Monday, December 11, 2023
HomeCybersecurity NewsCybersecurity news roundup April 10, 2023

Cybersecurity news roundup April 10, 2023

SAN MATEO, CA, April 10, 2023 — Cybersecurity news weekly roundup. Stories, news, politics, and events that impacted the network security industry last week. Brought to you by NetworkTigers.

Telegram growing in popularity among cybercriminals, used to set up phishing campaigns

Researchers have noted that the popular messaging app Telegram has become increasingly popular among cybercriminals who use it to spread phishing kits and teach other potential fraudsters how to use them. According to researchers at Kaspersky, “to promote their ‘goods,’ phishers create Telegram channels through which they educate their audience about phishing and entertain subscribers with polls like, ‘What type of personal data do you prefer?'” Security professionals warn that the barrier to entry for successfully carrying out cyber crimes has lowered significantly, with content previously confined to dark web forums now readily available on mainstream platforms. Read more.

Growing dark web marketplace STYX deals in financial fraud

Having launched only this year, STYX, a new dark web marketplace, is growing rapidly. Researchers expect STYX to become a significant cybercrime hub due to the dismantling of Genesis Market by the FBI and international authorities. The marketplace focuses mainly on financial fraud crimes such as “money laundering, identity theft, distributed denial-of-service (DDoS), bypassing two-factor authentication (2FA), fake or stolen IDs and other personal data, renting malware, using cash-out services, email and telephone flooding, identity lookup, and much more.” Read more.

Genesis Market, an illegal marketplace where people buy and sell stolen credentials associated with banking and social media accounts, has been taken offline by international authorities and the FBI. Codenamed “Operation Cookie Monster,” the sting involved law enforcement across 17 countries, resulting in 208 property searches and 119 arrests. Court documents reveal that the FBI “gained access to Genesis Market’s backend servers twice in December 2020 and May 2022, enabling the agency to access information about 59,000 users of the cybercrime bazaar.” While Genesis Market’s main site has been seized, the site’s .onion mirror is still operational and functioning normally. Read more.

Lazarus Group used 10-year-old Windows flaw in 3CX supply chain hack

North Korea’s Lazarus Group is believed responsible for hacking 3CX Windows and macOS apps. Researchers believe the state-sponsored hacker outfit “used a 10-year-old bug to add malicious code to a Microsoft DLL without invalidating the signature.” The hack injected info-stealing malware into the devices of 3CX users on a massive scale. It’s also been discovered that Lazarus installed a backdoor called Gopuram on select devices for cyber espionage. 3CX says that more than 600,000 organizations worldwide use its software. Read more.

Newly observed Rorschach ransomware features fastest encryption seen

Security researchers at Check Point have reported that a new ransomware variant they’re calling “Rorschach” includes “technically new features,” including the fastest encryption in this type of malware. According to Check Point’s findings, “the encryption scheme blends the curve25519 and eSTREAM cipher hc-128 algorithms and follows the intermittent encryption trend, meaning that it encrypts the files only partially, lending it increased processing speed.” A test determined that Rorschach is nearly twice as fast as LockBit, previously believed to be the speediest ransomware. While Rorschach’s creators are unknown, the ransomware is designed to only deploy on devices that are “configured with a language outside the Commonwealth of Independent States.” Read more.

eFile.com, an IRS-authorized tax filing service, found to be delivering malware

BleepingComputer reports that eFile.com, an IRS-authorized website many use to complete their tax returns, has been delivering JavaScript malware. The issue was discovered by Reddit users who began suspecting that the site had been hijacked after it displayed an SSL message that instructed visitors to click a link to update their browser. Hacker gang LockBit claimed to have attacked the site in January 2023, although eFile.com did not respond. Evidence indicates that this compromise was successful and has been allowed to remain intact four months into the new year with the tax filing deadline looming and no statement or comment from eFile.com. The extent of the malware’s spread due to the breach is unknown. Read more.

DDoS attacks have risen astronomically in the last three years

Security vendor Netscout has reported that DDoS attacks have increased by 487% over the last three years. Their findings indicated that the biggest boost took place in the latter half of 2022, bolstered by the increased activity of pro-Russia groups targeting victims believed to be in support of Ukraine. Hacker gang Killnet was responsible for many of these attacks, with Netscout reporting that “the US national security sector experienced a massive 16,815% increase in attacks from Killnet hacktivists.” These attacks rely on botnets of vast numbers of devices infected with malware variants including Mirai, Meris and Dvinis. Read more.

OpcJacker crypto stealing malware targets victims using fake VPN services

A malvertising campaign observed since the second half of last year is spreading OpcJacker, a malware designed to steal crypto. The campaign was spotted by researchers and two others, one spreading NullMixer malware and another, called TACTICAL#OCTOPUS, targeting US users with tax-related lures. While the campaign was initially composed of a network of fraudulent websites advertising mundane products and/or services, researchers have noted that the threat actors have been creating more focused ads that purport to sell VPN services. Thus far, the victims seem to be based in Iran. Read more.

Newly discovered Money Message ransomware gang targets victims worldwide, demands million-dollar ransoms

A new ransomware gang called Money Message has been observed attacking organizations worldwide and demanding million-dollar ransoms. The gang’s extortion website currently lists two victims, one of which is an Asian airline. Researchers say that the methods and malware used by the gang are not advanced or novel, but still effective enough to pose another threat for companies to be wary of. As usual, Money Message threatens to leak stolen data unless their demands are met. Read more.

More cybersecurity news

Derek Walborn
Derek Walborn
Derek Walborn is a freelance research-based technical writer. He has worked as a content QA analyst for AT&T and Pernod Ricard.

What do you think?

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You might also like

Stay Connected

Must Read

Related News

Share it with your friends:

Cybersecurity news roundup April 10, 2023