Financial sector faces more ransomware attacks.

Views expressed in this cybersecurity-cyber crime update are those of the reporters and correspondents.

Accessed on 24 April 2022, 1425 UTC.

Content provided by "Cyware.com."

Source: https://www.cyware.com.

Please check link or scroll down to read your selections.

Thanks for joining us today.

hawaiicybersecurityjournal.blogspot.com

Cyware Alerts - Hacker News

April 22, 2022

Financial Sector Faces Ransomware Attacks, Now More Than Ever

A new VMware report states that threat actors have moved from hacking wire transfers to targeting market data. Around 75% faced at least one ransomware attack, among which 63% paid the ransom.

April 22, 2022

Emotet Revamp: New Payloads and 64-Bit Modules

According to Kaspersky, Emotet infection has seen a ten-fold increase from February to March, going from 3,000 to 30,000 emails. It is switching to new payloads detected by fewer antivirus engines.

April 21, 2022

REvil's Tor Servers are Active Again

REvil ransomware’s servers in the Tor network are active again after months of inactivity. At present, these servers are redirecting users to a new operation that is believed to have started in mid-December 2021.

April 21, 2022

Lazarus APT Uses TraderTraitor Malware to Target Cryptocurrency Organizations

In an alert, the FBI, CISA, and the Treasury Department revealed that the group is sending a large number of spear-phishing messages to employees working in blockchain technology and cryptocurrency firms. These emails often mimic a recruitment effort and offer high-paying jobs to entice the recipie ... Read More

April 21, 2022

FIN12 Gets Faster at Encrypting Networks, Mean Dwell Times Reduce

According to Mandiant's M-Trends 2022 report, the global median dwell time dropped down to 21 days in 2021 from 24 days in 2020. One reason why the attack life cycle of FIN12 has been shortened is that the gang does not focus on stealing confidential data before triggering the ransomware attack.

April 21, 2022

HHS Warns About Hive Ransomware Attacks on Healthcare Sector

The HHS claimed that Hive ransomware is the fourth most active ransomware group in the cybercrime landscape. It conducts double extortion against organizations and leaks the stolen data on the dark web.

April 20, 2022

Night Sky Ransomware's Ride From Dawn Till Dusk

A recent report by Vedere Labs provides several details about Night Sky, whose samples were first spotted in January during a short campaign that targeted two victims from Bangladesh and Japan. 

April 20, 2022

Inno Stealer - Fake Windows 11 Upgrade Spreads Infostealer

The new infostealer malware targets various web browsers and crypto wallets such as Chrome, Brave, Comodo, Opera, Vivaldi, Edge, 360 Browser, GeroWallet, BraveWallet, and GuildWallet.

April 20, 2022

BotenaGo's New Avatar Targets Lilin DVR Devices

In October 2021, the source code of BotenaGo was leaked, leading to the creation of newer variants based on the original. Since then, researchers have observed various variants of BotenaGo.

April 19, 2022

Recent Emotet Outbreak Poses a Threat to Organizations

Recently, researchers from FortiGuard Labs found a variety of malicious Microsoft Office files (maldocs) being used in a series of phishing attacks delivering Emotet. The first attack appeared in November 2021. While the Word documents contain malicious VBA code, the Excel files use Excel 4.0 mac ... Read More

Palo Alto Networks
Malware and Vulnerabilities

April 19, 2022

AWS's Log4Shell Hot Patch Vulnerable to Container Escape and Privilege Escalation

Containers can escape regardless of whether they run Java applications, or whether their underlying host runs Bottlerocket, AWS's hardened Linux distribution for containers.

SC Magazine
Incident Response, Learnings

April 19, 2022

Pulling back the curtain on the ZLoader takedown, and the power of security, nonprofit threat sharing

Last week Microsoft, ESET, Black Lotus Labs, Palo Alto Networks, Health-ISAC, and the Financial Services-ISAC, took control over the notorious ZLoader botnet, after an injunction issued by the U.S. Court for the Northern District of Georgia.

April 19, 2022

Attacks Against DeFi Protocols Surge

Last year, more than $3 billion worth of digital assets were stolen. In Q1 2022, over $1.3 billion has already been stolen, indicating that the path taken by cybercriminals is even more aggressive this year.

April 19, 2022

New SolarMarker Variant with Improved Evasion Tactics

SolarMarker operators were observed using signed files, obfuscated PowerShell scripts, large files, and impersonation of legitimate software installers to stay undetected.

April 19, 2022

Banking, Crypto, and Other Scams Muddy the Cyberspace

In 2021, approximately 20,000 people fell victim to RAT scams, as per a report by the U.K's Action Fraud. Collectively, they lost $75 million. The U.S. lost around $2.4 billion to BEC scams in 2021, a 33% increase from 2020.

April 19, 2022

New IcedID Malware Campaign Targets Ukrainian Government

The targeted intrusions are a part of hostile activities against the nation since the year started. As per CERT-UA, the country has suffered 362 cyberattacks since the invasion.

Reuters
Govt., Critical Infrastructure

April 19, 2022

Watchdog warned UK government of spyware infections inside 10 Downing Street

"We confirm that in 2020 and 2021 we observed and notified the government of the United Kingdom of multiple suspected instances of Pegasus spyware infections within official UK networks," Citizen Lab said in a blog post.

ZDNet
Malware and Vulnerabilities

April 19, 2022

Google fixes Chrome zero day being used in exploits in the wild

Google hasn't revealed any details about it besides that it was a type confusion in Chrome's V8 JavaScript engine. "Google is aware that an exploit for CVE-2022-1364 exists in the wild," the company says.

Forescout
Malware and Vulnerabilities

April 19, 2022

Night Sky: A Short-Lived Threat from a Long-Lived Threat Actor

Night Sky was discovered to be a fork of a ransomware family called Rook, which was itself derived from the leaked source code of Babuk and deployed by the same threat actor that used LockFile and AtomSilo, which share the same decryption tool.

April 19, 2022

Conti Ransomware's Toll on the Healthcare Industry – Krebs on Security

According to recently revealed information, Conti has launched more than 200 attacks against hospitals and other healthcare facilities since first surfacing in 2018 under its earlier name, “Ryuk.”

The Register
Breaches and Incidents

April 19, 2022

WH Smith Subsidiary Funky Pigeon Halts All Customer Orders After Security Incident

London Stock Exchange-listed WH Smith issued a statement to the market admitting Funky Pigeon was "subject to a cyber security incident affecting part of its systems on Thursday 14 April 2022."

Tech Republic
Trends, Reports, Analysis

April 19, 2022

UK: Over 42 million people had financial data compromised in 2021- 2022

According to a release from international law firm RPC, the financial information belonging to approximately 42.2 million people in the U.K. was surrendered due to a growing number of ransomware attacks.

Hawaii Cybersecurity Journal