20 QQAAZZ members charged for money laundering, Hackers attacks Haldiram's, demand Rs. 7.5 lakh, and more

Originally published at: https://cloudsek.com/threatintel/20-qqaazz-members-charged-for-money-laundering-hackers-attacks-haldirams-demand-rs-7-5-lakh-and-more/

Round Up of Major Breaches and Scams

QQAAZZ crime gang charged for laundering money stolen by malware gangs

Multiple members of QQAAZZ multinational cybercriminal gang were charged for providing money-laundering services to high-profile malware operations. 20 members of the multinational cybercriminal group QQAAZZ were charged this week in the US, Portugal, Spain, and the UK for providing money-laundering services. The arrests are the result of an unprecedented international law enforcement operation, coordinated by the Europol and dubbed Operation 2BaGoldMule, involving agencies from 16 countries.

Hackers attack Haldiram’s servers, demand Rs 7.5 lakh

Unidentified hackers attacked the servers of Noida-based Haldiram’s Snacks private limited with ransomware, stealing sensitive data and demanding a ransom of Rs 7.5 lakh to release the information. A case was registered at Noida Sector 58 police station on Wednesday. The incident occurred on the intervening night of July 12 and 13 when issues were reported with the company server which later turned out to be ransomware attacks.

New types of fraud related to Bank cards of Russian Banks have been spotted

Fraudsters encourage Bank customers to withdraw funds at a branch or ATM on their own and then transfer money to the account of the attackers. “There are cases when fraudsters, through psychological influence on the client, ask to transfer funds through an ATM and/or withdraw funds through the cashier, while providing fake documents from the Bank,” said Mikhail Ivanov, Director of the Information Security Department of RosBank.

Google warned users of 33,015 nation-state attacks since January

Google delivered over 33,000 alerts to its users during the first three quarters of 2020 to warn them of attacks from nation-state actors. Google delivered 33,015 alerts to its users during the first three quarters of 2020 to warn them of phishing attacks, launched by nation-state actors, targeting their accounts. Google sent 11,856 government-backed phishing warnings during Q1 2020, 11,023 in Q2 2020, and 10,136 in Q3 2020.

Round Up of Major Malware and Ransomware Incidents

Watch out for Emotet malware’s new ‘Windows Update’ attachment

The Emotet botnet has begun to use a new malicious attachment that pretends to be a message from Windows Update telling you to upgrade Microsoft Word. Emotet is a malware infection that spreads through spam emails containing malicious Word or Excel documents. These documents utilize macros to download and install the Emotet Trojan on a victim’s computer, which uses the computer to send spam email and ultimately leads to a ransomware attack on a victim’s network.

FIN11 gang started deploying ransomware to monetize its operations

The financially-motivated hacker group FIN11 has started spreading ransomware to monetize its cybercriminal activities. The financially-motivated hacker group FIN11 has switched tactics starting using ransomware as the main monetization method. The group carried out multiple high-volume operations targeting companies across the world, most of them in North America and Europe. In recent attacks, the group was observed deploying the Clop ransomware into the networks of its victims.

Iran-linked Silent Librarian APT targets universities again

Iran-linked cyberespionage group Silent Librarian has launched a new phishing campaign aimed at universities around the world. Iran-linked APT group Silent Librarian has launched another phishing campaign targeting universities around the world. The Silent Librarian, also tracked as Cobalt Dickens and TA407, targeted tens of universities in four continents in the last couple of years. In August 2018, the security firm SecureWorks uncovered a phishing campaign carried out by the APT group targeting universities worldwide.

Biden Campaign Staffers Targeted in Cyberattack Leveraging Antivirus Lure, Dropbox Ploy

Google’s Threat Analysis Group sheds more light on targeted credential phishing and malware attacks on the staff of Joe Biden’s presidential campaign. Hackers sent Joe Biden’s presidential campaign staffers malicious emails that impersonated anti-virus software company McAfee, and used a mix of legitimate services (such as Dropbox) to avoid detection. The emails were an attempt to steal staffers’ credentials and infect them with malware.

Hackers now abuse BaseCamp for free malware hosting

Phishing campaigns have started to use Basecamp as part of malicious phishing campaigns that distribute malware or steal your login credentials. Basecamp is a web-based project management solution that allows people to collaborate, chat with each other, create documents, and share files. When creating documents, they can be formatted with HTML links, images, and stylized text. Basecamp also allows users to upload any file to a project, including file formats that are usually considered unsafe such as executables, JavaScript files, etc.

Ransomware Attack on a Major Health Tech Firm Slows Down Several COVID-19 Clinical Trials

A ransomware attack targeting medical technology firm slowed down clinical trials for the past two weeks, according to the New York Times. The attack targeted a Philadelphia company that develops software for clinical trials, including the crash effort to develop rapid coronavirus tests, treatment, and the vaccine. The attack on eResearch Technology forced clinicians to track their patients with pen and paper after locking the researchers out of their data.

ThunderX Ransomware rebrands as Ranzy Locker, adds data leak site

ThunderX has changed its name to Ranzy Locker and launched a data leak site where they shame victims who do not pay the ransom. ThunderX is a ransomware operation that was launched at the end of August 2020. Soon after launching, weaknesses were found in the ransomware that allowed a free decryptor to be released by Tesorion. The ransomware operators quickly fixed their bugs and released a new version of the ransomware under Ranzy Locker name.

Iranian Hackers Are Using Thanos Ransomware To Attack Organizations In the Middle East and South Africa

It exploits the vulnerability “CVE-2020-0688” and deploys the servers with web shells, and again attaches the similar malware after downloading and installing the files. However, according to ClearSky, the second malware is not your everyday malware that is common but rather a unique malware with activities that have been noticed only once before. The Powershell threat is called “Powgoop” and was discovered last month by the experts. Palo Alto Network says that Thanos malware was installed using Powgoop.

Round Up of Major Vulnerabilities and Patches

Google Chrome and Edge are creating random debug.log log files

A bug in the latest release of Chrome, and other Chromium-based browsers, is causing random debug.log files to be created on user’s desktops and other folders. On October 6th, 2020, Google released Chrome 86 to the ‘Stable’ branch, and all users were auto-updated to this version. Other browsers based on Chromium, such as Brave and Microsoft Edge, also upgraded to this version around the same time.

Microsoft released out-of-band Windows fixes for 2 RCE issues

Microsoft released two out-of-band security updates to address remote code execution (RCE) bugs in the Microsoft Windows Codecs Library and Visual Studio Code. Microsoft has released two out-of-band security updates to address two remote code execution (RCE) vulnerabilities that affect the Microsoft Windows Codecs Library and Visual Studio Code. The two vulnerabilities, tracked as CVE-2020-17022 and CVE-2020-17023, have been rated as important severity.

UK NCSC recommends organizations to fix CVE-2020-16952 SharePoint RCE flaw asap

The U.K. National Cyber Security Centre (NCSC) issued an alert to urge organizations to patch CVE-2020-16952 RCE vulnerability in MS SharePoint Server. The U.K. National Cyber Security Centre (NCSC) issued an alert to warn of the risks of the exploitation for the CVE-2020-16952 remote code execution (RCE) vulnerability in Microsoft SharePoint Server and urges organizations to address the flaw. Attackers could exploit this vulnerability to run arbitrary code and execute operations in the context of the local administrator on vulnerable SharePoint servers.