Top 5 Cybersecurity Updates: Last Week's Key Highlights in the Digital Sphere

?(1). AllaKore RAT Malware Targeting Mexican Firms with Financial Fraud Tricks

Mexican financial institutions are being targeted by a spear-phishing campaign using the AllaKore RAT malware, attributed to an unidentified Latin American threat actor active since 2021. This malware, capable of keylogging, screen capturing, and remote control, now includes banking fraud functions, particularly targeting large companies in various sectors. The infection starts with a ZIP file containing a .NET downloader that confirms the victim's Mexican geolocation before retrieving the altered AllaKore RAT. Additionally, vulnerabilities in Lamassu Douro bitcoin ATMs were identified and fixed, which could have allowed attackers to control the ATMs and steal assets.

(2). Malicious Ads on Google Target Chinese Users with Fake Messaging Apps?

A malvertising campaign targeting Chinese-speaking users has been discovered. This campaign abuses Google advertiser accounts to create malicious ads, redirecting users searching for messaging apps like Telegram and WhatsApp to websites where Remote Administration Trojans (RATs) are downloaded instead. This campaign, codenamed "FakeAPP," previously targeted Hong Kong users and now includes the messaging app LINE. It uses Google infrastructure to distribute trojans like PlugX and Gh0st RAT. Two Nigerian-based advertiser accounts are linked to these fraudulent ads. The campaign also involves a phishing-as-a-service platform targeting Microsoft 365 users.?

(3). Microsoft Warns of Widening APT29 Espionage Attacks Targeting Global Orgs

Microsoft has issued a warning regarding the expansion of espionage attacks by APT29, a Russian state-sponsored threat group, targeting various global organizations. Initially revealed by Hewlett Packard Enterprise as a victim, these attacks primarily focus on governments, NGOs, diplomatic entities, and IT service providers in the U.S. and Europe. APT29 uses compromised accounts for initial access, expanding reach within the target environment while evading detection. Their techniques include abusing OAuth applications for lateral movement in cloud infrastructures and data exfiltration, particularly targeting Microsoft corporate email accounts. Microsoft's advisory comes after their own experience with an APT29 attack involving a password spray tactic on a non-production test account.?

(4). 52% of Serious Vulnerabilities We Find are Related to Windows 10

The Security Navigator 2024 report, based on vulnerability scanning services data, reveals a mix of high and medium-severity vulnerabilities across various industries, with the majority being critical or high. A decrease in critical findings has been noted compared to previous years. Key sectors like Construction, and Mining, Quarrying, and Oil and Gas show varying average findings per asset. The report highlights the challenge in patching older vulnerabilities and emphasizes the role of ethical hackers in identifying serious vulnerabilities in newer systems. The full report offers insights into cybersecurity trends and the evolving digital threat landscape.

(5). System BC Malware's C2 Server Analysis Exposes Payload Delivery Tricks

?Cybersecurity researchers have detailed the operations of SystemBC, a malware sold on underground marketplaces. SystemBC, known since 2018, enables remote control of infected hosts and can deploy additional payloads. Notable for its use of SOCKS5 proxies to hide network traffic, SystemBC's package includes an implant, C2 server, and a web administration portal. The C2 server uses multiple TCP ports and records interaction details with victims. Additionally, the PHP-based panel interface of SystemBC displays active implants and can execute shellcode remotely. Kroll's analysis also touches on an updated version of DarkGate RAT, highlighting a weakness in its custom Base64 alphabet, aiding forensic analysis.

? ?