Pro-Russian hacker group KillNet plans to attack Italy today
The pro-Russian hacktivist group is seen as one of the most active non-state actors operating within the Russia-Ukraine war theater. It started its operation on February 25, 2022, a big change from its previous role selling cyber technology. The group declared war on the hacktivist group Anonymous as well as on certain Western countries. It has its own Telegram channel with tens of thousands of members. The group announced a massive attack against Italy, planned for today, Monday, May 30 at 05:00 a.m. Italian time. So this, of course will be a developing story.
Microsoft warns that hackers are using more advanced techniques to steal credit card data
Microsoft researchers state that the use of credit card skimmers is on the rise, and threat actors are employing even more sophisticated methods hide code that steals information from consumers. To avoid detection, they are hiding their code snippets in image files, which they inject into web applications that are popular, and disguise them as white-hat sites. One additional trend is that of script spoofing, where scammers manufacture fake Google Analytics or Meta Pixel tracking pages to make skimmers appear legitimate. For now, the only way customers can minimize the damage caused by skimmers is to use one-time private cards, set strict payment limits, or use electronic payment methods, rather than using paper checks.
China makes offer to ten nations to help run their cyber-defenses
China has begun speaking with its neighbors in the South Pacific, offering to help them “improve their network infrastructure, cyber security, digital forensics and other capabilities – all with the help of Chinese tech vendors.” Reuters was first to alert about these activities after seeing a draft agreement that China’s foreign minister Wang Yi is reportedly tabling while on a tour of Pacific nations this week and next. The draft agreement proposes assistance with data governance, training local police, mapping the marine environment, supplying customs management applications, possible funding of data links to island nations, and cyber-security assistance. The nations which may include Kiribati, Samoa, Fiji, Tonga, Vanuatu, Papua New Guinea and East Timor, are all very small and heavily reliant in internet, but are also highly strategic for communications, shipping, and a range of other international priorities.
(The Register And CNN)
Patch now: Zoom chat messages can infect PCs, Macs, phones with malware
Zoom has fixed a security flaw in its popular video-conferencing software that could be exploited to execute malicious code on a victim’s device. Tracked as CVE-2022-22787, the bug is a medium-severity vulnerability and affects Zoom Client for Meetings running on Android, iOS, Linux, macOS and Windows systems before version 5.10.0. Someone who is able to send chat messages within this particular Zoom platform could cause a user’s Zoom client app to install malicious code, such as malware and spyware, from an arbitrary server. As Zoom explained in a security bulletin, these earlier software versions fail “to properly validate the hostname during a server switch request.”
Thanks to today’s episode sponsor, Feroot
Learn more at www.feroot.com.
Ransomware demands acts of kindness to get your files back
GoodWill ransomware, which security firm CloudSEK wrote about this week, doesn’t extort money from victims, but rather asks them to “do something good for the world.” Similar to other forms of ransomware, GoodWill encrypts files such as documents, databases, photographs, and videos. But decryption is only made possible once the victim company does the following three things: Donate new clothes and blankets to the homeless; taking “five poor children” (under the age of 13) to Dominos, Pizza Hut, or KFC, and allow them to order any food that they wish; and the third, provide financial assistance to those who need urgent medical assistance, but cannot afford to pay for it themselves. Video proof of each is required.Â
(Tripwire)
Cybersecurity breach at the city of Portland led to fraudulent $1.4M transaction
Officials said the incident happened in late April and was discovered after the city flagged another fraudulent financial transaction attempt from the same account on May 17. According to the city, preliminary evidence indicates that an unauthorized, outside entity gained access to a city of Portland email account.
Mobile trojan detections rise as malware distribution level declines
According to Kaspersky, writing it its quarterly report on mobile malware distribution, there has been a downward trend that started in late 2020. However, at the same time there has been a spike in trojan distribution, including generic trojans, banking trojans, and spyware. This development reveals a greater focus on “more sophisticated and damaging operations to gradually replace the low-yielding adware and risk-tools”. Detection of mobile banking trojans has increased by about 40% compared to the previous quarter, and is double that of Q1 2021 data. “This type of malware typically overlays login screens on top of legitimate banking or cryptocurrency management apps to steal people’s account credentials.”
The week in ransomware
A new extortion group called RansomHouse claimed to have attacked the Saskatchewan Liquor and Gaming Authority back in December. The latest annual Verizon Data Breach Investigation Report was released, and it found that ransomware incidents were up 13 per cent last year over 2020, with mistakes by employees, partners and others responsible for 14 per cent of all data breaches in 2021. And hundreds of Indian air travelers were stranded inside their planes after the low-cost airline SpiceJet canceled or delayed flights due to an attempted ransomware attack.