Significant financial events are used by ransomware groups as leverage during their malicious activities. Such events as mergers and acquisitions are an ideal time for ransomware groups to commit attacks aimed at making victims pay the ransom. Before committing these attacks, malicious actors look for publicly available information about their targets as well as nonpublic data. In case victims refuse to pay a ransom, malicious actors threaten them to disclose the found information to give a negative signal to investors.
During significant financial events, companies are extremely vulnerable to any damage to their reputation. Thus, the possibility that they will agree to pay a ransom to ransomware groups to avoid reputational losses is very high. Ransomware attacks are often performed in two stages. During the first stage, attackers commit the initial intrusion by spreading trojan malware. They collect information that may be later used to make victims pay a ransom.
Google has launched a three-month bug bounty targeting flaws in the Linux kernel offering researchers 3x awards. By exploiting privilege escalation in Google’s lab environment with a patched vulnerability researchers can get a reward of up to $31,337. At the same time, by identifying zero-day flaws, previously undisclosed vulnerabilities, or new exploit techniques researchers can get up to $50,337.
Google is constantly investing in the security of the Linux Kernel. Most of the top websites and internet infrastructure such as Facebook, Google, AWS, Microsoft Azure, and Wikipedia are powered by Linux Kernel. Google hopes that the increased rewards will act as additional motivation for researchers to actively look for new Kernel exploitation techniques.
Attackers are actively using email and call center customer service agents to scam victims out of thousands of dollars. There are two forms of telephone-oriented attack delivery including the use of free legitimate remote assistance software to steal money and the use of malware such as BazaLoder. These attacks begin with an email sent to victims. These malicious emails contain the phone number of a malicious contact center attendant. When a victim calls this call center, a malicious actor starts guiding him through various types of user interaction. A victim downloads files containing malware or installs malicious applications allowing attackers to get remote access to the targeted devices.
The list of recent lures includes computer security services, Justin Biber ticket sellers, Covid-19 relief funds, software updates, etc. These attacks may be “life-altering” for victims. Most of these attacks are coming from India. The malicious call centers seem to be legitimate businesses. Malicious actors likely procure the list of victims from telemarketer resources.
A significant amount of data about the Labour Party members has become inaccessible due to the incident related to a third-party firm responsible for handling membership data. The National Cybersecurity Center and Information Commissioner’s Office have started investigating the incident. The Labour Party is working closely with law enforcement bodies and the third-party firm to fully estimate the scope of the incident.
According to the statement made by the Labour Party, its own data systems have remained unaffected. Apart from the party members, the affected data may include information received from the registered and affiliated supporters of the party as well as other individuals. Although there is no detailed information about the incident, it’s likely that the party has experienced a ransomware attack.
The FBI has issued a special warning to private industry partners that DDoS attacks have been added to the arsenal of extortion tactics of the HelloKitty ransomware gang also known as FiveHands. Unless victims comply with the ransom demands, the ransomware gang threatens to bring their websites down. The HelloKitty ransomware group is known for stealing and encrypting victims’ sensitive information.
The ransomware group demands ransom payments be made in crypto. These malicious actors thoroughly assess the victim’s ability to pay before committing ransomware attacks. Malicious actors use various methods to compromise the targeted networks including compromised credentials and recently patched security flaws.
Enter your email address to subscribe to Hacken Reseach and receive notifications of new posts by email.