Threat Intelligence Cybersecurity Hacking News Jan 2022
Linux devices are targeted by Malware also researchers record a 35% increase in such attacks. This continues to be a matter of very high-level concern for this year too, as threat actors continue to brush up on the features of existing ransomware. Lately, the lesser-known SFile ransomware has been revamped with new modules to target Linux systems. RSA and AES algorithms are used to encrypt files during the infection process Cybersecurity researchers have disclosed two sophisticated attack campaigns that went undetected for a long time. One of these attacks is attributed to the Earth Lusca APT group that targeted high-profile organizations worldwide, supposedly for monetary gains. Another cyber attack campaign, which is mostly linked to the Fancy Bear and Konni hacking groups, targeted organizations focusing on renewable energy. The campaign was designed to pilfer the credentials of employees.
Top Breaches Reported in the Last 24 Hours
Earth Lusca APT goes global
Since mid-2021hacking group called Earth Lusca targeted globally based organizations via a campaign that uses traditional social engineering techniques such as spear phishing and watering holes.
Large-scale espionage campaign observed
A large-scale cyber-espionage campaign targeting primarily renewable energy and industrial technology organizations have been discovered to be active since at least 2019, targeting over fifteen entities worldwide. Threat actors behind the campaign used legitimate websites, DNS scans, and public sandbox submissions to steal the login credentials of workers. The targeted organizations include Schneider Electric, Honeywell, Huawei, Telekom Romania, University of Wisconsin, Utah State University, and Taiwan Forestry Research Institute, among others.
Crypto exchange suffers an outage
Major crypto wallet and platform Crypto.com has temporarily halted withdrawals after “a small number of users reporting suspicious activity on their accounts,” However, the firm reported that all funds were safe.
Defense contractor Hensoldt hit by a ransomware attack Germany-based Hensoldt multinational defense contractor headquarter has confirmed that some of its UK subsidiary's systems were hacked in a ransomware attack. The hacker has claimed the attack by disclosing a small part of the files stolen from Hensoldt's network Since December 17, 2021, the gang has published 95% of stolen files on its site.
Goodwill Website Hack
Nonprofit organization base Goodwill has started notifying users of its ShopGoodwill.com e-commerce platform that their personal information was compromised as a result of a cybersecurity breach. Among the compromised information were full names, email addresses, phone numbers, and mailing addresses of users.
Top Malware Reported in the Last 24 Hours
SFile ransomware SFile ransomware (aka Escal), has been active since 2020. The latest variant of SFile ransomware has been spotted targetting Linux systems worldwide. The latest ransomware variant uses the RSA and AES algorithms to encrypt files also researchers have identified a variant of the ransomware that targeted the FreeBSD platform in an attack against a partially owned state-owned company in China.
Qlocker ransomware returns
A new wave of Qlocker ransomware campaigns has been found targeting QNAP NAS devices worldwide. The campaign started on January 6. After encrypting files, it drops ransom notes named !!!READ_ME.txt on infected devices. The victims are prompted to visit a Tor site for more information on how to make the payment to regain access to their files.
New WhisperGate malware
A new destructive warning comes from Microsoft about a data-wiping malware that poses as ransomware and is being leveraged by threat actors to target several companies from Ukraine. Cyber Security researchers identified a new malware dubbed WhisperGate that destroys victims' information by first overwriting the MBR disk and then displaying a fake ramsome note. It contains a message urging the victim to send $10,000 to the Tor address site. Researchers believe it to be a work of the DEV-0586 threat actor group. Top Vulnerabilities Reported in the Last 24 Hours
Plugins affected by a CSRF flaw
Cybersecurity researchers disclosed a serious security flaw affecting three WordPress plugins that impact over 84,000 websites. The cross-site request forgery flaw is tracked as CVE-2022-0215 and rated 8.8 on the CVSS scale. The affected plugins are Login/SignUp Popup, Side Woocommerce, and Waitlist Woocommerce. The developers have addressed the flaw by issuing new versions of the plugins.