.  

The exposed data reportedly includes Know Your Customer (KYC) documents, which financial institutions use to verify identity, address, and income details. This type of information is particularly valuable to cybercriminals, as it can be exploited to fraudulently obtain loans, orchestrate identity theft, or carry out sophisticated social engineering attacks. 

According to researchers, attackers could leverage leaked loan agreements or bank details to manipulate victims into making unauthorized payments or providing further account verification. Furthermore, such personal data often ends up being aggregated and sold on the dark web, amplifying risks for affected individuals and making it harder to protect their privacy. 

To minimize the risks associated with such breaches, experts recommend monitoring bank statements and transaction histories for any suspicious activity and immediately reporting irregularities to financial institutions. Users are also advised to set strong, unique passwords for different accounts, especially those containing financial or sensitive information, and to update them immediately if a breach is suspected. Enabling multi-factor authentication (MFA) adds an extra layer of security and can significantly reduce the likelihood of unauthorized access. 

Another major concern following such incidents is the increased likelihood of social engineering attacks like phishing, where criminals use leaked data to craft convincing fraudulent messages. Attackers may impersonate banks, service providers, or even personal contacts to trick victims into revealing sensitive details, clicking malicious links, or scanning fraudulent QR codes. 

Users should remain cautious of unexpected emails or messages, verify the sender’s identity before clicking any links, and contact companies directly through their official websites. It is crucial to remember that banks and legitimate financial institutions will never request sensitive account details via phone or email or ask customers to transfer funds to another account.
Read more »
trending news
Cybersecurity Attack malware News online threats trending news

Beware of Fake Viral Video Links Spreading Malware

 

McAfee Labs has uncovered a rise in cyber scams where fraudsters use fake viral video links to trick people into downloading malware. These attacks rely on social engineering, enticing users with promises of exclusive or leaked content. 

Once a user clicks on the deceptive link, they are redirected through several malicious websites before unknowingly downloading a harmful file. The scheme typically begins with a fake message or document containing a link to a trending video. Clicking the link leads to an unsafe website filled with misleading advertisements, fake download buttons, and sometimes adult content. 

These sites trick users into downloading a file—often a ZIP folder—that seems harmless but actually contains malware hidden within a password-protected archive. Once downloaded and extracted, the file reveals a setup program that, when executed, launches the malware. To make it appear legitimate, a CAPTCHA screen is displayed first. 

However, once the user clicks “OK,” the malware installs itself discreetly, injecting harmful files into the system and running hidden processes that steal data or compromise the device. While McAfee’s security measures have intercepted many such attacks, experts warn that these scams continue to evolve. 

Cybercriminals use clickbait tactics to manipulate people’s curiosity, making it crucial to stay vigilant. To protect yourself, avoid clicking on links that claim to provide exclusive or leaked videos, as these are often traps designed to distribute malware. 

Be cautious of unfamiliar websites that prompt you to download files, as they may contain hidden threats. Always scan downloaded files with reliable security software before opening them. Additionally, keep your antivirus software updated to ensure real-time protection against emerging cyber threats. Since online scams are constantly evolving, staying informed and cautious is the best defense against potential cyber risks.
Read more »
malware
CyberCrime Cybersecurity Attack Google malware

Cybercriminals Ramp Up Malvertising Schemes Through Google Searches

 

Malvertising, the practice of using online ads for malicious purposes, is on the rise, with incidents in the U.S. spiking by 42 per cent in fall 2023, according to cybersecurity firm Malwarebytes. Hackers are leveraging increasingly sophisticated techniques to trick users into clicking on ads that install malware or lead to phishing scams. 

Jérôme Segura, senior director of research at Malwarebytes, warns that this surge is “just the tip of the iceberg,” as more companies and individuals fall victim to such attacks. Many of these fraudulent ads appear as sponsored content during routine Google searches, posing as legitimate brands or services. Some only ensnare consumers who click on them, but others can exploit vulnerabilities, infecting users merely by visiting an infected site. 

Even corporate employees are being targeted, as hackers prey on their trust in internal portals. For example, hackers recently created a fake Google ad impersonating Lowe’s, which misled employees into entering a phishing page disguised as the retailer’s employee portal. While Google and other search engines like Bing are not responsible for these attacks, their widespread use and high level of consumer trust make them prime targets for cybercriminals. 

According to Stuart Madnick, a professor at MIT Sloan School of Management, users often let their guard down, believing that anything appearing in a Google search is safe. To mitigate the risk of malvertising, cybersecurity experts recommend users avoid clicking on sponsored links and double-check URLs before proceeding. 

