A new FakeUpdates campaign targeting WordPress sites has been detected
20/03/2024Over the past few weeks, a new wave of the FakeUpdates malware, also known as SocGholish, has been detected, aimed at WordPress websites. The objective is to lure users into downloading remote access trojans, allowing attackers to take control of their systems. Since its emergence in 2017, FakeUpdates has been one of the most recurring malicious software in the cyber threat landscape. It has previously been associated with cybercriminal groups like Evil Corp, who monetize its use by selling access to infected systems. In this new campaign, cybercriminals are using JavaScript to target WordPress web pages, compromising compromised administrator accounts to introduce altered versions of WordPress plugins. These adulterated versions deceive users into downloading remote access trojans, granting attackers full control over infected devices. What is the most popular type of malware? In addition to the FakeUpdates attack, the threat index from Check Point Research, whose researchers have warned about this new attack, reveals around 200 suspicious content websites directed by ransomware groups. They utilize double extortion tactics to pressure victims into paying immediate ransoms. These attacks have impacted many companies, with the Lockbit3 ransomware being the most utilized by cybercriminals, followed by Play and 8base. The most exploited vulnerabilities by malicious actors include 'Web Servers Malicious URL Directory Traversal,' 'Command Injection Over HTTP,' and 'Zyxel ZyWALL Command Injection,' affecting numerous companies worldwide and allowing attackers to access and manipulate files or execute commands on compromised systems. In Spain, despite a 7% decrease in malware attacks in February, the most sought-after malware includes FakeUpdates, Qbot, and Pandora. In the case of FakeUpdates, it has affected 11.9% of companies in Spain. Mobile Malware In the realm of mobile devices, Anubis remains the most utilized malware in Spain, followed by AhMyth and Hiddad, all designed to compromise the security and privacy of Android device users by collecting confidential information and executing malicious actions.
[ ... ]
Macro cyber-attack affects more than 350 companies worldwide
07/07/2021The number of companies that have suffered from the REvil macro cyberattack now exceeds 350 organizations worldwide from which the cybercriminals are demanding 70 million in bitcoins to provide them with a universal decryptor to restore their data. The attack was conducted through the update system of IT services software company Kaseya, which REvil exploited to spread and hide ransomware. The virus was leaked to TI Kaseya resellers and from there has reached all end customers using their software. The official data provided by TI Kaseya sets the number of affected companies at 350, although other sources such as the cybersecurity company ESET talk about more than 1,000, including some Spanish organizations, although no names have been disclosed. It has been made public that one of the companies most affected by the cyberattack has been the Swedish supermarket chain Coop, which has had to close its more than 800 points of sale for a few days due to the impossibility of using its cash registers or charging customers. Based on Sophos threat intelligence, REvil has been active in recent weeks and is currently the dominant ransomware gang involved in Sophos' defensively managed threat response cases. Prior to this latest attack, they were also responsible for the one suffered by meat company JBS, which forced the cancellation of all work shifts at the company's slaughterhouses in the US. JBS paid up to 11 million to restore normal operations. These macro cyber-attacks are in addition to other recent and highly significant ones, such as the one perpetrated by the hacker group DarkSide, which forced the preventive shutdown of the largest oil pipeline network in the United States, Colonial Pipeline, endangering the supply of fuel in a large part of the country, or the one suffered by the SEPE and the Ministry of Labor in Spain a few weeks ago.
[ ... ]