Search results for cybercriminals | Breaking Cybersecurity News | The Hacker News

Threat actors operating under the name Anonymous Arabic have released a remote access trojan (RAT) called  Silver RAT  that's equipped to bypass security software and stealthily launch hidden applications. "The developers operate on multiple hacker forums and social media platforms, showcasing an active and sophisticated presence," cybersecurity firm Cyfirma  said  in a report published last week. The actors, assessed to be of Syrian origin and linked to the development of another RAT known as S500 RAT, also run a Telegram channel offering various services such as the distribution of cracked RATs, leaked databases, carding activities, and the sale of Facebook and X (formerly Twitter) bots. The social media bots are then utilized by other cyber criminals to promote various illicit services by automatically engaging with and commenting on user content. In-the-wild detections of Silver RAT v1.0 were first observed in November 2023, although the threat actor's plans to release the tr

Coinhive, a notorious in-browser cryptocurrency mining service popular among cybercriminals, has announced that it will discontinue its services on March 8, 2019. Regular readers of The Hacker News already know how Coinhive's service helped cyber criminals earn hundreds of thousands of dollars by using computers of millions of people visiting hacked websites . For a brief recap: In recent years, cybercriminals leveraged every possible web vulnerability [in Drupal , WordPress , and others ] to hack thousands of websites and wireless routers , and then modified them to secretly inject Coinhive's JavaScript-based Monero (XMR) cryptocurrency mining script on web-pages to financially benefit themselves. Millions of online users who visited those hacked websites immediately had their computers' processing power hijacked, also known as cryptojacking , to mine cryptocurrency without users' knowledge, potentially generating profits for cybercriminals in the background.

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

21st-century technology has allowed Cybercriminals to use sophisticated and undetectable methods for malicious activities. In 2020 alone, a survey revealed that  65% of US-based companies were vulnerable to email phishing and impersonation attacks . This calls for upgrading your organization's security with DMARC, which if not implemented, will enable cyber-attackers to: Instigate money transfers from vulnerable employees via spoofed emails while impersonating senior executives in your company Send fake invoices to your employees and partners Deal in illegal goods via your domain  Spread Ransomware Impersonate customer support to steal confidential customer or partner information Such situations can have long-lasting consequences on your business. From inflicting a blow on thebrand's reputation and credibility among its partners and customer base to loss of valuable company information and millions of dollars, the risks are countless. What is Domain Spoofing? Domain

Generative AI will enable anyone to launch sophisticated phishing attacks that only Next-generation MFA devices can stop The least surprising headline from 2023 is that ransomware again set new records for a number of incidents and the damage inflicted. We saw new headlines every week, which included a who's-who of big-name organizations. If MGM, Johnson Controls, Chlorox, Hanes Brands, Caesars Palace, and so many others cannot stop the attacks, how will anyone else? Phishing-driven ransomware is the cyber threat that looms larger and more dangerous than all others. CISA and Cisco report that 90% of data breaches are the result of phishing attacks and monetary losses that exceed $10 billion in total. A report from Splunk revealed that 96 percent of companies fell victim to at least one phishing attack in the last 12 months and 83 percent suffered two or more. Protect your organization from phishing and ransomware by learning about the benefits of Next-Generation MFA. Download th

Security researchers have been warning about a new malicious campaign that leverages an alternative scheme to mine cryptocurrencies without directly injecting the infamous CoinHive JavaScript into thousands of hacked websites. Coinhive is a popular browser-based service that offers website owners to embed JavaScript code that utilizes their website visitors' CPUs power in order to mine the Monero cryptocurrency for monetization. However, since its inception, mid-2017, cybercriminals have been abusing the service to illegally make money by injecting their own version of CoinHive JavaScript code to a large number of hacked websites, eventually tricking their millions of visitors into unknowingly mine Monero coins. Since a lot of web application security firms and antivirus companies have now updated their products to detect unauthorized injection of CoinHive JavaScript, cybercriminals have now started abusing a different service from CoinHive to achieve the same. Hackers