Keeping browsers up-to-date is crucial to avoid drive-by downloads, a method that installs malware simply by visiting a compromised website. Chris Pierson, CEO of BlackCloak, urges consumers to be wary of phone numbers from ads, as scammers could hijack them. 

He advises verifying numbers directly from company websites or official documentation. Installing anti-malware software and using privacy browsers or ad blockers can also protect consumers from malicious ads. 

Reporting suspicious ads helps reduce the spread of malvertising, but Madnick reminds users to stay vigilant, adding, “You should assume that this could happen to you no matter how careful you are.”
Read more »
UAE
Cyber Security Cybersecurity Attack Data Theft Phishing Attacks PostalFurious UAE

'PostalFurious' SMS Attacks Target UAE Citizens for Data Theft


The United Arab Emirates has recently become a target of SMS campaigns that seek to deceive residents and extract their personal and payment information. This particular campaign, known as PostalFurious, initially targeted individuals in the Asia-Pacific region before expanding its reach to the UAE. It operates by impersonating postal services, using SMS messages to deceive unsuspecting victims into revealing sensitive data.  

The investigations carried out by Group-IB have linked both campaigns to a phishing ring called PostalFurious, known for its Chinese-speaking language. This group, active since 2021, possesses the capability to swiftly establish extensive network infrastructures, frequently changing them to evade detection by security systems. 

Additionally, the group employs access-control techniques to bypass automated detection and blocking mechanisms. Also, the evidence suggests that PostalFurious operates on a global scale, extending its activities beyond the Middle Eastern initiative under scrutiny. 

As part of this campaign, fraudulent SMS messages are being used to gather payment details by deceiving recipients into believing they need to pay fees for tolls and deliveries. The URLs included in these text messages direct individuals to counterfeit payment pages adorned with the logos and names of well-known postal service providers in the country. 

Since April 15 of this year, the scam SMS messages have been distributing shortened URLs that lead to counterfeit payment pages. Initially, the campaign impersonated a UAE toll operator, but on April 29, a new version was launched, this time mimicking the UAE postal service. Interestingly, the phishing domains for both versions were hosted on the same servers. The SMS messages were sent from phone numbers registered in Malaysia and Thailand, along with email addresses via iMessage. 

These pages illicitly request personal information, including names, addresses, and credit card details. Notably, the phishing pages can only be accessed from IP addresses located within the UAE, further targeting residents of the country. 

Anna Yurtaeva, a senior cyber investigation specialist at Group-IB's Digital Crime Resistance Center in Dubai, has confirmed that the group is exclusively targeting members of the public. Previously the group victimized users of Singapore and Australia

"They launch widespread SMS phishing campaigns, and we are aware of cases where messages have been sent to UAE residents who are not users of the services. From our analysis of the source code and infrastructure of the PostalFurious website, we see that the gang aims to steal payment credentials and personal data from victims," she said. 

Data Theft: Significance, Impacts, and Consequences 

The Significance of Data Theft: 

  • Primary Driver: Corporate data theft stems primarily from the pursuit of financial gain, accounting for a minimum of 86% of breaches. 
  • Exploiting Weaknesses: Attackers exploit security vulnerabilities by stealing and selling data to other malicious actors, maximizing their gains. 

Impacts on Businesses: 

  • Costly Breaches: Data breaches incur substantial costs, with the average breach exceeding $1.2 million in 2018, indicating a 24% increase from the previous year. 
  • Small Business Vulnerability: Smaller organizations with limited resources face heightened risks, as 60% of them go out of business within six months of an attack. 

Broader Consequences: 

  • Ransomware Extortion: Cybercriminals may hold an organization's data hostage, with paying the ransom not guarantee a resolution. 
  • Expensive Recovery: Data recovery and system patching post-breach entail significant expenses. 
  • Reputational Damage and Customer Loss: Data theft leads to customer attrition, while brands with a history of breaches struggle to attract new business. 
  • Legal Liabilities: Mishandling of data exposes companies to potential lawsuits from affected customers. 
  • Downtime and Reduced Productivity: Breaches render systems unusable, causing downtime and hampering employee productivity. 
  • Regulatory Penalties: Non-compliant organizations face substantial financial penalties for failing to meet security mandates. 
In a new development, it was discovered not only PostalFurious but there is also another campaign with a similar theme that has emerged. Referred to as "Operation Red Deer," is designed to specifically target Israeli engineering and telecommunications companies. The campaign involves a persistent stream of phishing messages that skillfully impersonate Israel's postal service, adding to the credibility of the attacks. These ongoing events highlight the need for robust mechanisms and quick responses. 
Read more »
Subscribe to: Posts (Atom)