CyberSecurity News Byte

Hosted ByJim Guckin

Welcome to CyberSecurity News Byte with Jim Guckin, your one-stop resource for the latest cybersecurity news, updates, and discussions. Our podcast is a vital tool for CyberSecurity and IT professionals, as well as technology leaders, who need to stay on top of the ever-evolving digital landscape.

Website Subscribe

Episode 47: February 27 2023

February 27, 2023 Jim Guckin CyberSecurity News Byte Weekly 22:3730.47M 0 Comments

Links

https://www.bleepingcomputer.com/news/security/hardbit-ransomware-wants-insurance-details-to-set-the-perfect-price/

https://www.malwarebytes.com/blog/news/2023/02/linkedin-slinks-abused-to-phish-email-and-payment-details

https://www.helpnetsecurity.com/2023/02/27/destructive-wiper-malware/

Ransomware Ransom at the right price

  • HardBit
    • October 2022
      • First seen
    • version 2.0 (November 2022)
      • Current version
        • According to Varonis
      • modifying the Registry to disable Windows Defender’s real-time behavioral monitoring
      • stops 86 processes
      • establish persistence by adding itself to the “Startup” folder
      • deletes the Volume Shadow copies
    • Interesting
      • instead of writing encrypted data to file copies and deleting the originals
      • opens the files and overwrites their content with encrypted data.
      • Harder to recover
      • faster
    • No data leak site
      • Threateded to leak it
    • negotiate a ransom payment
      • initially no ransom amount set
      • 48 hours to contact attacker
        • Encrypted peer to peer networek
      • covered by the victim’s insurance company
      • convince the victim
        • not to work with intermediaries
          • drives up the cost
        • disclose all insurance details
        • adjust their demands insurer cover all costs
        • contractually limited not to disclose insurance details to the attackers

Fake Amazon Prime email abuses LinkedIn’s URL shortener

  • Prime based Phishing Email
    • a LinkedIn shortened link
    • email claims to have been sent from “Prime”
      • subject “New Membership Statement : Renewal P‎‎rime Membership statement was ended – Your renewal scheduled on February 21, 2023
    • includes an Update Now button.
      • Used LinkedIN shorted link
    • Phishing Website
      • asks for an email or phone number tied to an Amazon account
        • enter a Gmail address leads to a page asking for the Gmail password
        • Microsoft address, and you’ll be directed to a Microsoft password request page.
      • Once In
        • “Security Checkup”, the site asks for
          • Mother’s maiden name
          • Phone number
          • Date of birth
          • Address
          • City
          • State/province/region
          • Zip / postal code
          • Cardholder name
          • Card number
          • Security code
          • Expiration date

Wiper malware goes global

  • FortiGuard Labs
    • early 2022
    • parallel with the Russia-Ukraine war
    • Rise in use
      • 2022 2nd half
        • 53% increase in use
      • Even if developed by a nation state
        • Hackers are using it against everyone

ChatGPT

  • AI Driven text
  • Phishing Attempts
    • Fake official ChatGPT website
      • malicious links
        • Lumma Stealer, Aurora Stealer, and clipper malware.
      • Unofficial ChatGPT social media page
        • content, such as videos and other unrelated posts to build credibility and posts featuring typosquatting domains, masquerading as the official website of ChatGPT
      • Malware
        • Close…but not there yet

Leave a Reply

Your email address will not be published. Required fields are marked *

CyberSecurity News Byte is a weekly podcast, condensing the latest cybersecurity news, in an easily digestible format. News that you need to know to keep yourself and your organization safe from today’s threats.

Facebook Twitter Instagram

© 2021-2022 All Rights Reserved. Developed By Podcrease