CyberX offers further descriptions of BugDrop, a complex and sophisticated cyber espionage campaign in progress against a diverse array of Ukrainian targets. The malware in use is spread by phishing; the specific vector is the familiar one of malicious macros in attached documents. Once installed, the suite of attack tools takes control of infected device microphones and collects ambient audio; it also steals files and exfiltrates them to Dropbox. The malware is relatively quiet and unobtrusive. Its purpose appears to be reconnaissance only: there's no evidence of any destructive functionality. Beyond saying that the responsible threat actor appears to have considerable "field experience" and a great deal of money, CyberX declines to offer any attribution.
ESET reports that there's a new and unusually virulent strain of ransomware afflicting Macs. Called "Patcher," the malware is spread by torrent files offering license crackers. It's dangerous, according to ESET, in large part because it's incompetently coded: the authors left the victims with no way of recovering their files, even upon payment of ransom.
Other, more established forms of ransomware continue to circulate: Locky, Cryptowall, and Cerber account for 90% of current infestations, according to Check Point. Cryptoransomware isn't the only form of cyber extortion out there, either: a Bitdefender study concludes that fear of reputational damage is likely to motivate a significant fraction of IT executives to pay up.
In the US, NSA appears likely to continue its Vulnerabilities Equities Process essentially unchanged. The program governs the agency's disclosure of zero-days to industry.