Top news stories this week
- Unauthorised access. Black Basta uses Windows Quick Assist in ransomware attacks, Microsoft warns.
- Crackdown. FBI seizes BreachForums marketplace and plans to charge Scattered Spider ransomware group.
- You’ve got mail. New phishing campaign uses botnet to send millions of emails containing ransomware.
- Leaked. Santander reports data breach impacting staff and customers in Spain, Chile, and Uruguay.
- Piggy bank. Online fraud cartels in Southeast Asia make USD 64 billion annually.
- A stitch in time. Microsoft and Google patch multiple vulnerabilities this week.
1. Black Basta uses Windows Quick Assist in ransomware attacks, Microsoft warns
Microsoft has warned that the ransomware gang Black Basta is using voice phishing to trick victims into using Windows Quick Assist, a feature that allows remote technical support to gain unauthorised access to Windows devices. Black Basta instigates the attack by sending a large volume of spam emails to victims. Following this, the group impersonates Microsoft technical staff in a call to the victims, persuading them to use Quick Assist to resolve the spam issue.
So What?
Threat actors often employ novel techniques, including social engineering attacks, to launch ransomware attacks. Employees should be trained not to grant remote access to unknown or unsolicited callers.
[Researcher: Waithera Junghae]
2. Notorious BreachForums hacking forum seized
The FBI has seized BreachForums, a notorious marketplace used by cyber criminals to trade and leak stolen data, hacking tools, and other cybercrime services. The FBI’s seizure message on the marketplace indicates the site’s two administrators have been arrested.
Separately, a senior FBI official has announced plans to charge the Scattered Spider ransomware group widely known for their attack on MGM Resorts in 2023.
So what?
The disruption of notorious groups and marketplaces through law enforcement takedowns marks a positive development in the ongoing effort to curb the activities of threat groups.
[Researcher: Aditya Ganjam Mahesh]
3. Hackers use botnet to expand the distribution of LockBit Black ransomware
The Phorpiex botnet is being used in a grand-scale phishing campaign, to send emails containing a strain of LockBit Black ransomware. The botnet is distributing a malicious ZIP attachment which, when opened, begins the encryption of files on the victim’s systems.
While some researchers claim the ransom notes appear unrelated to LockBit ransomware, S-RM has observed identical cases where the ransom note instructs the victim to negotiate on LockBit's official sites. This indicates the group is highly likely to be involved in the campaign.
So what?
Phishing is still a delivery mechanism for ransomware attacks. It is crucial to promote user awareness and training to ensure employees can identify and report phishing attempts.
[Researcher: Adelaide Parker]
4. Customers and staff affected in Santander database breach
Spanish bank Santander has reported unauthorised access to a third-party hosted database that contained information relating to customers in Chile, Spain, and Uruguay, as well as current and former employees. The bank released a statement assuring that no transaction or banking credential data was in the database and customers can continue to make transactions securely.
So what?
Encrypt data at rest to protect sensitive assets by ensuring only authorised parties have access.
[Researcher: Amy Gregan]
5. Southeast Asia fraud syndicates generate USD 64 billion through ‘pig butchering’ scams
Online fraud groups in Southeast Asia are reportedly generating USD 64 billion annually, according to new research. The groups contact potential victims on dating apps to establish a relationship in a scam known as ‘pig butchering’. The victims are then tricked into paying these groups, often under the guise of an investment.
So what?
Scammers often use unsolicited communications to catch people off guard. Individuals should always verify the legitimacy of offers, requests, or claims before taking action.
[Researcher: Jon Seland]
6. Microsoft and Google patch zero-day vulnerabilities
Microsoft has patched 61 new vulnerabilities in its software as part of its Patch Tuesday, including two zero-day vulnerabilities that are actively being exploited in the wild. Separately, Google has announced in an emergency Chrome security update that the third zero-day vulnerability has been fixed this week. These vulnerabilities allow attackers to execute arbitrary code on targeted devices.
So what?
Organisations should ensure critical patches for software vulnerabilities are assessed and applied as quickly as possible.
[Researcher: Lena Krummeich]
-1-1.jpeg?width=121&height=121&name=MicrosoftTeams-image%20(11)-1-1.jpeg)
