Unit 42 Threat Intel Bulletin - April

Unit 42 Threat Intel Bulletin - April

Cybersecurity Trends

2023 Unit 42 Ransomware and Extortion Threat Report

Read the 2023 Unit 42 Ransomware and Extortion Threat Report

Register for the webinar on April 20, 2023 - 9:00am PT | 12:00pm ET | 4:00pm GMT

No alt text provided for this image
Get the Unit 42 Threat Intel Bulletin delivered to your inbox

Unit 42 Threat Intel Blogs

Threat Brief: 3CXDesktopApp Supply Chain Attack

Threat Brief: 3CXDesktopApp Supply Chain Attack (Threat Briefs)

On March 29, 2023, CrowdStrike released a blog discussing a supply chain attack involving a software-based phone application called 3CXDesktopApp . As of March 30, the 3CXDesktopApp installer hosted on the developer’s website will install the application with two malicious libraries included. The malicious libraries will ultimately run shellcode to load a backdoor on the system that allows actors to install additional malware on the victim machine.

What to know

Unit 42 Ransomware and Extortion Report Highlights: Multi-Extortion Tactics Continue to Rise

Unit 42 Ransomware and Extortion Report Highlights: Multi-Extortion Tactics Continue to Rise (Ransomware, Reports)

While much attention has been paid to ransomware in recent years, modern threat actors increasingly use additional extortion techniques to coerce targets into paying—or dispense with ransomware altogether and practice extortion on its own.

Key findings

GoBruteforcer: Golang-Based Botnet Actively Harvests Web Servers

GoBruteforcer: Golang-Based Botnet Actively Harvests Web Servers (Malware)?

Unit 42 researchers recently discovered a new sample of Golang-based malware. We have dubbed it GoBruteforcer, and it targets web servers, specifically those running phpMyAdmin, MySQL, FTP and Postgres services. The sample was originally captured from our Next-Generation Firewall. Upon further research, we found that the malware was hosted on a legitimate website.

Learn more

Unit 42 Wireshark Quiz February 2023 and Answers to February Wireshark Quiz

Unit 42 Wireshark Quiz February 2023 and Answers to February Wireshark Quiz (Tutorial)?

Welcome to the February 2023 Unit 42 Wireshark quiz. This blog presents a packet capture (pcap) of malicious activity and asks participants to write an incident report. A separate Unit 42 blog post will present the answers: an example of an incident report and detailed explanations for the report content.?

Read the results

Subdomain Reputation: Detecting Malicious Subdomains of Public Apex Domains

Subdomain Reputation: Detecting Malicious Subdomains of Public Apex Domains (Malware)?

Cybercriminals regularly leverage popular dynamic domain name system (DDNS) or web hosting services to store and distribute their content. Threat actors leverage these for command and control (C2), malware distribution and phishing. This abuse has created the need for new detection methods for malicious subdomains.?

Find out more

Spike in LokiBot Activity During Final Week of 2022

Spike in LokiBot Activity During Final Week of 2022 (Malware)

Unit 42 researchers have uncovered a malware distribution campaign that is delivering the LokiBot information stealer via business email compromise (BEC) phishing emails. This malware is designed to steal sensitive information from victims' systems, such as passwords and banking information, as well as other sensitive data.

Discover the details

Mirai Variant V3G4 Targets IoT Devices

Mirai Variant V3G4 Targets IoT Devices (Malware, Vulnerability)

From July to December 2022, Unit 42 researchers observed a Mirai variant called V3G4, which was leveraging several vulnerabilities to spread itself.?

More on this vulnerability

No alt text provided for this image

Threat Roll-up

  • (Ransomware) Germany and Ukraine hit two high-value ransomware targets. (Source: Europol )?
  • (Ransomware) The cyberattack that has paralyzed Barcelona's Hospital Clínic: "No ransom will be paid." Major Catalan public hospital hit by ransomware attack, with 150 operations and 3,000 medical visits canceled. (Source: In English )
  • (Data Breach) The FBI is investigating a data breach affecting U.S. House of Representatives members and staff after their account and personal information was stolen from DC Health Link's servers. (Source: Bleeping Computer )
  • (Vulnerability) Vulnerability in DJI drones may reveal pilot's location - Help Net Security. The transmitted data from DJI drones is not encrypted, and anyone can read the location of the pilot and the drone with simple methods. (Source: Help Net Security )
  • (Malware) A suspected North Korean hacking group is targeting security researchers and media organizations in the U.S. and Europe with fake job offers that lead to the deployment of three new, custom malware families. (Source: Bleeping Computer )
  • (Cyber Hygiene) Despite growing awareness, organizations remain plagued with unpatched vulnerabilities and weaknesses in credential policies. (Source: Dark Reading )
  • (Cybercrime) Cryptocurrency drainers are the latest hot ticket being used in a string of lucrative cyberattacks aimed at virtual currency investors. (Source: Dark Reading )?
  • (Phishing) AI and phishing-as-a-service (PaaS) kits are making it easier for threat actors to create malicious email campaigns, which continue to target high-volume applications using popular brand names. (Source: Dark Reading )

No alt text provided for this image

More Information

No alt text provided for this image

Under Attack?

If you think you may have been compromised or have an urgent matter, get in touch with the Unit 42 Incident Response team by filling out this form or calling: North America Toll-Free: 1.866.486.4842 (866.4.UNIT42), UK: +44.20.3743.3660, EMEA: +31.20.299.3130, APAC: +65.6983.8730, and Japan: +81.50.1790.0200.

If you have cyber insurance or legal counsel, you can request for Unit 42 to serve as your incident response team. Unit 42 is on over 70 cyber insurance panels as a preferred vendor.

KRISHNAN N NARAYANAN

Sales Associate at American Airlines

1 年

Congratulations

回复

要查看或添加评论,请登录

Palo Alto Networks Unit 42的更多文章

社区洞察

其他会员也浏览了