Last week in security news, four malvertising campaigns leveraged exploit kits to prey on users with ransomware and Trojans. Researchers also discovered a ransomware family that infected thousands of Linux web servers and a cryptomalware threat that relied on a fake PayPal scam for distribution. Finally, security teams observed both phishing and malware campaigns that employed various evasion-based tactics to avoid detection.

Top Story of the Week: Four Malvertising Campaigns at Large

According to Bleeping Computer, researchers detected four malvertising campaigns over the span of three days that redirected users to landing pages for exploit kits distributing infostealers, ransomware and clipboard hijackers.

They spotted the first campaign on Sept. 7. In that operation, the GrandSoft exploit kit distributed Ramnit, a Trojan that goes after users’ banking credentials. The second campaign, which researchers spotted a day later, used the RIG exploit kit to pass along clipboard hijackers and install the Amadey Trojan.

Then, on Sept. 9, one analyst spotted two separate malvertising campaigns. The first relied on the Fallout exploit kit to spread a clipboard hijacker, while the second used the Radio exploit kit to install Nemty ransomware.

Source: iStock

Also in Security News

  • Linux Servers Infected With Lilocked Ransomware: Users began uploading ransom notes/demands for a new strain of ransomware called Lilocked in mid-July 2019. This threat encrypted a small subset of files hosted on Linux web servers and then demanded victims pay 0.03 Bitcoin (worth just over $300 at the time of writing) in exchange for the decryption key.
  • Fake PayPal Site Used to Distribute Nemty: In early September, Bleeping Computer reported on a fake PayPal site that lured users with the promise of a 3–5 percent return on all purchases made through its payment system. Those who took the bait ended up downloading and running cashback.exe, an executable that loaded Nemty ransomware.
  • TrickBot Dropper Uses Thousands of Lines of Obfuscated Code: Researchers at Yoroi recently examined a malicious Microsoft Word document spread by TrickBot actors in their various attack campaigns. In the process, the analysts found a malware dropper that contained several thousands of lines of obfuscated code and abused the Alternate Data Stream (ADS).
  • Path Exclusion Lets GootKit Slip by Undetected: Bleeping Computer also covered a malware researcher’s discovery of a GootKit malware sample that arrived with a bypass for Windows Defender. This sample executed a series of commands to whitelist its own executable path, thereby shielding it from analysis by Windows Defender on infected PCs.
  • Phishing Campaign Uses CAPTCHA to Bypass Email Gateway: In early September, Cofense detected a phishing email that originated from the compromised account @avis.ne.jp. It masqueraded as a message from a voip2mail service, but in actuality, it used a CAPTCHA to bypass email gateway technology so that it could steal recipients’ Microsoft credentials.
  • RIG Exploit Kit Spreads Purple Fox, Which Abuses PowerShell: Trend Micro detected an attack chain that directed users to a malicious site hosting the RIG exploit kit. This software package then used one of three methods to redirect users to a malicious PowerShell command that, in turn, downloaded a variant of the Purple Fox downloader malware family.
  • LokiBot Attackers Target Large U.S. Manufacturing Company: On Aug. 21, the FortiGuard Labs SE team uncovered a new spam campaign after analyzing information uploaded to VirusTotal. This campaign leveraged the LokiBot infostealer malware family to target a large manufacturing company located in the U.S.

Security Tip of the Week: Protect Against Evasive Attack Campaigns

The attacks described above highlight the importance of security professionals taking steps to defend their organizations against evasive tactics. By enabling application whitelisting and disabling PowerShell on machines that don’t need it, you can counter fileless threats.

Security teams should also seek to integrate their phishing intelligence with their security information and event management (SIEM) solutions to stay on top of the latest social engineering attacks targeting their organization’s workforce.

More from

CEO, CIO or CFO: Who Should Your CISO Report To?

As we move deeper into a digitally dependent future, the growing concern of data breaches and other cyber threats has led to the rise of the Chief Information Security Officer (CISO). This position is essential in almost every company that relies on digital information. They are responsible for developing and implementing strategies to harden the organization's defenses against cyberattacks. However, while many organizations don't question the value of a CISO, there should be more debate over who this important role…

Malware-as-a-Service Flaunts Its Tally of Users and Victims

As time passes, the security landscape keeps getting stranger and scarier. How long did the “not if, but when” mentality towards cyberattacks last — a few years, maybe? Now, security pros think in terms of how often will their organization be attacked and at what cost. Or they consider how the difference between legitimate Software-as-a-Service (SaaS) brands and Malware-as-a-Service (MaaS) gangs keeps getting blurrier. MaaS operators provide web-based services, slick UX, tiered subscriptions, newsletters and Telegram channels that keep users…

How the Silk Road Affair Changed Law Enforcement

The Silk Road was the first modern dark web marketplace, an online place for anonymously buying and selling illegal products and services using Bitcoin. Ross Ulbricht created The Silk Road in 2011 and operated it until 2013 when the FBI shut it down. Its creator was eventually arrested and sentenced to life in prison. But in a plot twist right out of a spy novel, a cyber attacker stole thousands of bitcoins from Silk Road and hid them away. It…

Data Privacy: How the Growing Field of Regulations Impacts Businesses

The proposed rules over artificial intelligence (AI) in the European Union (EU) are a harbinger of things to come. Data privacy laws are becoming more complex and growing in number and relevance. So, businesses that seek to become — and stay — compliant must find a solution that can do more than just respond to current challenges. Take a look at upcoming trends when it comes to data privacy regulations and how to follow them. Today's AI Solutions On April…