Last week in security news, four malvertising campaigns leveraged exploit kits to prey on users with ransomware and Trojans. Researchers also discovered a ransomware family that infected thousands of Linux web servers and a cryptomalware threat that relied on a fake PayPal scam for distribution. Finally, security teams observed both phishing and malware campaigns that employed various evasion-based tactics to avoid detection.

Top Story of the Week: Four Malvertising Campaigns at Large

According to Bleeping Computer, researchers detected four malvertising campaigns over the span of three days that redirected users to landing pages for exploit kits distributing infostealers, ransomware and clipboard hijackers.

They spotted the first campaign on Sept. 7. In that operation, the GrandSoft exploit kit distributed Ramnit, a Trojan that goes after users’ banking credentials. The second campaign, which researchers spotted a day later, used the RIG exploit kit to pass along clipboard hijackers and install the Amadey Trojan.

Then, on Sept. 9, one analyst spotted two separate malvertising campaigns. The first relied on the Fallout exploit kit to spread a clipboard hijacker, while the second used the Radio exploit kit to install Nemty ransomware.

Source: iStock

Also in Security News

  • Linux Servers Infected With Lilocked Ransomware: Users began uploading ransom notes/demands for a new strain of ransomware called Lilocked in mid-July 2019. This threat encrypted a small subset of files hosted on Linux web servers and then demanded victims pay 0.03 Bitcoin (worth just over $300 at the time of writing) in exchange for the decryption key.
  • Fake PayPal Site Used to Distribute Nemty: In early September, Bleeping Computer reported on a fake PayPal site that lured users with the promise of a 3–5 percent return on all purchases made through its payment system. Those who took the bait ended up downloading and running cashback.exe, an executable that loaded Nemty ransomware.
  • TrickBot Dropper Uses Thousands of Lines of Obfuscated Code: Researchers at Yoroi recently examined a malicious Microsoft Word document spread by TrickBot actors in their various attack campaigns. In the process, the analysts found a malware dropper that contained several thousands of lines of obfuscated code and abused the Alternate Data Stream (ADS).
  • Path Exclusion Lets GootKit Slip by Undetected: Bleeping Computer also covered a malware researcher’s discovery of a GootKit malware sample that arrived with a bypass for Windows Defender. This sample executed a series of commands to whitelist its own executable path, thereby shielding it from analysis by Windows Defender on infected PCs.
  • Phishing Campaign Uses CAPTCHA to Bypass Email Gateway: In early September, Cofense detected a phishing email that originated from the compromised account It masqueraded as a message from a voip2mail service, but in actuality, it used a CAPTCHA to bypass email gateway technology so that it could steal recipients’ Microsoft credentials.
  • RIG Exploit Kit Spreads Purple Fox, Which Abuses PowerShell: Trend Micro detected an attack chain that directed users to a malicious site hosting the RIG exploit kit. This software package then used one of three methods to redirect users to a malicious PowerShell command that, in turn, downloaded a variant of the Purple Fox downloader malware family.
  • LokiBot Attackers Target Large U.S. Manufacturing Company: On Aug. 21, the FortiGuard Labs SE team uncovered a new spam campaign after analyzing information uploaded to VirusTotal. This campaign leveraged the LokiBot infostealer malware family to target a large manufacturing company located in the U.S.

Security Tip of the Week: Protect Against Evasive Attack Campaigns

The attacks described above highlight the importance of security professionals taking steps to defend their organizations against evasive tactics. By enabling application whitelisting and disabling PowerShell on machines that don’t need it, you can counter fileless threats.

Security teams should also seek to integrate their phishing intelligence with their security information and event management (SIEM) solutions to stay on top of the latest social engineering attacks targeting their organization’s workforce.

More from

$10.3 Billion in Cyber Crime Losses Shatters Previous Totals

4 min read - The introduction of the most recent FBI Internet Crime Report says, “At the FBI, we know ‘cyber risk is business risk’ and ‘cybersecurity is national security.’” And the numbers in the report back up this statement. The FBI report details more than 800,000 cyber crime-related complaints filed in 2022. Meanwhile, total losses were over $10 billion, shattering 2021's total of $6.9 billion, according to the bureau’s Internet Crime Complaint Center (IC3).  Top Five Cyber Crime TypesIn the past five years, the…

4 min read

How to Boost Cybersecurity Through Better Communication

4 min read - Security would be easy without users. That statement is as absurd as it is true. It’s also true that business wouldn’t be possible without users. It’s time to look at the big picture when it comes to cybersecurity. In addition to dealing with every new risk, vulnerability and attack vector that comes along, cybersecurity pros need to understand their own fellow employees - how they think, how they learn and what they really want. The human element — the individual and social factors that…

4 min read

Detecting Insider Threats: Leverage User Behavior Analytics

3 min read - Employees often play an unwitting role in many security incidents, from accidental data breaches to intentional malicious attacks. Unfortunately, most organizations don’t have the right protocols and processes to identify potential risks posed by their workforce. Based on a survey conducted by SANS Institute, 35% of respondents said they lack visibility into insider threats, while 30% said the inability to audit user access is a security blind spot in their organizations. In addition, the 2023 X-Force Threat Intelligence Index reported that…

3 min read

Poor Communication During a Data Breach Can Cost You — Here’s How to Avoid It

5 min read - No one needs to tell you that data breaches are costly. That data has been quantified and the numbers are staggering. In fact, the IBM Security Cost of a Data Breach estimates that the average cost of a data breach in 2022 was $4.35 million, with 83% of organizations experiencing one or more security incidents. But what’s talked about less often (and we think should be talked about more) is how communication — both good and bad — factors into…

5 min read