Ransomware and malware, such as GuLoader, have been very active in campaigns against security. GuLoader is used to deliver malware with the help of cloud services such as Google Drive. The delivery of malware through cloud drives is one of the fastest-growing trends of 2020. Be informed and read on these InfoSec articles.
For more articles, check out our #onpatrol4malware blog.
GuLoader? No, CloudEyE.
Source: Checkpoint
GuLoader has been very actively distributed in 2020 and is used to deliver malware with the help of cloud services such as Google Drive. The delivery of malware through cloud drives is one of the fastest growing trends of 2020. Read more.
VALAK INSIGHTS: Valak Malware and the Connection to Gozi Loader ConfCrew
Source: SentinelLABS
Valak uses multi-stage, script-based malware utilized in campaigns reminiscent of Gozi ConfCrew. The overlapping campaign structure has led to some sandbox reports misidentifying Valak as Gozi. Read more.
TA410: The Group Behind LookBack Attacks Against U.S. Utilities Sector Returns with New Malware
Source: Proofpoint
At the same time as the LookBack campaigns, Proofpoint researchers identified a new, additional malware family named FlowCloud that was also being delivered to U.S. utilities providers. Read more.
Dark Basin: Uncovering a Massive Hack-For-Hire Operation
Source: The Citizen Lab
Dark Basin is a hack-for-hire group that has targeted thousands of individuals and hundreds of institutions. Targets include advocacy groups and journalists, elected and senior government officials, hedge funds, and multiple industries. Read more.
Gamaredon group grows its game
Source: WeLiveSecurity
Active APT group adds cunning remote template injectors for Word and Excel documents. ESET researchers have discovered several previously undocumented post-compromise tools used by the highly active Gamaredon threat group in various malicious campaigns. Read more.
New Ransomware-as-a-Service Tool ‘Thanos’ Shows Connections to ‘Hakbit’
Source: Recorded Future
Insikt Group uncovered a new family of ransomware for sale on Exploit Forum called Thanos, developed by a threat actor with the alias “Nosophoros.†Read more.
Tor2Mine is up to their old tricks — and adds a few new ones
Source: Cisco Talos
Cisco Talos has identified a resurgence of activity by Tor2Mine, a cryptocurrency mining group that was likely last active in 2018. Tor2Mine is deploying additional malware to harvest credentials and steal more money. Read more.
Imperva Takes on its Largest Recorded Account Takeover Attack on a Single Company
Source: Imperva
Over the course of 60 hours from midnight on October 28, ATO team’s monitoring systems detected more than 44 million ATO attempts on the login page of a particular online banking service. Read more.
Power company Enel Group suffers Snake Ransomware attack
Source: Bleeping Computer
European energy company giant Enel Group suffered a ransomware attack that impacted its internal network. The incident is the work of EKANS (SNAKE) ransomware operators, the group that also targeted Honda. Read more.
TAU Threat Analysis: Relations to Hakbit Ransomware
Source: Carbon Black
During a recent investigation into Hakbit ransomware, TAU (Threat Analysis Unit) decided to hit the “pause†button and take some time out to investigate this particular ransomware variant. Read more.
Cobalt: tactics and tools update
Source: Positive Technologies
The PT Expert Security Center (PT ESC) has been monitoring the Cobalt group since 2016. Currently the group targets financial organizations around the world. Two years ago their attacks caused over $14 million in damage. Read more.