Top 5 Cybersecurity Updates: Last Week's Key Highlights in the Digital Sphere

1. Akira Ransomware Gang Extorts $42 Million; Now Targets Linux Servers

Dangerous Ransomware Group Makes Millions, Expands Attacks: The Akira ransomware group has become a major threat, stealing $42 million from over 250 businesses globally. They've been active for roughly a year and target organizations across North America, Europe, and Australia. Recently, they began attacking Linux systems in addition to their usual Windows targets.

How Akira Operates: Akira hackers break into networks by exploiting weaknesses in Cisco systems, unsecured remote connections, and phishing scams. Once inside, they use sneaky tactics to stay hidden, steal important information, and gain control over the network . They encrypt a victim's files to hold them for ransom and make it difficult for businesses to recover.

The Evolving Ransomware Threat: Akira's move to target Linux systems shows how ransomware groups are constantly adapting. Law enforcement efforts have hurt major players like LockBit , but others, like Agenda, are still active. Worryingly, even less experienced hackers can now use cheap and widely available ransomware to launch attacks.

Read more

2.Evil XDR: Researcher Turns Palo Alto Software Into Perfect Malware

Security Tool Turned into Malware: Security researcher Shmuel Cohen demonstrated how Palo Alto's XDR software, designed to protect systems, could be used as a powerful attack tool. He found a way to bypass the XDR's security mechanisms and manipulate its settings.

How the Attack Worked: Cohen exploited unencrypted configuration files and outsmarted security features. This allowed him to control the XDR , disabling its defenses and deploying malware like ransomware.

What Was Fixed: Palo Alto has fixed most of the issues, but the core files remain unencrypted. This type of attack may be possible with other security tools as well.

The Danger: This highlights the risk that powerful security software if compromised, can become the perfect tool for malicious actors.

Read more

3. New 'CR4T' Backdoor Targets Middle East Governments

A previously unknown hacking campaign dubbed "DuneQuixote " targets Middle Eastern government entities. The attack uses a new type of backdoor malware called "CR4T" discovered by Kaspersky. The malware is designed to be stealthy and hard to detect.

How the Attack Works

• Hackers use a dropper disguised as legitimate software (Total Commander ) or as a standalone file.
• The dropper hides the command and control (C2) server address, making analysis difficult.
• Once installed, the CR4T backdoor: (i)Runs in memory only, leaving fewer traces for detection. (ii)Allows hackers to remotely control the infected machine, steal files, and execute commands.
• A Golang version of CR4T exists, showing the attackers are actively developing their tools.

Read more

4. New Redline Malware Variant Disguised as Game Cheat

• A new version of the Redline information-stealer malware pretends to be a game cheat called "Cheat Lab".
• This variant is particularly sneaky, using Lua bytecode to avoid detection.
• It spreads by promising a free "full version" of the cheat if you convince friends to install it.

How it Works

• The malware comes in a ZIP file with an installer and a text file.
• The installer compiles code from the text file and runs it, setting up the malware to run at startup.
• The malware steals data and screenshots from your computer.

Read more

5. North Korean Hackers Employ AI for Espionage

• Microsoft reports that North Korean state-backed hackers are using AI to improve their attacks.
• The group Emerald Sleet is particularly active, using AI-powered tools (LLMs) for: -More convincing spear-phishing emails targeting experts on North Korea. -Researching vulnerabilities to find targets. -Troubleshooting technical issues.
• Microsoft has worked with OpenAI to combat these activities.

North Korean Hacking Tactics Evolve

• Groups like Emerald Sleet and Kimsuky often pose as think tanks or NGOs to gain trust.
• They've recently begun abusing DMARC policies and using tracking pixels to profile targets.

Cryptocurrency Heists and Supply Chain Attacks

• North Korean hackers continue to target cryptocurrency firms to fund weapons programs.
• The Jade Sleet group stole millions in 2023 from various cryptocurrency platforms.
• The Diamond Sleet (Lazarus Group) has used supply chain attacks to distribute malware for both financial and intelligence-gathering purposes.

Read more

To stay updated in the cyber security sphere visit our Blogs and subscribe to our newsletter.

Contact Us