A coordinated law enforcement operation across 25 African countries has led to the arrest of 14 suspected cybercriminals, INTERPOL  announced  Friday. The exercise, conducted in partnership with AFRIPOL, enabled investigators to identify 20,674 cyber networks that were linked to financial losses of more than $40 million. "The four-month Africa Cyber Surge II operation was launched in April 2023 and focused on identifying cybercriminals and compromised infrastructure," the agency said. As part of the operation, three suspects were arrested in Cameroon in connection with an online scam involving the fraudulent sale of works of art worth $850,000. Another suspect was arrested in Nigeria for defrauding a Gambian victim. Also arrested were two money mules linked to scams initiated through messaging platforms. The cyber networks comprised 3,786 command-and-control (C2) servers, 14,134 victim IP addresses tied to data stealer infections, 1,415 phishing links and domains, 939

Common cybercriminals are a menace, there's no doubt about it – from bedroom hackers through to ransomware groups, cybercriminals are causing a lot of damage. But both the tools used and the threat posed by common cybercriminals pale in comparison to the tools used by more professional groups such as the famous hacking groups and state-sponsored groups. In fact, these tools can prove almost impossible to detect – and guard against. BVP47 is a case in point. In this article, we'll outline how this powerful state-sponsored malware has been quietly circulating for years, how it so cleverly disguises itself, and explain what that means for cybersecurity in the enterprise. Background story behind BVP47 It's a long story, fit for a spy novel. Earlier this year, a Chinese cybersecurity research group called Pangu Lab published an in-depth, 56-page report covering a piece of malicious code that the research group decided to call BVP47 (because BVP was the most common string in

In a rapidly evolving digital landscape, it's crucial to reevaluate how we secure web environments. Traditional antivirus-approach solutions have their merits, but they're reactive. A new report delves into the reasons for embracing proactive web security solutions, ensuring you stay ahead of emerging threats.  To learn more, download the full report  here . The New Paradigm If you've been relying on the old-style antivirus-based approach to website security up to now, then we could summarize why you need to update to the more proactive approach simply by saying — prevention is always preferable to cure. That's the overarching rationale for adopting a proactive web security solution, but let's break it down into a few more detailed reasons for updating to the newer and more effective proactive approach.  To be clear, we're not denying that an antivirus-approach solution is ideal for detecting and responding to threats, but there's no escaping the fact that it's limited

A threat actor known as  Prolific Puma  has been maintaining a low profile and operating an underground link shortening service that's offered to other threat actors for at least over the past four years. Prolific Puma creates "domain names with an  RDGA  [registered domain generation algorithm] and use these domains to provide a link shortening service to other malicious actors, helping them evade detection while they distribute phishing, scams, and malware," Infoblox  said  in a new analysis pieced together from Domain Name System ( DNS)  analytics. With malicious actors known to use link shorteners for phishing attacks, the adversary plays an important role in the cybercrime supply chain, registering between 35,000 to 75,000 unique domain names since April 2022. Prolific Puma is also a  DNS threat actor  for leveraging DNS infrastructure for nefarious purposes. A notable aspect of the threat actor's operations is the use of an American domain registrar and web

The Chinese-speaking threat actors behind  Smishing Triad  have been observed masquerading as the United Arab Emirates Federal Authority for Identity and Citizenship to send malicious SMS messages with the ultimate goal of gathering sensitive information from residents and foreigners in the country. "These criminals send malicious links to their victims' mobile devices through SMS or iMessage and use URL-shortening services like Bit.ly to randomize the links they send," Resecurity  said  in a report published this week. "This helps them protect the fake website's domain and hosting location." Smishing Triad was  first documented  by the cybersecurity company in September 2023, highlighting the group's use of compromised Apple iCloud accounts to send smishing messages for carrying out identity theft and financial fraud.  The threat actor is also known to offer ready-to-use smishing kits for sale to other cybercriminals for $200 a month, alongside eng

