Weekly News Digest #56

Data encryption and nasty threats attributable to a new ransomware

A new form of ransomware is distributed by cybercriminals against businesses, their employees, and partners. The new ransomware not only encrypts victims’ data but also make a threat to launch DDoS attacks unless victims pay a ransom. The ransomware dubbed Yanluowang was firstly uncovered by security researchers representing Broadcom Software’s Symantec Threat Hunter team. 

In this case, attackers increase the effectiveness of their attacks by threatening additional attacks. Yanluowang drops victims a note stating that they have been infected with ransomware and containing the addresses they need to contact to negotiate a payment. The note warns victims not to contact any law enforcement bodies such as the FBI or police as well as cybersecurity companies. In case a victim contacts outside parties for help, a powerful DDoS attack will be launched. Researchers uncovered the new type of ransomware after identifying suspicious use of AdFind, legitimate command included in the Active Directory query tool. 

Read more

The surprisingly simple trick has allowed the malware botnet gang to steal millions

The long-running botnet called MyKings has raked more than $24 million by mining for cryptocurrencies using the network of compromised computers. The botnet is also called Hexmen and Smominru and constitutes the largest botnet dedicated to mining cryptocurrencies by free-riding server CPUs and desktop of victims. 

The malicious group has made most of its earnings through its “clipboard stealer module”. The malicious technology detects when somebody copies a wallet address and then this module swaps this address in a different one that is controlled by a gang. This clipboard stealer has been affecting users worldwide since 2018. This stealer module exploits the users’ habit of inserting long wallet addresses rather than printing them. However, coin stealing constitutes only a minor part of the MyKings’ business, according to the data collected by the security firm Sophos.

Read more

Phantom Floods: vulnerability of service providers to these DDoS attacks

Service providers are using a high traffic threshold to detect abnormal behaviour when protecting largescale networks. When a large DDoS attack takes place, this defined threshold will be triggered and the mitigation process will be initiated. However, some attacks may not trigger this threshold. Phantom flood attacks sneak below the radar, however, they may be powerful enough to overwhelm the target’s defences.  

Service providers are turning to virtualized network solutions to balance network scalability and costs and thereby they carry most of the traffic growth burden. In most cases, service providers are balancing between a wide and narrow protection spectrum. According to the data provided in the research conducted by the company Radware, the volume of more than 90% of DDoS attacks is below 1 Gbps, however, due to the lack of granular detection sensitivity, even non-volumetric attacks larger than 1 Gbps will not be blocked by traditional solutions. 

Read more

Password-stealing attacks are surging: 45% increase in 6 months

Additional log-in security measures need to be applied by companies since attacks using password-stealing malware are actively surging – a 45% increase for 6 months. The incidents of Trojan-PSW, a specialized stealer capable of gathering login and credential information, were analyzed by the Russian AV Vendor. The total number of security incidents involving password-stealing malware reached nearly half a million cases, a 45% increase. 

Such information as logins, passwords, payment details and other personal data has become a popular commodity on the dark market. That is why Kaspersky strongly recommends users to take extra steps such as multi-factor authentication to protect their accounts. Also, users should not follow suspicious links and try to use only updated security solutions. 

Read more

NFT OpenSea marketplace: a critical flaw in crypto wallets discovered

The critical vulnerabilities attributable to crypto wallets of NFT marketplace OpenSea have been detected by the security company Check Point Research. The company has issued a warning to OpenSea to fix the exploit. OpenSea is the largest peer-to-peer marketplace for crypto collectibles and non-fungible tokens. The transaction volume on OpenSea reached $3.4 bln in August 2021. Unless OpenSea fixes the detected vulnerabilities, hackers will be able to hijack users’ accounts and craft malicious NFTs to steal entire cryptocurrency wallets. 

The vulnerability exploitation mechanism followed by attackers is the following: hackers create and gift malicious NFT to target victims. When a victim views the gifted NFT, a pop-up from OpenSea’s storage domain is triggered to request a connection to the cryptocurrency wallets belonging to victims. In case a victim clicks on a pop-up, cybercriminals can get complete access to the victim’s wallet.

Read more