BokBot | Breaking Cybersecurity News | The Hacker News

The threat actors linked to the malware loader known as IcedID have made updates to the BackConnect (BC) module that's used for post-compromise activity on hacked systems, new findings from Team Cymru reveal. IcedID, also called BokBot , is a strain of malware similar to  Emotet  and  QakBot  that started off as a banking trojan in 2017, before switching to the role of an initial access facilitator for other payloads. Recent versions of the malware have been  observed  removing functionality related to online banking fraud to prioritize ransomware delivery. The BackConnect (BC) module,  first documented  by Netresec in October 2022, relies on a proprietary command-and-control (C2) protocol to exchange commands between a server and the infected host. The protocol, which comes with a VNC component for remote access, has also been identified in other malware such as the now-discontinued  BazarLoader  and QakBot. In December 2022, Team Cymru  reported  the discovery of 11 BC C2s a

A new email phishing campaign has been spotted leveraging the tactic of conversation hijacking to deliver the IcedID info-stealing malware onto infected machines by making use of unpatched and publicly-exposed Microsoft Exchange servers. "The emails use a social engineering technique of conversation hijacking (also known as thread hijacking)," Israeli company Intezer said in a report shared with The Hacker News. "A forged reply to a previous stolen email is being used as a way to convince the recipient to open the attachment. This is notable because it increases the credibility of the phishing email and may cause a high infection rate." The latest wave of attacks, detected in mid-March 2022, is said to have targeted organizations within energy, healthcare, law, and pharmaceutical sectors. IcedID, aka BokBot, like its counterparts TrickBot and  Emotet , is a  banking trojan  that has evolved to become an entry point for more sophisticated threats, including hu

As a vCISO, you are responsible for your client's cybersecurity strategy and risk governance. This incorporates multiple disciplines, from research to execution to reporting. Recently, we published a comprehensive playbook for vCISOs, "Your First 100 Days as a vCISO – 5 Steps to Success" , which covers all the phases entailed in launching a successful vCISO engagement, along with recommended actions to take, and step-by-step examples.  Following the success of the playbook and the requests that have come in from the MSP/MSSP community, we decided to drill down into specific parts of vCISO reporting and provide more color and examples. In this article, we focus on how to create compelling narratives within a report, which has a significant impact on the overall MSP/MSSP value proposition.  This article brings the highlights of a recent guided workshop we held, covering what makes a successful report and how it can be used to enhance engagement with your cyber security clients.