1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Watch out, there's a new malvertising scheme spreading dangerous

    From TechnologyDaily@1337:1/100 to All on Mon Dec 4 14:30:05 2023
    Watch out, there's a new malvertising scheme spreading dangerous ransomware

    Date:
    Mon, 04 Dec 2023 14:17:57 +0000

    Description:
    Cybercriminals are dropping infostealers via malvertising, and using them to run ransomware campaigns.

    FULL STORY ======================================================================

    Cybercriminals known as Twisted Spider (AKA Storm-0216) were observed using the services of Storm-1044, which infected target endpoints with an initial access trojan called DanaBot. Twisted Spider would then use this access to deploy the CACTUS ransomware .

    In a Twitter thread , Microsoft security researchers said Storm-0216 was
    known for leveraging QakBots infrastructure for infections, but since law enforcement dismantled this operation last summer, the group was forced to pivot to a different platform.

    "The current Danabot campaign, first observed in November, appears to be
    using a private version of the info-stealing malware instead of the malware-as-a-service offering," the company explained. DanaBot offered hands-on keyboard activity to its partners, it was added.

    Reader Offer: $50 Amazon gift card with demo
    Perimeter 81's Malware Protection intercepts threats at the delivery stage
    to prevent known malware, polymorphic attacks, zero-day exploits, and more. Let your people use the web freely without risking data and network security.

    Preferred partner ( What does this mean? ) Encrypting itself

    Once the Storm-1044 group steals the necessary login credentials, they would move laterally across the network and throughout endpoints via RDP sign-in attempts. After initial access had been established, the group would hand it over to Twisted Spider, who would then infect the endpoints with the CACTUS ransomware.

    It seems that CACTUS is quickly becoming the go-to choice for many ransomware operators. Last week, researchers from Arctic Wolf warned that hackers abused three vulnerabilities in the Qlik Sense data analytics solution to deploy
    this particular variant and steal sensitive company data.

    In May, Krolls researchers discovered that the ransomware had a unique method of evading cybersecurity protections: CACTUS essentially encrypts itself, making it harder to detect and helping it evade antivirus and network monitoring tools, Laurie Iacono, Associate Managing Director for Cyber Risk
    at Kroll, told Bleeping Computer .

    Cactus is a relatively new entrant in the ransomware game, first being
    spotted in March this year. It has the usual modus operandi, stealing sensitive data and encrypting systems, to later demand payment in cryptocurrency in exchange for the decryption key and for keeping the data private. More from TechRadar Pro Networks breached after ransomware slips
    past Qlik Sense security flaws Here's a list of the best malware removal software today These are the best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/watch-out-theres-a-new-malvertising-sch eme-spreading-dangerous-ransomware


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)