Bigger demands, bigger payouts are the trend in ransomware, report says

Palo Alto Networks’ Unit 42 says that in the cases it worked, the average demand was up 144% and average payment was up 78%.

The post Bigger demands, bigger payouts are the trend in ransomware, report says appeared first on CyberScoop.

Continue reading Bigger demands, bigger payouts are the trend in ransomware, report says

Russia-linked Gamaredon shows signs of possible recent activity in Ukraine, researchers say

A series of cyberattacks on Ukrainian institutions over the past few weeks — including website defacement, computer-wiping malware and phishing campaigns — have the hallmarks of hacking activity associated with the Russian government, but conclusive attribution remains elusive. Research published Thursday, however, shows how a known Russia-linked hacking group, Gamaredon, could be involved in active targeting of Ukrainian targets, including an attempt to compromise a Western government entity in Ukraine on Jan. 19. The findings, published by Palo Alto Networks’ Unit 42 threat intelligence unit, focus on the group as the Russian military amasses more than 100,000 troops along its border with Ukraine. The U.S. and other NATO governments say it’s preparation for a dramatic military escalation. Unit 42 makes clear that its research does not directly tie Gamaredon to the recent high-profile attacks. The team says it mapped out three “large clusters” of Gamaredon infrastructure that are used to support […]

The post Russia-linked Gamaredon shows signs of possible recent activity in Ukraine, researchers say appeared first on CyberScoop.

Continue reading Russia-linked Gamaredon shows signs of possible recent activity in Ukraine, researchers say

Interpol arrests 11 alleged members of Nigerian scam syndicate ‘SilverTerrier’

International law enforcement authorities say they’ve arrested nearly a dozen members of a notorious Nigerian cybercrime gang potentially responsible for targeting as many as 50,000 victims in various scams in recent years. Some of the 11 suspects are thought to be associated with “SilverTerrier,” a syndicate accused of employing a range of malware variants in tens of thousands of financial scams dating back to at least 2014, Interpol said Wednesday. The announcement comes two months after three members of the same group were arrested after a year-long Interpol-led investigation called Operation Falcon into the prolific business email compromise (BEC) scams the group’s members are alleged to have pulled off over the years. Authorities called this latest roundup Operation Falcon II. The arrests occurred between Dec. 13 and 22, but it’s not clear exactly where. A statement from a senior Nigerian law enforcement official and included in the Interpol release referenced […]

The post Interpol arrests 11 alleged members of Nigerian scam syndicate ‘SilverTerrier’ appeared first on CyberScoop.

Continue reading Interpol arrests 11 alleged members of Nigerian scam syndicate ‘SilverTerrier’

Another Mirai variant used in attempted hacks on routers, switches

Four years after being used in one of the most powerful distributed denial-of-service attacks on record, the so-called Mirai malware continues to haunt the internet. Researchers on Monday evening revealed that attackers used a new variant of the malicious software in a string of ongoing hacking attempts against devices like routers and switches. The attackers are using no less than eight flaws in popular networking gear to try to remotely commandeer the devices, according to Palo Alto Networks’ Unit 42, the research outfit that made the discovery. After breaking into a device, the attackers try to download malicious code to deploy Mirai variants, Unit 42 said. The concern is that they could use that access to steal data from the device, or conscript it into a botnet, a horde of infected computers used for spamming or distributed denial-of-service (DDoS) attacks, which stifle connectivity by flooding a network with phony traffic. […]

The post Another Mirai variant used in attempted hacks on routers, switches appeared first on CyberScoop.

Continue reading Another Mirai variant used in attempted hacks on routers, switches

PGMiner, Innovative Monero-Mining Botnet, Surprises Researchers

The malware takes aim at PostgreSQL database servers with never-before-seen techniques. Continue reading PGMiner, Innovative Monero-Mining Botnet, Surprises Researchers

Baidu apps in Google Play Store left users vulnerable to tracking, Palo Alto finds

A pair of Baidu applications on the Google Play Store were recently leaking users’ sensitive data that could be used to track users’ location, according to Palo Alto Networks’ Unit 42 research published Tuesday. Through reverse-engineering, the researchers at Unit 42, the research arm at Palo Alto Networks, found that both the Baidu Search Box and Baidu Maps applications used a software development kit (SDK) that would collect users’ MAC address, carrier information and international mobile subscriber identity (IMSI) number. It’s the kind of data that, if it were to fall into the wrong hands, could be used to stalk, monitor, or even harass an individual. IMSI numbers, for instance, could allow cybercriminals or state-linked actors to track someone, even if they switch to a new device, as IMSI numbers can be used to uniquely identify a user. Snoops using IMSI catchers, which imitate cell towers to capture a user’s location, have been known […]

The post Baidu apps in Google Play Store left users vulnerable to tracking, Palo Alto finds appeared first on CyberScoop.

Continue reading Baidu apps in Google Play Store left users vulnerable to tracking, Palo Alto finds

Palo Alto Networks Surfaces AWS API Vulnerabilities

The Unit 42 research arm of Palo Alto Networks has published a report detailing how 22 application programming interfaces (APIs) across 16 different Amazon Web Services (AWS) platforms can be abused by cybercriminals to surface the identities of the m… Continue reading Palo Alto Networks Surfaces AWS API Vulnerabilities

Sneaky recon on roster of AWS users is possible, Unit 42 says

Knowing exactly who manages a certain cloud service can be valuable information for malicious hackers, and a cybersecurity company says it has found that kind of weakness in products run by one of the biggest cloud providers. More than 20 application programming interfaces (API) associated with 16 Amazon Web Services products can be abused to give up basic information about users and their roles, according to Unit 42, the research arm of cybersecurity giant Palo Alto Networks. “A malicious actor may obtain the roster of an account, learn the organization’s internal structure” and then perhaps “launch targeted attacks against individuals,” Unit 42 researcher Jay Chen says in a report released Tuesday morning. Palo Alto Networks says AWS gave permission to release the research. The problem is within a feature that validates “resource-based policies” for things like the commonly used Amazon Simple Storage Service (S3), Unit 42 says. A resource-based policy is basically a […]

The post Sneaky recon on roster of AWS users is possible, Unit 42 says appeared first on CyberScoop.

Continue reading Sneaky recon on roster of AWS users is possible, Unit 42 says

Black-T Malware Emerges From Cryptojacker Group TeamTNT

The cryptojacking malware variant builds on the TeamTNT group’s typical approach, with a few new — and sophisticated — extras. Continue reading Black-T Malware Emerges From Cryptojacker Group TeamTNT