DEFENSE EVASION Archives - Page 5 of 49 - Cybersecurity News Everyday

Fake CAPTCHA Malware Campaign: How Cybercriminals Use Deceptive Verifications to Distribute Malware

The rise of the “ClickFix” technique has enabled cybercriminals to exploit fake CAPTCHA verification processes, facilitating sophisticated phishing and malware distribution campaigns. Through deceptive methods, such as mimicking legitimate security checks, threat actors can deliver malware like Lumma Stealer, steal sensitive information, and bypass security measures.…

Threat Research

Escape | VulnLab – Ever Heard of Windows Kiosk Mode? No? Well, It’s Time to Learn!

February 21, 2025February 22, 2025 Infosecwriteups

This article outlines a penetration testing experience on a VulnLab machine utilizing Kiosk Mode. The author showcases methods to gain access and escalate privileges, particularly through RDP and exploiting Microsoft Edge. The journey includes discovering sensitive files, using tools like BulletsPassView, and successfully bypassing User Account Control (UAC) to achieve SYSTEM-level access.…

Threat Research

Stately Taurus Activity in Southeast Asia Links to Bookworm Malware

February 21, 2025 Unit42

The article discusses the Stately Taurus cyber activity targeting organizations in ASEAN-affiliated countries, revealing its connection to the Bookworm malware. Unit 42 has identified the use of DLL sideloading techniques in these attacks, confirming the attribution of Bookworm to the Stately Taurus group after nearly a decade of unlinked observations.…

Threat Research

Ransomware 2025: Attacks Keep Rising as Threat Shows its Resilience

February 21, 2025 Symantec

Qilin ransomware, initially developed in Go and later in Rust, targets various platforms like Windows, Linux, and ESXi. In June 2024, a significant attack on London hospitals was claimed by Stinkbug, leading to considerable disruptions. The updated version, Qilin.B, introduced advanced encryption and evasion techniques, while attackers increasingly utilize living-off-the-land tools for data exfiltration and security software impairment.…

Threat Research

DeceptiveDevelopment targets freelance developers

February 20, 2025 ESET-welivesecurity

Cybercriminals, under the guise of recruiters, have targeted freelance software developers in a deceptive malware campaign named DeceptiveDevelopment. This campaign, linked to North Korea, has been promoting fake job offers that lead to the installation of malware during the application process. The operators primarily utilize two malware families — BeaverTail and InvisibleFerret — to steal sensitive information and cryptocurrency.…

Threat Research

Blink and They’re In: How Rapid Phishing Attacks Exploit Weaknesses

February 20, 2025 Reliaquest

Recent findings indicate that a manufacturing sector breach involving phishing led to a substantial data exfiltration, with an alarming breakout time of just 48 minutes. Attackers employed tactics associated with the Black Basta ransomware group, highlighting a pressing need for faster security response capabilities. Recommendations for heightened defense measures against such threats are provided, alongside insights into future attack trends.…

Threat Research

Ghost Cring Ransomware Detection: The FBI CISA and Partners Warn of Increasing China Backed Group’s Attacks for Financial Gain – SOC Prime

February 20, 2025February 20, 2025 iocOne

Increasing ransomware volumes, particularly from China-affiliated Ghost (Cring) ransomware groups, have raised global cyber risk concerns. Organizations across multiple sectors face significant financial losses, with recovery costs reaching .73 million in 2024. The FBI and CISA have issued alerts to enhance awareness and proactive measures. Affected: critical infrastructure, healthcare, government, education, technology, manufacturing

Keypoints :

Surge in ransomware incidents targeting multiple sectors globally.…

Cyber Security News

Cracked Games, Cryptojacked PCs: The StaryDobry Campaign

February 20, 2025 CybersecurityNews

Summary: A cyber campaign named StaryDobry targeted users globally, distributing the XMRig cryptominer through trojanized versions of popular games shared on torrent sites during the holiday season. The sophisticated malware incorporated multiple evasion techniques to prevent detection and primarily affected individual users, with notable cases in Russia, Brazil, Germany, Belarus, and Kazakhstan.…

Threat Research

#StopRansomware: Ghost (Cring) Ransomware

February 20, 2025 CISA

This joint Cybersecurity Advisory highlights the threat posed by Ghost (Cring) ransomware, detailing its tactics, techniques, and indicators of compromise (IOCs) as observed mainly since early 2021. Ghost actors exploit vulnerabilities in outdated software to target various sectors, resulting in significant impacts worldwide. Affected: critical infrastructure, schools and universities, healthcare, government networks, religious institutions, technology and manufacturing companies, small- and medium-sized businesses

Keypoints :

Ghost ransomware actors have been compromising networks worldwide since early 2021.…

Cyber Security News

Winnti APT41 Targets Japanese Firms in RevivalStone Cyber Espionage Campaign

February 19, 2025 Cyware

Summary: The Winnti threat actor has been connected to the RevivalStone campaign targeting Japanese companies in the manufacturing and energy sectors in March 2024, utilizing advanced malware techniques for cyber espionage. This campaign is associated with APT41, known for its stealthy and methodical attacks, which involve exploiting vulnerabilities in systems for persistent access.…

