• About
  • Advertise
  • Careers
  • Contact
Saturday, June 3, 2023
No Result
View All Result
NEWSLETTER
Cyber360 News
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
No Result
View All Result
Cyber360 News
No Result
View All Result
Home Cyber Attacks

New Group of Hackers Targeting Businesses with Financially Motivated Cyber Attacks

by Cyber360 News
November 14, 2019
in Cyber Attacks
0
Malware Attack
0
SHARES
0
VIEWS
Share on FacebookShare on Twitter

Security researchers have tracked down activities of a new group of financially-motivated hackers that are targeting several businesses and organizations in Germany, Italy, and the United States in an attempt to infect them with backdoor, banking Trojan, or ransomware malware.

Though the new malware campaigns are not customized for each organization, the threat actors appear to be more interested in businesses, IT services, manufacturing, and healthcare industries who possess critical data and can likely afford high ransom payouts.

According to a report ProofPoint shared with The Hacker News, the newly discovered threat actors are sending out low-volume emails impersonating finance-related government entities with tax assessment and refund lured emails to targeted organizations.

“Tax-themed Email Campaigns Target 2019 Filers, finance-related lures have been used seasonally with upticks in tax-related malware and phishing campaigns leading up to the annual tax filing deadlines in different geographies,” the researchers said.

New Malware Campaigns Spotted in the Wild

In almost all spear-phishing email campaigns researchers observed between October 16 and November 12 this year, the attackers used malicious Word document attachments as an initial vector to compromise the device.

microsoft word macro malware

Once opened, the malicious document executes a macro script to run malicious PowerShell commands, which then eventually downloads and installs one of the following payloads onto the victim’s system:

  • Maze Ransomware,
  • IcedID Banking Trojan,
  • Cobalt Strike backdoor.

“Opening the Microsoft Word Document and enabling macros installs Maze ransomware on the user’s system, encrypting all of their files, and saves a ransom note resembling the following in TXT format in every directory.”

Web Application Firewall

Besides using social engineering, to make their spear-phishing emails more convincing, attackers are also using lookalike domains, verbiage, and stolen branding to impersonate:

  • Bundeszentralamt fur Steuern, the German Federal Ministry of Finance,
  • Agenzia Delle Entrate, the Italian Revenue Agency,
  • 1&1 Internet AG, a German internet service provider,
  • USPS, the United States Postal Service.

“Similar campaigns leveraging local gov. agencies were also observed in Germany and Italy. These social-engineered lures indicate that cybercriminals overall are becoming more convincing and sophisticated in their attacks.”

“Although these campaigns are small in volume, currently, they are significant for their abuse of trusted brands, including government agencies, and for their relatively rapid expansion across multiple geographies. To date, the group appears to have targeted organizations in Germany, Italy, and, most recently, the United States, delivering geo-targeted payloads with lures in local languages,” Christopher Dawson, Threat Intelligence Lead at Proofpoint, told The Hacker News.

“We will be watching this new actor closely, given their apparent global aspirations, well-crafted social engineering, and steadily increasing scale.”

How to Protect Email-Based Cyber Attacks?

Thought most of the tools and techniques used by this new group are neither new nor sophisticated; unfortunately, it’s still one of the most successful ways criminals penetrate an organization.

The best ways to protect your computer against such attacks are as simple as following basic online cybersecurity practices, such as:

  • Disable macros from running in office files,
  • Always keep a regular backup of your important data,
  • Make sure you run one of the best antivirus software on your system,
  • Don’t open email attachments from unknown or untrusted sources,
  • Don’t click on the links from unknown sources.

Cyber360 News

Cyber360 News

Next Post
Open database exposes 93M files on patients of substance abuse facilities

Open database exposes 93M files on patients of substance abuse facilities

Recent Posts

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

October 6, 2021
Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

October 1, 2021
Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

October 1, 2021

Whats New in Kali Linux?

September 14, 2021

Kali Linux 2019.3 Release (CloudFlare, Kali-status, metapackages, Helper-Scripts & LXD)

September 14, 2021

Kali Linux 2021.3 Release (OpenSSL, Kali-Tools, Kali Live VM Support, Kali NetHunter Smartwatch)

September 14, 2021

Kali Linux 2018.4 Release

September 14, 2021

Kali Linux 1.0.5 and Software Defined Radio

September 14, 2021

Kali Tools Website Launched, 1.0.9 Release

September 14, 2021

Kali Linux Dojo at Black Hat Vegas 2016

September 14, 2021

Category

Site Links

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

About Us

We bring you the best Premium WordPress Themes that perfect for news, magazine, personal blog, etc. Check our landing page for details.

© 2019 Cyber360 News - Powered by WebSensePro

No Result
View All Result
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us

© 2019 Cyber360 News - Powered by WebSensePro

Login to your account below

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In