#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Team Cymru | Breaking Cybersecurity News | The Hacker News

IcedID Malware Adapts and Expands Threat with Updated BackConnect Module

IcedID Malware Adapts and Expands Threat with Updated BackConnect Module
Jul 28, 2023 Malware / Cyber Threat
The threat actors linked to the malware loader known as IcedID have made updates to the BackConnect (BC) module that's used for post-compromise activity on hacked systems, new findings from Team Cymru reveal. IcedID, also called BokBot , is a strain of malware similar to  Emotet  and  QakBot  that started off as a banking trojan in 2017, before switching to the role of an initial access facilitator for other payloads. Recent versions of the malware have been  observed  removing functionality related to online banking fraud to prioritize ransomware delivery. The BackConnect (BC) module,  first documented  by Netresec in October 2022, relies on a proprietary command-and-control (C2) protocol to exchange commands between a server and the infected host. The protocol, which comes with a VNC component for remote access, has also been identified in other malware such as the now-discontinued  BazarLoader  and QakBot. In December 2022, Team Cymru  reported  the discovery of 11 BC C2s a

Vidar Malware Using New Tactics to Evade Detection and Anonymize Activities

Vidar Malware Using New Tactics to Evade Detection and Anonymize Activities
Jun 15, 2023 Malware / Cyber Threat
The threat actors behind the  Vidar malware  have made changes to their backend infrastructure, indicating attempts to retool and conceal their online trail in response to public disclosures about their modus operandi. "Vidar threat actors continue to rotate their backend IP infrastructure, favoring providers in Moldova and Russia," cybersecurity company Team Cymru said in a new analysis shared with The Hacker News. Vidar  is a commercial information stealer that's known to be active since late 2018. It's also a fork of another stealer malware called  Arkei  and is offered for sale between $130 and $750 depending on the subscription tier. Typically delivered through phishing campaigns and sites advertising cracked software, the malware comes with a wide range of capabilities to harvest sensitive information from infected hosts. Vidar has also been  observed  to be distributed via rogue Google Ads and a malware loader dubbed Bumblebee. Team Cymru, in a  report  

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future
Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu

Hackers Increasingly Using Browser Automation Frameworks for Malicious Activities

Hackers Increasingly Using Browser Automation Frameworks for Malicious Activities
May 26, 2022
Cybersecurity researchers are calling attention to a free-to-use browser automation framework that's being increasingly used by threat actors as part of their attack campaigns. "The framework contains numerous features which we assess may be utilized in the enablement of malicious activities," researchers from Team Cymru  said  in a new report published Wednesday. "The technical entry bar for the framework is purposefully kept low, which has served to create an active community of content developers and contributors, with actors in the underground economy advertising their time for the creation of bespoke tooling." The U.S. cybersecurity company said it observed command-and-control (C2) IP addresses associated with malware such as  Bumblebee ,  BlackGuard , and  RedLine Stealer  establishing connections to the downloads subdomain of Bablosoft ("downloads.bablosoft[.]com"), the maker of the Browser Automation Studio (BAS). Bablosoft was previously

Automated remediation solutions are crucial for security

cyber security
websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Cybersecurity Resources