#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cloud Security

Digital Certficate | Breaking Cybersecurity News | The Hacker News

Cybercriminals Combine Phishing and EV Certificates to Deliver Ransomware Payloads

Cybercriminals Combine Phishing and EV Certificates to Deliver Ransomware Payloads

Sep 15, 2023 Ransomware / Cyber Threat
The threat actors behind RedLine and Vidar information stealers have been observed pivoting to ransomware through phishing campaigns that spread initial payloads signed with Extended Validation ( EV ) code signing certificates. "This suggests that the threat actors are streamlining operations by making their techniques multipurpose," Trend Micro researchers  said  in a new analysis published this week. In the incident investigated by the cybersecurity company, an unnamed victim is said to have first received a piece of info stealer malware with EV code signing certificates, followed by ransomware using the same delivery technique. In the past,  QakBot infections  have leveraged  samples signed with valid code signing certificates  to bypass security protections. The attacks start with phishing emails that employ well-worn lures to trick victims into running malicious attachments that masquerade as PDF or JPG images but are actually executables that jump-start the comprom
Hackers Trick Microsoft Into Signing Netfilter Driver Loaded With Rootkit Malware

Hackers Trick Microsoft Into Signing Netfilter Driver Loaded With Rootkit Malware

Jun 28, 2021
Microsoft on Friday said it's investigating an incident wherein a driver signed by the company turned out to be a malicious Windows rootkit that was observed communicating with command-and-control (C2) servers located in China. The driver, called " Netfilter ," is said to target gaming environments, specifically in the East Asian country, with the Redmond-based firm noting that "the actor's goal is to use the driver to spoof their geo-location to cheat the system and play from anywhere." "The malware enables them to gain an advantage in games and possibly exploit other players by compromising their accounts through common tools like keyloggers," Microsoft Security Response Center (MSRC)  said . It's worth pointing out that Netfilter also refers to a legitimate software package , which enables packet filtering and network address translation for Linux based systems. Microsoft dubbed the malware " Retliften ," alluding to "ne
The Drop in Ransomware Attacks in 2024 and What it Means

The Drop in Ransomware Attacks in 2024 and What it Means

Apr 08, 2024Ransomware / Cybercrime
The  ransomware industry surged in 2023  as it saw an alarming 55.5% increase in victims worldwide, reaching a staggering 5,070.  But 2024 is starting off showing a very different picture.  While the numbers skyrocketed in Q4 2023 with 1309 cases, in Q1 2024, the ransomware industry was down to 1,048 cases. This is a 22% decrease in ransomware attacks compared to Q4 2023. Figure 1: Victims per quarter There could be several reasons for this significant drop.  Reason 1: The Law Enforcement Intervention Firstly, law enforcement has upped the ante in 2024 with actions against both LockBit and ALPHV. The LockBit Arrests In February, an international operation named "Operation Cronos" culminated in the arrest of at least three associates of the infamous LockBit ransomware syndicate in Poland and Ukraine.  Law enforcement from multiple countries collaborated to take down LockBit's infrastructure. This included seizing their dark web domains and gaining access to their backend sys
Cybersecurity Resources