Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label organisations. Show all posts
organisations
Atroposia DNS Hijacking Hacking malware Malware Trojan organisations

Atroposia Malware Offers Attackers Built-In Tools to Spy, Steal, and Scan Systems

 




Cybersecurity researchers have recently discovered a new malware platform known as Atroposia, which is being promoted on dark web forums as a subscription-based hacking toolkit. The platform offers cybercriminals a remote access trojan (RAT) that can secretly control computers, steal sensitive data, and even scan the infected system for security flaws, all for a monthly payment.

Researchers from Varonis, a data protection firm, explained that Atroposia is the latest example of a growing trend where ready-to-use malware services make advanced hacking tools affordable and accessible, even to attackers with little technical expertise.


How Atroposia Works

Atroposia operates as a modular program, meaning its users can turn individual features on or off depending on what they want to achieve. Once installed on a device, it connects back to the attacker’s command-and-control (C2) server using encrypted communication, making it difficult for defenders to detect its activity.

The malware can also bypass User Account Control (UAC), a security layer in Windows designed to prevent unauthorized changes, allowing it to gain full system privileges and remain active in the background.

Those who purchase access, reportedly priced at around $200 per month unlock a wide set of tools. These include the ability to open a hidden remote desktop, steal files, exfiltrate data, capture copied text, harvest credentials, and even interfere with internet settings through DNS hijacking.

One of the most distinctive parts of Atroposia is its HRDP Connect module, which secretly creates a secondary desktop session. Through this, attackers can explore a victim’s computer, read emails, open apps, or view documents without the user noticing anything unusual. Because the interaction happens invisibly, traditional monitoring systems often fail to recognize it as remote access.

The malware also provides an Explorer-style file manager, which lets attackers browse, copy, or delete files remotely. It includes a “grabber” feature that can search for specific file types or keywords, automatically compress the selected items into password-protected ZIP archives, and transmit them directly from memory leaving little trace on the device.


Theft and Manipulation Features

Atroposia’s data-theft tools are extensive. Its stealer module targets saved logins from browsers, chat records, and even cryptocurrency wallets. A clipboard monitor records everything a user copies, such as passwords, private keys, or wallet addresses, storing them in an easily accessible list for the attacker.

The RAT also uses DNS hijacking at the local machine level. This technique silently redirects web traffic to malicious sites controlled by the attacker, making it possible to trick victims into entering credentials on fake websites, download malware updates, or expose their data through man-in-the-middle attacks.


A Built-In Vulnerability Scanner

Unlike typical RATs, Atroposia comes with a local vulnerability scanner that automatically checks the system for weak spots, such as missing security patches, outdated software, or unsafe configurations. It generates a score to show which issues are easiest to exploit.

Researchers have warned that this function poses a major threat to corporate networks, since it can reveal unpatched VPN clients or privilege escalation flaws that allow attackers to deepen their access or spread across connected systems.

Security experts view Atroposia as part of a larger movement in the cybercrime ecosystem. Services like SpamGPT and MatrixPDF have already shown how subscription-based hacking tools lower the technical barrier for attackers. Atroposia extends that trend by bundling reconnaissance, exploitation, and data theft into one easy-to-use toolkit.


How Users Can Stay Protected

Analysts recommend taking preventive steps to reduce exposure to such threats.

Users should:

• Keep all software and operating systems updated.

• Download programs only from verified and official sources.

• Avoid pirated or torrent-based software.

• Be cautious of unfamiliar commands or links found online.

Companies are also urged to monitor for signs such as hidden desktop sessions, unusual DNS modifications, and data being sent directly from memory, as these can indicate the presence of sophisticated RATs like Atroposia.

Atroposia’s discovery highlights the growing ease with which advanced hacking tools are becoming available. What once required high-level expertise can now be rented online, posing a serious challenge to both individual users and large organizations trying to protect their digital environments.



Read more »
Software
Businesses Cyber Attacks Finance Healthcare Online Safety organisations Software

Don’t Wait for a Cyberattack to Find Out You’re Not Ready

 



In today’s digital age, any company that uses the internet is at risk of being targeted by cybercriminals. While outdated software and unpatched systems are often blamed for these risks, a less obvious but equally serious problem is the false belief that buying security tools automatically means a company is well-protected.

Many businesses think they’re cyber resilient simply because they’ve invested in security tools or passed an audit. But overconfidence without real testing can create blind spots leaving companies exposed to attacks that could lead to data loss, financial damage, or reputational harm.


