Originally published at: https://cloudsek.com/threatintel/20-qqaazz-members-charged-for-money-laundering-hackers-attacks-haldirams-demand-rs-7-5-lakh-and-more/
Round Up of Major Breaches and Scams
QQAAZZ crime gang charged for laundering money stolen by malware gangs
Multiple members of QQAAZZ multinational cybercriminal gang were charged for providing money-laundering services to high-profile malware operations. 20 members of the multinational cybercriminal group QQAAZZ were charged this week in the US, Portugal, Spain, and the UK for providing money-laundering services. The arrests are the result of an unprecedented international law enforcement operation, coordinated by the Europol and dubbed Operation 2BaGoldMule, involving agencies from 16 countries.
Hackers attack Haldiramâs servers, demand Rs 7.5 lakh
Unidentified hackers attacked the servers of Noida-based Haldiramâs Snacks private limited with ransomware, stealing sensitive data and demanding a ransom of Rs 7.5 lakh to release the information. A case was registered at Noida Sector 58 police station on Wednesday. The incident occurred on the intervening night of July 12 and 13 when issues were reported with the company server which later turned out to be ransomware attacks.
New types of fraud related to Bank cards of Russian Banks have been spotted
Fraudsters encourage Bank customers to withdraw funds at a branch or ATM on their own and then transfer money to the account of the attackers. âThere are cases when fraudsters, through psychological influence on the client, ask to transfer funds through an ATM and/or withdraw funds through the cashier, while providing fake documents from the Bank,â said Mikhail Ivanov, Director of the Information Security Department of RosBank.
Google warned users of 33,015 nation-state attacks since January
Google delivered over 33,000 alerts to its users during the first three quarters of 2020 to warn them of attacks from nation-state actors. Google delivered 33,015 alerts to its users during the first three quarters of 2020 to warn them of phishing attacks, launched by nation-state actors, targeting their accounts. Google sent 11,856 government-backed phishing warnings during Q1 2020, 11,023 in Q2 2020, and 10,136 in Q3 2020.
Round Up of Major Malware and Ransomware Incidents
Watch out for Emotet malwareâs new âWindows Updateâ attachment
The Emotet botnet has begun to use a new malicious attachment that pretends to be a message from Windows Update telling you to upgrade Microsoft Word. Emotet is a malware infection that spreads through spam emails containing malicious Word or Excel documents. These documents utilize macros to download and install the Emotet Trojan on a victimâs computer, which uses the computer to send spam email and ultimately leads to a ransomware attack on a victimâs network.
FIN11 gang started deploying ransomware to monetize its operations
The financially-motivated hacker group FIN11 has started spreading ransomware to monetize its cybercriminal activities. The financially-motivated hacker group FIN11 has switched tactics starting using ransomware as the main monetization method. The group carried out multiple high-volume operations targeting companies across the world, most of them in North America and Europe. In recent attacks, the group was observed deploying the Clop ransomware into the networks of its victims.
Iran-linked Silent Librarian APT targets universities again
Iran-linked cyberespionage group Silent Librarian has launched a new phishing campaign aimed at universities around the world. Iran-linked APT group Silent Librarian has launched another phishing campaign targeting universities around the world. The Silent Librarian, also tracked as Cobalt Dickens and TA407, targeted tens of universities in four continents in the last couple of years. In August 2018, the security firm SecureWorks uncovered a phishing campaign carried out by the APT group targeting universities worldwide.
Biden Campaign Staffers Targeted in Cyberattack Leveraging Antivirus Lure, Dropbox Ploy
Googleâs Threat Analysis Group sheds more light on targeted credential phishing and malware attacks on the staff of Joe Bidenâs presidential campaign. Hackers sent Joe Bidenâs presidential campaign staffers malicious emails that impersonated anti-virus software company McAfee, and used a mix of legitimate services (such as Dropbox) to avoid detection. The emails were an attempt to steal staffersâ credentials and infect them with malware.
Hackers now abuse BaseCamp for free malware hosting
Phishing campaigns have started to use Basecamp as part of malicious phishing campaigns that distribute malware or steal your login credentials. Basecamp is a web-based project management solution that allows people to collaborate, chat with each other, create documents, and share files. When creating documents, they can be formatted with HTML links, images, and stylized text. Basecamp also allows users to upload any file to a project, including file formats that are usually considered unsafe such as executables, JavaScript files, etc.
Ransomware Attack on a Major Health Tech Firm Slows Down Several COVID-19 Clinical Trials
A ransomware attack targeting medical technology firm slowed down clinical trials for the past two weeks, according to the New York Times. The attack targeted a Philadelphia company that develops software for clinical trials, including the crash effort to develop rapid coronavirus tests, treatment, and the vaccine. The attack on eResearch Technology forced clinicians to track their patients with pen and paper after locking the researchers out of their data.
ThunderX Ransomware rebrands as Ranzy Locker, adds data leak site
ThunderX has changed its name to Ranzy Locker and launched a data leak site where they shame victims who do not pay the ransom. ThunderX is a ransomware operation that was launched at the end of August 2020. Soon after launching, weaknesses were found in the ransomware that allowed a free decryptor to be released by Tesorion. The ransomware operators quickly fixed their bugs and released a new version of the ransomware under Ranzy Locker name.
It exploits the vulnerability âCVE-2020-0688â and deploys the servers with web shells, and again attaches the similar malware after downloading and installing the files. However, according to ClearSky, the second malware is not your everyday malware that is common but rather a unique malware with activities that have been noticed only once before. The Powershell threat is called âPowgoopâ and was discovered last month by the experts. Palo Alto Network says that Thanos malware was installed using Powgoop.
Round Up of Major Vulnerabilities and Patches
Google Chrome and Edge are creating random debug.log log files
A bug in the latest release of Chrome, and other Chromium-based browsers, is causing random debug.log files to be created on userâs desktops and other folders. On October 6th, 2020, Google released Chrome 86 to the âStableâ branch, and all users were auto-updated to this version. Other browsers based on Chromium, such as Brave and Microsoft Edge, also upgraded to this version around the same time.
Microsoft released out-of-band Windows fixes for 2 RCE issues
Microsoft released two out-of-band security updates to address remote code execution (RCE) bugs in the Microsoft Windows Codecs Library and Visual Studio Code. Microsoft has released two out-of-band security updates to address two remote code execution (RCE) vulnerabilities that affect the Microsoft Windows Codecs Library and Visual Studio Code. The two vulnerabilities, tracked as CVE-2020-17022 and CVE-2020-17023, have been rated as important severity.
UK NCSC recommends organizations to fix CVE-2020-16952 SharePoint RCE flaw asap
The U.K. National Cyber Security Centre (NCSC) issued an alert to urge organizations to patch CVE-2020-16952 RCE vulnerability in MS SharePoint Server. The U.K. National Cyber Security Centre (NCSC) issued an alert to warn of the risks of the exploitation for the CVE-2020-16952 remote code execution (RCE) vulnerability in Microsoft SharePoint Server and urges organizations to address the flaw. Attackers could exploit this vulnerability to run arbitrary code and execute operations in the context of the local administrator on vulnerable SharePoint servers.