At a glance.
- Gamaredon continues to target Ukraine.
- RedLine stealer disguised as game cheats.
- Emotet's place in the malware landscape.
- Quantum computing risks.
Gamaredon continues to target Ukraine.
Cisco Talos says the Russian threat actor Gamaredon (also known as Primitive Bear) continues to conduct espionage campaigns against Ukrainian organizations. The threat actor is using spearphishing emails to distribute malicious Microsoft Office documents:
"Cisco Talos discovered Gamaredon APT activity targeting users in Ukraine with malicious LNK files distributed in RAR archives. The campaign, part of an ongoing espionage operation observed as recently as August 2022, aims to deliver information-stealing malware to Ukrainian victim machines and makes heavy use of multiple modular PowerShell and VBScript (VBS) scripts as part of the infection chain. The infostealer is a dual-purpose malware that includes capabilities for exfiltrating specific file types and deploying additional binary and script-based payloads on an infected endpoint."
RedLine stealer disguised as game cheats.
Kaspersky warns that the RedLine Trojan is being distributed with a bundle of malware that can spread itself by posting YouTube videos with malicious links. The researchers note that while this technique is unusual, it's achieved by "using relatively unsophisticated software":
"In addition to the payload itself, the discovered bundle is of note for its self-propagation functionality. Several files are responsible for this, which receive videos, and post them to the infected users’ YouTube channels along with the links to a password-protected archive with the bundle in the description. The videos advertise cheats and cracks and provide instructions on hacking popular games and software. Among the games mentioned are APB Reloaded, CrossFire, DayZ, Dying Light 2, F1® 22, Farming Simulator, Farthest Frontier, FIFA 22, Final Fantasy XIV, Forza, Lego Star Wars, Osu!, Point Blank, Project Zomboid, Rust, Sniper Elite, Spider-Man, Stray, Thymesia, VRChat and Walken. According to Google, the hacked channels were quickly terminated for violation of the company’s Community Guidelines."
Emotet's place in the malware landscape.
Researchers at AdvIntel have observed more than 1.2 million Emotet infections since the beginning of 2022. Most of the infections (35.7%) are located in the United States. The researchers also warn that the Quantum and BlackCat ransomware groups are now using the malware distribution botnet following the breakup of Conti in June 2022. BleepingComputer adds that significant spikes in Emotet activity were observed by both AdvIntel and ESET in 2022.
According to Check Point’s visibility, however, the FormBook infostealer replaced Emotet as the most prevalent malware strain in August 2022, followed by the AgentTesla Trojan, the XMRig cryptominer, and the Guloader downloader.
Quantum computing risks.
Deloitte has published the results of a survey on awareness of cybersecurity risks related to quantum computing. The survey found that just over half (50.2%) of respondents are aware of “harvest now, decrypt later” attacks. These attacks involve stealing encrypted data and storing it until a quantum computer is developed that can break the encryption.
26.6% of respondents said their organization has already conducted a risk assessment on quantum computing risks, while 18.4% plan to conduct an assessment within one year.
Additionally, 27.7% of respondents said their organization would be most likely to address quantum risks following regulatory pressure, while 20.7% cited leadership demand within the organization “to enable the cryptographic agility which can address the algorithms made obsolete by quantum computing.”