Identities are the latest sweet spot for cybercriminals, now heavily targeting SaaS applications that are especially vulnerable in this attack vector. The use of SaaS applications involves a wide range of identities, including human and non-human, such as service accounts, API keys, and OAuth authorizations. Consequently, any identity in a SaaS app can create an opening for cybercriminals to compromise, leading to data breaches, compliance violations, and financial losses.  Many safeguards have been developed to better protect human identities, including multi-factor identification and single sign-on (SSO). These measures can protect enterprises against attacks using stolen credentials, such as password sprays.  Protecting non-human identities is more challenging, as MFA and SSO are usually not feasible with accounts that are not associated with any individual employee. Non-human accounts are also more sensitive since they come with the high privileges needed for integration activi

Mining cryptocurrencies can be a costly investment as it takes a monstrous amount of computing power, and thus hackers have started using malware that steals computing resources of computers it hijacks to make lots of dollars in digital currency. Security researchers at security firm ESET have spotted one such malware that infected hundreds of Windows web servers with a malicious cryptocurrency miner and helped cybercriminals made more than $63,000 worth of Monero (XMR) in just three months. According to a report published by ESET today, cybercriminals only made modifications to legitimate open source Monero mining software and exploited a known vulnerability in Microsoft IIS 6.0 to secretly install the miner on unpatched Windows servers. Although ESET's investigation does not identify the attackers, it reports that the attackers have been infecting unpatched Windows web servers with the cryptocurrency miner since at least May 2017 to mine 'Monero,' a Bitcoin-like

Before Ransomware, Click fraud was one of the popular and efficient ways for cybercriminals to make money and with the explosive growth in the size of the online threats it is still making its way on the Internet. " Click-Fraud " is the practice of deceptively clicking on search ads with the intention of either increasing third-party website revenues or exhausting an advertiser's budget. Besides the search results, we all have seen advertisements placed in the search engine's WebPage. If the visitor clicks the Ad, the advertiser has to pay a fee to the search engine. A problem that has arisen with pay-per-click is results in Click-Fraud. The term " fraud " is used because in either case, the advertiser is paying for a click without receiving any true value. Of course, the number of clicks has to be large enough in order to gain a considerable amount of money, and in order to do that an attacker can use an automated script or malicious program to simulate multiple clicks b

" The Interview ", the controversial North Korean-baiting film which appeared to be the root cause of the cyber mishap occurred at Sony Pictures Entertainment that threatened terror attack at theaters showing the movie, now threatens to expose users of Android phones to a malware attack. Since its release, everyone is talking about "The Interview" — the Seth Rogen and James Franco-starring comedy centered around a TV host and his producer assassinating North Korean dictator Kim Jong Un. Because cybercriminals are known to take advantage of major events where there is a high level of public interest, The Interview became their target. In a joint investigation, Security researchers of McAfee and Technische Universität Darmstadt and the Center for Advanced Security Research Darmstadt (CASED) has discovered an Android app claiming to download 'The Interview' comedy on their smartphone devices actually infects users' devices with banking trojan in

LemonDuck, a cross-platform cryptocurrency mining botnet, is targeting Docker to mine cryptocurrency on Linux systems as part of an active malware campaign. "It runs an anonymous mining operation by the use of proxy pools, which hide the wallet addresses," CrowdStrike  said  in a new report. "It evades detection by targeting Alibaba Cloud's monitoring service and disabling it." Known to strike both Windows and Linux environments, LemonDuck is primarily engineered for abusing the system resources to mine Monero. But it's also capable of credential theft, lateral movement, and facilitating the deployment of additional payloads for follow-on activities. "It uses a wide range of spreading mechanisms — phishing emails, exploits, USB devices, brute force, among others — and it has shown that it can quickly take advantage of news, events, or the release of new exploits to run effective campaigns," Microsoft  detailed  in a technical write-up of the ma