254 matches found
Biggest DDoS Attack in History Hits Russian Tech Giant Yandex
Plus: A TrickBot hacker arrest, a Fortinet VPN password leak, and more of the week's top security news...
Authorities Arrest Another TrickBot Gang Member in South Korea
Another alleged member of the TrickBot gang has been apprehended, this time when trying to leave South Korea, according to published reports. The Russian national, who is an alleged developer of the notorious crimeware, reportedly had been trapped in South Korea since February 2020 due to COVID-1...
Researchers Find New Evidence Linking Diavol Ransomware to TrickBot Gang
Cybersecurity researchers have disclosed details about an early development version of a nascent ransomware strain called Diavol that has been linked to threat actors behind the infamous TrickBot syndicate. The latest findings from IBM X-Force show that the ransomware sample shares similarities t...
New Trickbot attack setup fake 1Password installer to extract data
By Waqas The fake 1Password installer is used to launch Cobalt Strike helping the attackers collect information about multiple systems in the network. This is a post from HackRead.com Read the original post: New Trickbot attack setup fake 1Password installer to extract data...
A week in security (July 12 – July 18)
Last week on Malwarebytes Labs: DNS-over-HTTPS takes another small step towards global domination Nope, that isn’t Elon Musk, and he isn’t offering a free Topmist Dust watch either Four in-the-wild exploits, 13 critical patches headline bumper Patch Tuesday Is crypto’s criminal rollercoaster...
Trickbot Malware Rebounds with Virtual-Desktop Espionage Module
The Trickbot trojan is in resurgence mode, with its operators filling out infrastructure globally and releasing an updated version of its “vncDll” module, used for monitoring and intelligence gathering, researchers said. According to an analysis this week from Bitdefender, there has been “a...
Trickbot Malware Returns with a new VNC Module to Spy on its Victims
Cybersecurity researchers have opened the lid on the continued resurgence of the insidious Trickbot malware, making it clear that the Russia-based transnational cybercrime group is working behind the scenes to revamp its attack infrastructure in response to recent counter efforts from law...
TrickBot Botnet Found Deploying A New Ransomware Called Diavol
Threat actors behind the infamous TrickBot malware have been linked to a new ransomware strain named "Diavol," according to the latest research. Diavol and Conti ransomware payloads were deployed on different systems in a case of an unsuccessful attack targeting one of its customers earlier this...
TrickBot Spruces Up Its Banking Trojan Module
The TrickBot trojan is adding man-in-the-browser MitB capabilities for stealing online banking credentials that resemble Zeus, the early banking trojan, researchers said — potentially signaling a coming onslaught of fraud attacks. TrickBot is a sophisticated and common modular threat known for...
How Does One Get Hired by a Top Cybercrime Gang?
The U.S. Department of Justice DOJ last week announced the arrest of a 55-year-old Latvian woman whos alleged to have worked as a programmer for Trickbot, a malware-as-a-service platform responsible for infecting millions of computers and seeding many of those systems with ransomware. Just how di...
A week in security (June 7 – June 13)
Last week on Malwarebytes Labs: Amazon SIdewalk starts sharing your WiFi data tomorrow, thanks White hat, black hat, grey hat hackers: what’s the difference? Can two VPN “wrongs” make a right? Lock and Code S02E10 DOJ recovers pipeline ransom, signals more aggressive approach to cybercrime 800...
U.S. Authorities Shut Down Slilpp—Largest Marketplace for Stolen Logins
The U.S. Department of Justice DoJ Thursday said it disrupted and took down the infrastructure of an underground marketplace known as "Slilpp" that specialized in trading stolen login credentials as part of an international law enforcement operation. Over a dozen individuals have been charged or...
TrickBot Coder Faces Decades in Prison
The U.S. Department of Justice announced on Friday the arraignment of a Latvian for her alleged role in creating and operating the infamous TrickBot malware. Alla Witte, who is known in cybercrime circles by the handle “Max,” was arrested in February in Miami. According to the indictment, she’s o...
TrickBot indictment reveals the scale and complexity of organized cybercrime
Back in 2016, we saw the emergence of a botnet mainstay called TrickBot. Initially observed by our Labs team spreading via malvertising campaigns, it quickly became a major problem for businesses everywhere. Whether spread by malvertising or email spam, the end result was the same. Data...
Latvian Woman Charged for Her Role in Creating Trickbot Banking Malware
The U.S. Department of Justice DoJ on Friday charged a Latvian woman for her alleged role as a programmer in a cybercrime gang that helped develop TrickBot malware. The woman in question, Alla Witte, aka Max, 55, who resided in Paramaribo, Suriname, was arrested in Miami, Florida on February 6...
Podcast: The State of Ransomware
Last month, ransomware group DarkSide targeted operator Colonial Pipeline Co., disrupting fuel supply in the Eastern part of the U.S. The attack on a major U.S. oil pipeline had widespread ripples: it prompted President Joe Biden to declare a state of emergency and caused substantial pain at gas...
TrickBot Malware
Summary This Joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge ATT &CK® framework, Version 8. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. The Cybersecurity and Infrastructure Security Agency CISA and Federal...
GitHub Prepares to Move Beyond Passwords
GitHub, the ubiquitous host for software development and version control and unfortunate target of a steady pitter-patter of attacks targeting the same, is now supporting security keys when using Git over SSH. In a post on Monday, GitHub security engineer Kevin Jones said that this is the next st...
Observed Changes to the Threat Landscape in 2020
Reflecting on the cybersecurity threat landscape in 2020, we can't overlook the massive changes that landed on us. Global security attacks increased at a significant pace between 2019 and 2020, and the COVID-19 pandemic only deepened these troubling conditions. As corporations tried to adapt to...
Financial Cyberthreats in 2020
2020 was challenging for everyone: companies, regulators, individuals. Due to the limitations imposed by the epidemiological situation, particular categories of users and businesses were increasingly targeted by cybercriminals. While we were adjusting to remote work and the rest of the new...