CyberSecurity News Byte

Hosted ByJim Guckin

Welcome to CyberSecurity News Byte with Jim Guckin, your one-stop resource for the latest cybersecurity news, updates, and discussions. Our podcast is a vital tool for CyberSecurity and IT professionals, as well as technology leaders, who need to stay on top of the ever-evolving digital landscape.

Episode 47: February 27 2023

Links

https://www.bleepingcomputer.com/news/security/hardbit-ransomware-wants-insurance-details-to-set-the-perfect-price/

https://www.malwarebytes.com/blog/news/2023/02/linkedin-slinks-abused-to-phish-email-and-payment-details

https://www.helpnetsecurity.com/2023/02/27/destructive-wiper-malware/

Ransomware Ransom at the right price

  • HardBit
    • October 2022
      • First seen
    • version 2.0 (November 2022)
      • Current version
        • According to Varonis
      • modifying the Registry to disable Windows Defender’s real-time behavioral monitoring
      • stops 86 processes
      • establish persistence by adding itself to the “Startup” folder
      • deletes the Volume Shadow copies
    • Interesting
      • instead of writing encrypted data to file copies and deleting the originals
      • opens the files and overwrites their content with encrypted data.
      • Harder to recover
      • faster
    • No data leak site
      • Threateded to leak it
    • negotiate a ransom payment
      • initially no ransom amount set
      • 48 hours to contact attacker
        • Encrypted peer to peer networek
      • covered by the victim’s insurance company
      • convince the victim
        • not to work with intermediaries
          • drives up the cost
        • disclose all insurance details
        • adjust their demands insurer cover all costs
        • contractually limited not to disclose insurance details to the attackers

Fake Amazon Prime email abuses LinkedIn’s URL shortener

  • Prime based Phishing Email
    • a LinkedIn shortened link
    • email claims to have been sent from “Prime”
      • subject “New Membership Statement : Renewal P‎‎rime Membership statement was ended – Your renewal scheduled on February 21, 2023
    • includes an Update Now button.
      • Used LinkedIN shorted link
    • Phishing Website
      • asks for an email or phone number tied to an Amazon account
        • enter a Gmail address leads to a page asking for the Gmail password
        • Microsoft address, and you’ll be directed to a Microsoft password request page.
      • Once In
        • “Security Checkup”, the site asks for
          • Mother’s maiden name
          • Phone number
          • Date of birth
          • Address
          • City
          • State/province/region
          • Zip / postal code
          • Cardholder name
          • Card number
          • Security code
          • Expiration date

Wiper malware goes global

  • FortiGuard Labs
    • early 2022
    • parallel with the Russia-Ukraine war
    • Rise in use
      • 2022 2nd half
        • 53% increase in use
      • Even if developed by a nation state
        • Hackers are using it against everyone

ChatGPT

  • AI Driven text
  • Phishing Attempts
    • Fake official ChatGPT website
      • malicious links
        • Lumma Stealer, Aurora Stealer, and clipper malware.
      • Unofficial ChatGPT social media page
        • content, such as videos and other unrelated posts to build credibility and posts featuring typosquatting domains, masquerading as the official website of ChatGPT
      • Malware
        • Close…but not there yet