Cyber security news for all

More

    The 3 main cyber attack malwares in 2020

    Data breaches and ransomware attacks on large companies still make the headlines. Find out now in this blog which malware thread trends will occupy us in 2020.

    Lazarus MacOS

    The Lazarus Group, which has been associated with North Korea, has been targeting very active cryptocurrency exchanges since 2018. A script is used to check whether the target’s operating system is Windows or MacOS, which shows that the group can develop malware for both Windows and Apple environments. In the second case, an executable payload is downloaded. This is a custom-build backdoor exploit that wants to connect to one of the three C2 servers.

    cyber attack malwares

    Emotet

    For 2020, we expect even more professional, targeted phishing emails together with a perfectly coordinated attachment. The so-called procedure for URL-based email attacks will probably also be refined. This continues the trend towards more complex attack chains and diversions. Cyber ​​criminals could thereby hide their activities even better and exploit several attack vectors in parallel. The development of Emotet together with the malware Trickbot is also interesting in this context. In this constellation, we will probably continue to see the modular trickbot malware among other components. The loader component of Trickbot, which today deactivates Windows Defender and other AV processes can obtain corresponding administrative rights.

    MessageTAP

    A memory-based malware from APT41 was found in mid-2019 on corresponding Linux-based servers by various telecommunication providers who are responsible for delivering SMS messages to the recipients. The malware is a 64-bit data miner. It is loaded onto the target infrastructure using an installation script. If it can be successfully installed there, it checks the existence of the two required configuration files every 30 seconds. One file contains both the sender target list and the recipient target list in the form of IMSI. The other file contains keywords to search for. If these two configuration files could be read successfully, they are loaded into the main memory of the server and deleted on the file system.

    Recent Articles

    Hungarian banks were the target of a massive DDoS attack

    Several banks and the Hungarian Telekom have been the target of a cyber attack. The attacks are said to have come in several waves...

    The source code of Windows XP is leaked

    The source code of Windows XP is currently freely accessible. The media says that data first appeared on 4chan and is currently being exchanged...

    Hackers send malicious Azure Cloud apps to Microsoft

    Microsoft has banned some Azure Cloud applications from its cloud that the company identified as part of an attack infrastructure. Microsoft describes the approach...

    Vodafone experiences a vulnerability with fatal effects

    The injected JavaScript can access the session cookies from Vodafone website and send them to a server. An attacker can take over the session...

    Maze leaks data on its own platform

    The Maze ransomware has been up to almost a year and a half. This week, security experts warned about the actions of the cyber...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox