At a glance.
- Wizard Spider: snapshot of a cybercriminal threat group.
- MuddyWater deploys Thanos ransomware.
- Ad tracker troubles in the EU.
An overview of WIZARD SPIDER’s web of tricks.
Since becoming infamous in 2016 for using Trickbot to hack into banking systems, the Russian cybercriminal group WIZARD SPIDER has expanded its malware toolbox, making it an effective and resilient threat. CrowdStrike offers an analysis of recent updates to the group’s arsenal.
- Trickbot remains WIZARD SPIDER’s go-to big game hunting weapon, having already infected over a million systems globally. In September, cybersecurity professionals launched an operation to disrupt the malware’s activity, but so far there has been little success.
- There has been an uptick in the use of BazarLoader as an infection vector in WIZARD SPIDER’s spam campaigns. Due to the loader’s unique ability to imitate real software, it is a persistent foe.
- Ryuk ransomware has been the group’s weapon of choice for extortion since 2018. After a short lull starting in March, Ryuk has reappeared in recent operations, now using macro-based code obfuscation to decelerate reverse engineering.
- Conti ransomware is the newest addition, unique in that it is constantly upgraded to strategically encrypt files, use compiler-based obfuscation, and duck antivirus software. Featuring opportunistic targeting and a data leak site, Conti has compromised over one hundred twenty victims.
MuddyWater deploys Thanos ransomware.
BankInfo Security reports that cybersecurity firm ClearSky has identified a recent operation launched by an Iranian advanced persistent threat group dubbed MuddyWater (aka EMP.Zagros, Static Kitten, Mercury, and Seedworm). In action since 2017, MuddyWater has shifted its modus operandi and is now deploying Thanos ransomware, an unusual choice for a cybercriminal group known for espionage operations with the goal of destruction and not financial gain. The operation begins one of two ways: deploying a phishing email that includes a malicious PDF or Excel document, or taking advantage of a Microsoft Exchange vulnerability. In both cases, the objective is to deliver PowGoop, a malicious uploader that masquerades as a seemingly harmless Google update. And, as is now routinely the case, a ransomware attack should be treated as also tantamount to a data breach.
IAB Europe found flawed by Belgian DPA.
Ad industry body IAB Europe introduced a Transparency and Consent Framework (TCF) in April 2018 as a mechanism for gathering user consent for ad trackers, in order to help online advertisers comply with privacy laws in the EU’s General Data Protection Regulation (GDPR). However, TechCrunch reports, an investigation conducted by the Belgian Data Protection Authority (DPA) has found that the TCF is not so transparent after all, as the authority determined the framework fails to meet the fairness, accountability, and processing standards of the GDPR. Some experts argue that any sort of real-time bidding using behavioral tracking is in itself a privacy breach. The TCF has stated that the Belgian DPA’s interpretation of the GDPR is flawed and will impede the advancement of open-source compliance standards.