State-Backed Hackers Using Ransomware as a Decoy for Cyber Espionage Attacks

From thehackernews.com

Ransomware as a Decoy for Cyber Espionage Attacks

A China-based advanced persistent threat (APT) group is possibly deploying short-lived ransomware families as a decoy to cover up the true operational and tactical objectives behind its campaigns.

The activity cluster, attributed to a hacking group dubbed Bronze Starlight by Secureworks, involves the deployment of post-intrusion ransomware such as LockFile, Atom Silo, Rook, Night Sky, Pandora, and LockBit 2.0.

Read more…

Over 65% of companies were targeted twice with cyber attacks within a year

From cybersecurity-insiders.com

A recent study made by security management firm Cymulate has confirmed that 65% of companies have suffered cyber attacks for the second time within one year. Disappointingly, 40% of businesses were targeted two times within 12 months, while 10% of them were hit multiple times within a year’s time frame.

According to a report titled Cymulate Data Breaches Study, most of the attacks reached the corporate networks through phishing emails. While 1% of them emerged via insider threats.

Read more…

New ‘Quantum’ Builder Lets Attackers Easily Create Malicious Windows Shortcuts

From thehackernews.com

A new malware tool that enables cybercriminal actors to build malicious Windows shortcut (.LNK) files has been spotted for sale on cybercrime forums.

Dubbed Quantum Lnk Builder, the software makes it possible to spoof any extension and choose from over 300 icons, not to mention support UAC and Windows SmartScreen bypass as well as “multiple payloads per .LNK” file. Also offered are capabilities to generate .HTA and disk image (.ISO) payloads.

Read more…

Enterprises struggle with hybrid IT complexities and lack of visibility: study

From itp.net

The acceleration of hybrid IT has increased network complexity for most organisations and caused several worrisome challenges for IT professionals, according to the latest SolarWinds IT Trends Report 2022.

Hybrid and remote work have amplified the impact of distributed and complex IT environments. Running workloads and applications across both cloud and on-premises infrastructure can be challenging, and many organisations are increasingly experiencing—and ultimately hindered by—these pain points.

Read more…

The hateful eight: Kaspersky’s guide to modern ransomware groups’ TTPs

From securelist.com

These days ransomware analysis gets a lot of coverage in commercial and public reports, with vendors issuing dozens of ransomware-related publications each year. These reports provide analysis on specific malware families or new samples, describe the activities of a particular ransomware group, give general tips on how to prevent ransomware from working, and so on. Malware analysts and security professionals can learn a lot from these reports, but not much of the content has an immediate or practical use. With the release of the report Common TTPs of modern ransomware, Kaspersky experts have taken a different approach. We want to familiarize the reader with the different stages of ransomware deployment, how cybercriminals use RATs and other tools across the various stages and what they aim to achieve. The report also provides a visual guide to defending against targeted ransomware attacks, using the most prolific groups as examples, and introduces the reader to the SIGMA detection rules that we created.

Read more…

5 Tips for Protecting Your Phone from Malware

From hackread.com

Most people today depend on their phones entirely. Aside from being a portal to our social life, they also make our lives easier in many ways. One of the best things probably is paying with them and having the chance to check our bank account through them.

Connectivity to every area in our lives is also a target for hackers. Having our bank accounts and everything else on our phones drives criminals to try and get inside the software. We need to be fully protected and ensure no malware is installed on our phones.

Read more…

Malicious Cyber Actors Continue to Exploit Log4Shell in VMware Horizon Systems

From cisa.gov

The Cybersecurity and Infrastructure Security Agency (CISA) and United States Coast Guard Cyber Command (CGCYBER) are releasing this joint Cybersecurity Advisory (CSA) to warn network defenders that cyber threat actors, including state-sponsored advanced persistent threat (APT) actors, have continued to exploit CVE-2021-44228 (Log4Shell) in VMware Horizon® and Unified Access Gateway (UAG) servers to obtain initial access to organizations that did not apply available patches or workarounds.

Since December 2021, multiple threat actor groups have exploited Log4Shell on unpatched, public-facing VMware Horizon and UAG servers. As part of this exploitation, suspected APT actors implanted loader malware on compromised systems with embedded executables enabling remote command and control (C2). In one confirmed compromise, these APT actors were able to move laterally inside the network, gain access to a disaster recovery network, and collect and exfiltrate sensitive data.

Read more…