The Quantum and BlackCat ransomware gangs are now using the Emotet botnet to deploy their payloads. Emotet was first deployed as a banking trojan in 2014, and has since evolved into a network of compromised computers.
On June 22, 2022, CNCERT IoT Threat Research Team and NSFOCUS FuYingLab monitored a new botnet that was attacking IoT devices. Naming the threat ‘RapperBot,’ researchers found more than 5,000 compromised hosts, but no attack commands were spotted. In analyzing samples, cybersecurity analytics found similarities with Mirai Bot, whose source code has been leaked.
Researchers have identified new cyber-espionage activity focusing on government entities, state-owned aerospace and defense firms, telecom companies, and IT organizations in multiple Asian countries.
A new phishing campaign has seen attackers impersonate Microsoft in order to bait recipients into inadvertently exposing their account credentials. Victims are invited to add a message of condolence on an online memorial board "in memory of Her Majesty Queen Elizabeth II."
The backdoor known as SideWalk, or StageClient, has been observed in various attacks over the last year, mainly against academic targets in East and Southeast Asia. These attacks were mainly against Windows systems, but a new variant targeting Linux systems has been discovered with similar functionality.
AV-TEST, the renowned independent evaluator of antivirus and security solutions, recently released the results of their June 2022 evaluation of business security products for macOS Monterey. Acronis Cyber Protect was one of the participants and showed excellent results — earning a well-deserved Approved badge for Corporate Endpoint Protection on macOS systems.
Leading hospitality company InterContinental Hotels Group PLC (also known as IHG Hotels & Resorts) has been impacted by a cyberattack. The hotel group's APIs are down and showing 502 and 503 HTTP errors, while customers are unable to log into their accounts.
A new Instagram phishing campaign has been discovered, attempting to scam users of the popular social media platform by luring them with the offer of a coveted "blue badge" — official verification of the user's profile. As part of the alleged verification process, users are asked to reveal their password and other sensitive information, all of which is sent directly to the attacker.
Damart, a French clothing company with over 130 stores across the world, has been hit by the Hive ransomware gang. The attackers demand a ransom of $2 million but have opted to keep negotiations private for now.
The LockBit ransomware gang has announced that it is working to take its operation to the triple-extortion level. The gang is now looking to add DDoS as an extortion tactic on top of encrypting data and exfiltrating it (to threaten future leaks).
Baker & Taylor, the world's largest distributor of books to libraries worldwide, confirmed it's still working on restoring systems after being hit by ransomware more than a week ago. With an annual revenue of $4.6 billion, the Charlotte, North Carolina-based firm currently services more than 5,000 public and academic libraries.
A new threat campaign has seen cryptocurrency-mining malware distributed across at least 11 countries, disguised as translator apps and music download apps. The app itself provides the advertised functionality, but also hides a sneaky downloader.