Bitter APT Targets Turkish Defense Sector with WmRAT and MiyaRAT Malware

Bitter APT Targets Turkish Defense Sector with WmRAT and MiyaRAT Malware

Dec 17, 2024Ravie LakshmananCyber Espionage / Malware A suspected South Asian cyber espionage threat group known as Bitter targeted a Turkish defense sector organization in November 2024 to deliver two C++-malware families tracked as WmRAT and MiyaRAT. “The attack chain used alternate data streams in a RAR archive to deliver a shortcut (LNK) file that created a scheduled task on the target machine to pull down further payloads,” Proofpoint researchers Nick Attfield, Konstantin Klinger, Pim…

Read More

Are Long-Lived Credentials the New Achilles' Heel for Cloud Security?

Are Long-Lived Credentials the New Achilles' Heel for Cloud Security?

The head of security advocacy at Datadog, a cloud-based monitoring and analytics platform, has urged enterprises in Australia and the APAC region to accelerate phasing out long-lived credentials for popular hyperscale cloud services, warning that they remain a serious data breach risk. Speaking with TechRepublic, Andrew Krug highlighted findings from Datadog’s State of Cloud Security 2024 report, which identified long-lived credentials as a persistent security risk factor. While credential management practices are improving, Krug noted…

Read More

Number of Active Ransomware Groups Highest on Record

Number of Active Ransomware Groups Highest on Record

This year has seen the highest number of active ransomware groups on record, with 58 attacking global businesses in the second quarter. Threat intelligence platform provider Cyberint has reported only a slight dip in the third quarter, with 57 active groups. Furthermore, in Q3, the top 10 ransomware groups were responsible for only 58.3% of all detected attacks. This reflects both the increase in the number of active groups in general and a decline in…

Read More

Global Cyber Attacks to Double from 2020 to 2024, Report Finds

Global Cyber Attacks to Double from 2020 to 2024, Report Finds

On the first day of Cybersecurity Awareness Month in the U.S., research has revealed that the number of significant global cyber attacks in 2024 will be double that of 2020. A new report from insurer QBE, Connected Business: digital dependency fuelling risk, predicts that organisations will be hit by 211 disruptive and destructive cyber attacks this year. Disruptive incidents are reversible and only impact data availability, integrity, or access — such as distributed denial-of-service attacks….

Read More

Transportation Companies Hit by Cyberattacks Using Lumma Stealer and NetSupport Malware

Transportation Companies Hit by Cyberattacks Using Lumma Stealer and NetSupport Malware

Sep 25, 2024Ravie LakshmananEmail Security / Threat Intelligence Transportation and logistics companies in North America are the target of a new phishing campaign that delivers a variety of information stealers and remote access trojans (RATs). The activity cluster, per Proofpoint, makes use of compromised legitimate email accounts belonging to transportation and shipping companies so as to inject malicious content into existing email conversations. As many as 15 breached email accounts have been identified as used…

Read More

New APT Group

New APT Group

Jul 08, 2024NewsroomCyber Espionage / Cloud Security A previously undocumented advanced persistent threat (APT) group dubbed CloudSorcerer has been observed targeting Russian government entities by leveraging cloud services for command-and-control (C2) and data exfiltration. Cybersecurity firm Kaspersky, which discovered the activity in May 2024, said the tradecraft adopted by the threat actor bears similarities with that of CloudWizard, but pointed out the differences in the malware source code. The attacks wield an innovative data-gathering program…

Read More

3 UK Cyber Security Trends to Watch in 2024

3 UK Cyber Security Trends to Watch in 2024

Staying up to date with the latest in cyber security has arguably never been more paramount than in 2024. Financial services provider Allianz named cyber attacks this year’s biggest risk for business in the U.K. and a top concern for businesses of all sizes for the first time. However, many professionals are still in the dark about what the events in Q1 tell us about the cyber landscape for the rest of the year that…

Read More

Warning: Thread Hijacking Attack Targets IT Networks, Stealing NTLM Hashes

Warning: Thread Hijacking Attack Targets IT Networks, Stealing NTLM Hashes

Mar 05, 2024NewsroomEmail Security / Network Security The threat actor known as TA577 has been observed using ZIP archive attachments in phishing emails with an aim to steal NT LAN Manager (NTLM) hashes. The new attack chain “can be used for sensitive information gathering purposes and to enable follow-on activity,” enterprise security firm Proofpoint said in a Monday report. At least two campaigns taking advantage of this approach were observed on February 26 and 27,…

Read More

UK Study: Generative AI May Increase Ransomware Threat

UK Study: Generative AI May Increase Ransomware Threat

The U.K.’s National Cyber Security Centre has released a new study that finds generative AI may increase risks from cyber threats such as ransomware. Overall, the report found that generative AI will provide “capability uplift” to existing threats as opposed to being a source of brand new threats. Threat actors will need to be sophisticated enough to gain access to “quality training data, significant expertise (in both AI and cyber), and resources” before they can…

Read More

Invoice Phishing Alert: TA866 Deploys WasabiSeed & Screenshotter Malware

Invoice Phishing Alert: TA866 Deploys WasabiSeed & Screenshotter Malware

The threat actor tracked as TA866 has resurfaced after a nine-month hiatus with a new large-volume phishing campaign to deliver known malware families such as WasabiSeed and Screenshotter. The campaign, observed earlier this month and blocked by Proofpoint on January 11, 2024, involved sending thousands of invoice-themed emails targeting North America bearing decoy PDF files. “The PDFs contained OneDrive URLs that, if clicked, initiated a multi-step infection chain eventually leading to the malware payload, a…

Read More
1 2 3 4