At a glance.
- New techniques in ransomware.
- Older Internet users aren't the ones who generally swallow the phishbait.
- Vishing campaigns misrepresent themselves as Amazon notifications.
- Irish healthcare networks affected by ransomware attack.
New techniques in ransomware.
The researchers at SecureWorks offer an in-depth look at a new mode of attack in which threat groups are using Tor to obfuscate their ransomware operations by taking advantage of Remote Desktop Protocol (RDP) to create a local SOCKS proxy. The attackers use Tor to provide Onion Services in order to gain access to the compromised machine’s RDP. Meanwhile, Blackberry explains recent changes made by threat group CostaRicto, developers of the SombRAT backdoor. This backdoor has undergone several updates (for instance, compilation timestamps have been replaced with zeros, program database paths have been removed, and the internal versioning system has been modified) making it particularly difficult to detect by researchers. CostaRicto has also removed their unique virtual machine-based loader, CostaBricks, replacing it with post-exploitation PowerShell scripts.
We may not grow wise, but we seem to grow cautious.
While the younger generations might be more tech-savvy, it seems they are also less cautious. For the US Consumer Security, Privacy and VPN Usage Report 2021, CouponFlow collected data from 3,500 American adults about their internet safety and data privacy practices. Based on the results, Atlas VPN reports, US Millennials and Gen Zers are more likely to fall for phishing operations than older generations, with 23% of the youngsters falling prey to these email scams compared to just 9% of Baby Boomers. Gen Zers and Millennials are also more likely to have their passwords stolen or have their social media account hacked, though Gen Xers are most likely to experience identity theft. Given the massive shift to remote work over the past year, it’s also worth noting that the report found Americans are more concerned about internet safety while at home than at the office, and 65% of respondents expressed a fear that their internet service provider might be sharing their financial information.
Odds are, it’s not Amazon.
Robocall-blocking software developer YouMail has released an advisory warning that US individuals should be wary of robocalls appearing to come from Amazon, PR Newswire reports. Their data show that Americans are getting between 100 million and 150 million robocalls a month from scammers posing as Amazon representatives. These “vishing” calls attempt to convince victims that there have been suspicious charges on their Amazon accounts, while in reality they’re trying to trick the targets into handing over their banking info. CEO of YouMail Alex Quilic offers this advice: “We recommend that consumers do not answer or respond to any calls claiming to be Amazon because the odds are now overwhelming that it will be a scam.”
Ransomware hits Irish health services.
Reuters reports that a ransomware attack has hit IT networks serving all local and national health services except those handling COVID-19 vaccination, The head of Ireland's Health Service Executive characterized the attack as both serious and international in origin, but financially motivated and not an espionage operation.
We received emailed comments from Ilia Kolochenko, CEO of ImmuniWeb, who sees the case as another instance of the increasing professionalization of this segement of the criminal underworld:
“Ransomware gangs are becoming gradually more organized and efficient. They carefully select and purposely target those organizations with no viable choice but to pay the ransom, oftentimes, targeting the most vulnerable organizations and businesses. Untraceable payments in cryptocurrencies grant virtual impunity to the attackers.
"Western law enforcement agencies are largely understaffed and underfunded to tackle the surging wave of ransomware, while legislators rather try to address the consequence rather than dealing with a root cause of the problem such as missing cybersecurity hygiene and ignorance of foundational best practices.
"International collaboration in judicial prosecution and investigation of cybercrime is probably hitting its bottom in 2021 because of the growing political tensions. Eventually, we will probably observe a flat ban of some cryptocurrencies or a regulatory overkill that will push into bankruptcy many crypto stock exchanges and related businesses. Last year OFAC made it crystal-clear that paying a ransom may constitute a violation of sanctions and trigger legal ramifications for the victims who pay criminals to get their data back. Today, the recent probe of Binance, commenced by the US DoJ and the IRS, unambiguously evidences that the US government is serious about curbing now-unregulated crypto markets. Booming ransomware is a perfect reason to justify it. ”