Confidence vs. Reality

Recent years have seen a rise in cyberattacks, especially in sectors like finance, healthcare, and manufacturing. These industries are prime targets because they handle valuable and sensitive information. A report by Bain & Company found that while 43% of business leaders felt confident in their cybersecurity efforts, only 24% were actually following industry best practices.

Why this mismatch? It often comes down to outdated evaluation methods, overreliance on tools, poor communication between technical teams and leadership, and a natural human tendency to feel “safe” once something has been checked off a list.


Warning Signs of Overconfidence

Here are five red flags that a company may be overestimating its cybersecurity readiness:

1. No Real-World Testing - If an organization has never run a simulated attack, like a red team exercise or breach test, it may not know where its weaknesses are.

2. Rare or Outdated Risk Reviews - Cyber risks change constantly. Companies that rely on yearly or outdated assessments may be missing new threats.

3. Mistaking Compliance for Security - Following regulations is important, but it doesn’t mean a system is secure. Compliance is only a baseline.

4. No Stress Test for Recovery Plans - Businesses need to test their recovery strategies under pressure. If these plans haven’t been tested, they may fail when it matters most.

5. Thinking Cybersecurity Is Only an IT Job - True resilience requires coordination across departments. If only IT is involved, the response to an incident will likely be incomplete.


Building Stronger Defenses

To improve cyber resilience, companies should:

• Test and monitor security systems regularly, not just once.

• Train employees to recognize threats like phishing, which remains a common cause of breaches.

• Link cybersecurity to overall business planning, so that recovery strategies are realistic and fast.

• Work with outside experts when needed to identify hidden vulnerabilities and improve defenses.


If a company hasn’t tested its cybersecurity defenses in the past six months, it likely isn’t as prepared as it thinks. Confidence alone won’t stop a cyberattack but real testing and ongoing improvement can.

Read more »
RansomHub
cyber attack Data Halliburton organisations RansomHub

Halliburton Hit by Cyberattack, Data Stolen


 

Halliburton, one of the world’s largest energy companies, has confirmed that it was the victim of a cyberattack. Hackers infiltrated the company’s systems and stole sensitive information. The attack occurred last week, and Halliburton is still determining the extent of the data that was taken.

In a recent filing with government regulators, Halliburton acknowledged the breach but has yet to disclose the full details of what was stolen. The company is currently investigating the incident and deciding what legal notifications are required. In response to the attack, Halliburton took certain systems offline as a precaution and is working to restore normal operations, especially for its oil and fracking businesses. 

When approached for additional comments, company spokesperson Amina Rivera declined to elaborate further, stating that Halliburton would not provide more information beyond what was mentioned in its official filing.

Although Halliburton has not officially confirmed it, there are signs that the cyberattack may have been part of a ransomware campaign. TechCrunch obtained a ransom note related to the incident, which claims that hackers encrypted Halliburton’s files and stole sensitive data. A group known as RansomHub is believed to be behind the attack. This gang is notorious for carrying out similar cyberattacks, using stolen data as leverage to demand ransom payments. 

RansomHub typically publishes stolen files on its dark web platform when victims refuse to pay. So far, Halliburton has not been listed as one of RansomHub’s victims, but this could change if negotiations fail. RansomHub has been responsible for over 210 attacks since its rise to prominence earlier this year, and it has targeted other large organisations, including Change Healthcare.

Halliburton, with around 48,000 employees spread across various countries, is a major player in the global energy industry. In the past, the company gained notoriety due to its role in the Deepwater Horizon oil spill disaster in 2010, for which it paid over $1 billion in fines.

The recent cyberattack is expected to have financial repercussions for the company, though the exact costs are yet to be determined. In 2023, Halliburton reported $23 billion in revenue, with CEO Jeff Miller earning $19 million in total compensation. Halliburton has noted that it will continue to bear costs related to the cyberattack as they work on restoring systems and resolving the situation.

As the investigation unfolds, much of Halliburton’s online services remain down, and the company is assessing the full impact of the breach. Halliburton has been tight-lipped about its cybersecurity efforts, declining to provide information on who is currently overseeing their response.

This attack is a reminder of how large corporations remain vulnerable to cyber threats. Halliburton's situation underscores the importance of investing in strong cybersecurity measures to safeguard sensitive data and avoid disruptions in critical operations. The company will likely provide more updates as it works to recover from this breach.


Read more »
Subscribe to: Comments (Atom)