Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: cybercrime/malcode – Page 167

Emotet Returns to Hit 100K Mailboxes Per Day

Just in time for the Christmas holiday, Emotet is sending the gift of Trickbot.

After a lull of nearly two months, the Emotet botnet has returned with updated payloads and a campaign that is hitting 100, 000 targets per day.

Emotet started life as a banking trojan in 2014 and has continually evolved to become a full-service threat-delivery mechanism. It can install a collection of malware on victim machines, including information stealers, email harvesters, self-propagation mechanisms and ransomware. It was last seen in volume in October, targeting volunteers for the Democratic National Committee (DNC); and before that, it became active in July after a five-month hiatus, dropping the Trickbot trojan. Before that, in February, it was seen in a campaign that sent SMS messages purporting to be from victims’ banks.

How the SolarWinds hackers are targeting cloud services in unprecedented cyberattack

[Editor’s Note: Independent security consultant Christopher Budd worked previously in Microsoft’s Security Response Center for 10 years.]

Analysis: To understand where the SolarWinds attackers are going next, and how to defend against them, look to the clouds.

The SolarWinds supply chain attacks are unprecedented in many ways. The attacks are sophisticated in execution, broad in scope, and incredibly potent in their effectiveness. But perhaps most notable is the unprecedented manner in which the SolarWinds attackers seem to be seeking access to cloud-based services as one of their key objectives.

SolarWinds victims revealed after cracking the Sunburst malware DGA

Security researchers have shared lists of organizations where threat actors deployed Sunburst/Solarigate malware, after ongoing investigations of the SolarWinds supply chain attack.

One of these lists—shared by cybersecurity firm Truesec —includes high-profile tech companies such as Intel, Nvidia, Cisco, Cox Communications, and Belkin, to name just a few.

Mediatek, the world’s second-largest provider of fabless semiconductors, might have also been specifically targeted in this campaign but TrueSec hasn’t yet fully confirmed the breach at this point.

New SUPERNOVA backdoor found in SolarWinds cyberattack analysis

While analyzing artifacts from the SolarWinds Orion supply-chain attack, security researchers discovered another backdoor that is likely from a second threat actor.

Named SUPERNOVA, the malware is a webshell planted in the code of the Orion network and applications monitoring platform and enabled adversaries to run arbitrary code on machines running the trojanized version of the software.

White House acknowledges reports of cyberattack on U.S. Treasury

The Washington Post linked the hack, which occurred over the weekend, to a group working for the Russian foreign intelligence service.

The FBI is currently investigating the group, known among private-sector cybersecurity firms as APT29 or Cozy Bear. The hackers are also believed to have breached the State Department, Joint Chiefs of Staff and the White House networks during the Obama administration.

The latest revelation comes less than a month after President Donald Trump fired Christopher Krebs, the nation’s top cybersecurity official.