This week’s updates focus on Microsoft’s analysis of ransomware actors, how Porsche NFTs got hijacked, a novel POS malware, Google ad phishing campaigns, and the massive leak of League of Legends source code. Let us begin!
Over 100 Ransomware Threat Actors Being Tracked By Microsoft
Tech giant Microsoft has highlighted a significant surge in the ransomware attacks carried out by over 100 different threat actors.
Since last year, Microsoft has tracked over 50 unique ransomware families utilized by over 100 ransomware gangs. Ransomware attacks have been on the rise as readily available RaaS (Ransomware as a Service) models have been available on the market, which allows low-level cybercriminals to potentially make significant gains, as Microsoft highlighted.
Microsoft also said, “Some of the most prominent ransomware payloads in recent campaigns include Lockbit Black, BlackCat (aka ALPHV), Play, Vice Society, Black Basta, & Royal.”
The tech giant states that implementing robust cybersecurity measures should be the top priority of organizations looking to stay protected against ransomware. Regular backups of essential data, software, and security updates and a multi-layered security approach are crucial to organizational protection.
According to Chainalysis, the collected revenue of global ransomware gangs dropped by 40% in 2022 after a record high of $765 million in 2020.
It is also recommended that organizations or enterprises caught in a ransomware attack avoid paying the ransom demands as it encourages the threat actors and never guarantees the return of the data at risk.
Phishing Sites Misusing Porsche NFT Launch
Porsche planned a new NFT collection that was prematurely ended due to a lack of interest and mixed reactions from crypto and car enthusiasts. However, threat actors saw an opportunity and took advantage by setting up a fake phishing website to target crypto wallets.
Porsche went ahead with its NFT on 23 January 2023, but due to complications in the minting process, Porsche could only deliver 20% of the promised NFTs out of the total of 7500, even after a day and three mintings. On the other hand, an NFT resale cheaper than the original one, which took place on OpenSea, devalued the NFTs, resulting in Porsche cutting the minting short.
Threat actors saw an opportunity and launched a phishing website in the image of the Porsche mint, making away with the crypto assets of multiple innocent individuals. The threat actors opened a fake Twitter account to make the website seem legitimate, amassing 11,000 followers with the promises of free NFTs and the renewal of stocks.
The fake accounts have been shut down, but you should keep an eye out for similar attacks in the future and always verify the legitimacy of the websites you share your information with.
Credit Card Information Can be Targeted Using Novel POS Malware
POS (Point of Sale) malware is the latest threat to credit card transactions, one that can block contactless payments, and a significant threat to popular quick and easy purchases.
New versions of the Prilex POS malware have been identified with advanced capabilities that can block secure NFC-enabled credit cards by preventing payment terminals from recognizing payments while intercepting and stealing credit card information.
Whenever an individual initiates a contactless payment, the POS malware blocks the terminal from accepting it, forcing the individual to insert the card into the terminal where threat actors steal the card information.
Additionally, the threat actors are also utilizing cryptogram manipulations and GHOST transactions to manipulate details during processing and create conflicting transactions, so the same funds are spent multiple times.
The POS malware is a concerning cyber threat and is highly challenging to detect. The malware can result in significant losses, so merchants and business owners should regularly check their payment terminals for suspicious signs and update software.
SwiftSlicer Wiper Destroying Windows Domains
Threat actors have a new favorite tool, a new malware known as “SwiftSlicer,” with the ability to destroy Windows domains to cause disruption within organizations. SwiftSlicer erases all data on infected devices, leading to a mass disruption and rendering the machine inoperable.
SwiftSlicer is delivered via phishing emails with malicious attachments that infect the device with malware when opened. The malware also propagates to other devices on the network, taking down machines and erasing the data of every device it infects.
SwiftSlicer is extremely dangerous and is designed with process hollowing to evade detection by creating a new malicious process from a simple Windows process, confusing security software and making it seem like a normal process in the running. It is a Go-based data wiper that experts have attributed to the notorious Sandworm.
The best protection against SwiftSlicer and other malware includes the implementation of robust security measures such as anti-malware solutions, safe email practices, and regular software updates.
Google Ads Phishing Targeting Bitwarden Password Vaults
Bitwarden fell victim to a phishing attack via Google ads. The password management service identified the attack and took steps to shut it down to prevent further harm.
The phishing campaign tricks individuals into feeling their login credentials on a fake Bitwarden login page, and the credentials are then used to access the password vaults. Bitwarden has not seen any evidence of unauthorized access yet, but the attack was limited to a handful of individuals.
For safety, Bitwarden has advised all its users to update their master passwords and utilize 2FA (Two Factor Authentication). Bitwarden is currently investigating the attack and working with Google to determine how the threat actors were able to post phishing ads on Google.
The Google Ads phishing campaign via Google is a reminder of the cruciality of being cautious when handling sensitive information online. Phishing attacks are becoming sophisticated, and threat actors are using popular social media sites and commonly used platforms for their malicious purposes.
As highlighted before, you should always check for a website’s authenticity before sharing confidential information online.
League of Legends Source Code Auctioned by Hackers
Threat actors are auctioning off the source code of one of the most popular online games, League of Legends.
Riot Games recently confirmed that some of their internal systems were breached. The organization did not confirm the authenticity of the leaked code but has highlighted that an investigation is ongoing and that they have taken steps to protect player data.
On the other hand, the threat actors posted screenshots of the source code. Experts are advising individuals not to participate in the auction as the source code might be fake or tampered with, highlighting that purchasing stolen data is illegal, inviting multiple legal consequences.
Source code is a valuable asset in the online gaming community, and it can allow players to access the inner workings and create hacks or cheats to get ahead in the game. Such alterations or malicious tools can undermine any game’s integrity and kill the joy of players who compete with honesty. Developers often tightly guard the source code for games, which is why the leakage of the source code is a serious problem.
The studio did not comment on the breach’s impact on the players. However, it is probable that the studio behind the game, Riot Games will release a more insightful statement to address the delicate situation. It would be best for players to stay vigilant while playing League of Legends or other games by the studio and watch out for suspicious activities in their gaming accounts.