Threat Research

StaryDobry ruins New Year’s Eve, delivering miner instead of presents

February 19, 2025 SecureList

The article discusses a sophisticated cyber attack that began on December 31, where cybercriminals targeted users worldwide by distributing trojanized games via torrent sites to deploy the XMRig cryptominer. The attackers utilized various defense evasion techniques to deliver malicious content while exploiting reduced vigilance during the holiday season.…

Threat Research

RansomHub: Analyzing the TTPs of One of the Most Notorious Ransomware Variants of 2024

February 18, 2025 Picussecurity

RansomHub, a ransomware-as-a-service variant, poses a significant threat to critical sectors like healthcare, transportation, and water systems. It employs a double-extortion model by encrypting data and demanding ransoms after exfiltration. The article details its tactics, techniques, and procedures (TTPs), outlining vulnerabilities and offering mitigation strategies. Affected: healthcare, transportation, water systems

Keypoints :

RansomHub is a ransomware-as-a-service variant formerly known as Cyclops and Knight.…

0Trash

Phishing Incident Analysis: A Cyber Threat Intelligence Report with Proactive Detection Strategies

February 16, 2025February 17, 2025 iocOne

This report analyzes a phishing incident involving a spear-phishing email that targeted employees via a compromised legitimate domain. The malicious strategy included the use of an obfuscated URL to redirect victims to a fake banking login page aimed at harvesting credentials. The report highlights critical findings on the attack’s impact on organizations and provides actionable recommendations for executives and SOC teams.…

Threat Research

Qilin Ransomware: Exposing the TTPs Behind One of the Most Active Ransomware Campaigns of 2024

February 16, 2025 Picussecurity

Qilin is a sophisticated ransomware group that emerged in July 2022, utilizing advanced tactics and exploiting vulnerabilities in popular software, notably demanding a high-profile ransom from a major pathology services provider. The group’s methods include initial access via misconfigurations and vulnerabilities, execution of malicious payloads, privilege escalation, and data encryption to impact recovery efforts.…

Threat Research

Emerging Threats Updates Improve Metadata, Including MITRE ATT&CK Tags

February 16, 2025 Proofpoint

The Emerging Threats team has made substantial updates to their ruleset, focusing on enhancing metadata for improved context and utility in detection. These updates include the integration of MITRE ATT&CK tags and new severity and confidence scores, aimed at providing more actionable intelligence to security professionals.…

Threat Research

Lumma Stealer Chronicles: PDF-themed Campaign Using Compromised Educational Institutions’ Infrastructure | CloudSEK

February 16, 2025 CloudSek

Lumma Stealer is a sophisticated information-stealing malware promoted via a Malware-as-a-Service (MaaS) model that primarily targets multiple sectors through malicious LNK files disguised as legitimate documents. This malware campaign employs a multi-stage infection process and aims to gather sensitive user data. Affected: Education & Academia, Corporate & Business, Government & Legal, Healthcare & Pharmaceuticals, Financial & Banking, Engineering & Manufacturing, Technology & Blockchain, Media & Journalism

Keypoints :

Lumma Stealer is offered as Malware-as-a-Service (MaaS).…

Threat Research

RevivalStone: Attack Campaign Targeting Japanese Organizations by Winnti Group | LAC WATCH

February 15, 2025February 15, 2025 Securonix

The LAC Cyber Emergency Response Team confirmed a new attack campaign named “RevivalStone,” launched by the China-based “Winnti Group” in March 2024. This campaign targeted Japanese companies in the manufacturing, materials, and energy sectors, utilizing a new version of “Winnti malware.” The report elaborates on the campaign’s overall scope, the updated functionalities of the Winnti malware, and introduces detection and mitigation strategies against similar attacks.…

Threat Research

Emulating the Financially Motivated Criminal Adversary FIN7 – Part 2

February 15, 2025 AttackIQ

FIN7, also known as Carbon Spider, is a financially motivated cybercriminal group that has evolved from targeting Russian financial institutions to a wide range of sectors globally. They employ sophisticated techniques such as ransomware and malware for financial gains, including the notable DarkSide and Black Basta ransomware attacks.…

Threat Research

Dark Web Profile: Fog Ransomware

February 15, 2025 SocRadar

Fog Ransomware, detected in May 2024, primarily targets educational institutions in the US, employing a double extortion tactic. It utilizes a TOR-based data leak site to pressure victims into compliance by threatening to release stolen data if ransoms are not paid. The operational structure behind Fog remains unclear, emphasizing the model of varied affiliates over unified groups.…

Threat Research

Analyzing DEEP#DRIVE: North Korean Threat Actors Observed Exploiting Trusted Platforms for Targeted Attacks

February 13, 2025 Securonix

The Securonix Threat Research team has identified a sophisticated malware campaign, DEEP#DRIVE, attributed to the North Korean group Kimsuky. Targeting South Korean businesses, government entities, and cryptocurrency users, the attackers utilize phishing lures crafted in Korean that masquerade as legitimate documents. The campaign employs various evasion techniques, including leveraging Dropbox for payload delivery and executing malicious PowerShell scripts to exfiltrate sensitive information.…

Tag: DEFENSE EVASION