Apr 17 2023
Welcome to Gone Phishing, your daily cybersecurity newsletter that laughs in the face of cyber- danger. Mwha ha ha!
Today’s hottest cyber security stories:
Microsoft is ‘Russian’ to defend (geddit?) Discord gaming communities. Russian intelligence along with the infamous Russian paramilitary Wagner Group have been on a fishing expedition; fishing for info in the pools of Discord gaming communities. But this time, they’re doing more than just fishing; they’re poisoning the lake!
The two forces have pooled their resources in a bid to ‘publish and distribute information’, according to Microsoft president Brad Smith. Indeed, these threat actors seem hellbent on a mission to sow discord by muddying the waters with propaganda and disinformation. ‘Hearts and minds’, and all that jazz.
FYI, Discord is a VoIP and instant messaging social platform. Users have the ability to communicate with voice calls, video calls, text messaging, media and files in private chats or as part of communities called “servers”. It’s not just for gamers but the platform is favoured by gamers along with interactive live streaming service Twitch. Okay, boomer? 😂
As covered by Gone Phishing last week, classified intel was stolen from the Pentagon (thanks to a major cybersecurity cock-up!) and the loot, so to speak, began appearing on Telegram shortly thereafter. With some of the intel doctored to make it seem like Ukraine was taking more of a beating than they were/are, we might add! Crafty Kremlin!
Smith also called for the need for a national strategy to strengthen cyber defences using artificial intelligence, citing the threat of influence campaigns by other foreign adversaries like China and Iran.
In other words, time to check-ity check ourselves before we wreck ourselves, son!
Vice Society has perpetrated a ransomware attack with a twist, folks.
Indeed, Threat actors associated with the Vice Society ransomware gang have been observed using a bespoke PowerShell-based tool to fly under the radar and automate the process of exfiltrating data from compromised networks.
Who is Vice Society?
Quite a rap sheet, huh? These guys aren’t messing around and this new bespoke PowerShell-powered (lol) tool of theirs makes it even harder for victims to detect a breach before it’s too late and they’re faced with the agonising Sophie’s choice of ransomware… To pay or not to pay, that is the question.
What do the experts say?
Glad you asked. Palo Alto Networks Unit 42 researcher Ryan Chapman explained: “Threat actors (TAs) using built-in data exfiltration methods like [living off the land binaries and scripts] negate the need to bring in external tools that might be flagged by security software and/or human-based security detection mechanisms.
“These methods can also hide within the general operating environment, providing subversion to the threat actor.”
Did that make any sense to you? Great, us neither. Just kidding but it just goes to show that it really is a never ending battle between the good guys (cybersecurity professionals) and the bad guys.
So, as always folks, our advice is to remain vigilant and never fall asleep at the wheel when it comes to cybersecurity. Be active, not passive. Attack is the best form of defence. Okay, maybe that’s a step too far 😳
Did you like that pun? Proud of that one, we are. So, we highlighted Google Chrome, Microsoft Edge, and Opera in the bullet point for this story because they are some popular ones but the truth is a whopping 38 internet browsers have been targeted by this pesky new malware.
Don’t know about you, but we’d struggle to name ten browsers. Apparently there’s more, though, because a novel credential-stealing malware called Zaraza bot is targeting 38. You have to admire the gumption of the ‘little bot that could’, don’t you?
What’s the 411?
So what’s the bot got in its arsenal? Once again, we’ll let the experts provide you with the details on this one.
“Zaraza bot targets a large number of web browsers and is being actively distributed on a Russian Telegram hacker channel popular with threat actors,” cybersecurity company Uptycs said in a report published last week.
“Once the malware infects a victim’s computer, it retrieves sensitive data and sends it to a Telegram server where the attackers can access it immediately.”
Damn, Telegram’s got a lot to answer for lately, hasn’t it?
This is just the latest in a string (woah, unintentional coding pun 😏) of examples of malware that are capable of capturing login credentials associated with online bank accounts, cryptocurrency wallets, email accounts, and other websites deemed of value to the operators.
Be careful, ladies and gents, it’s a jungle out there!
So long and thanks for reading all the phish!