Researchers infiltrate a ransomware operation and discover slick services behind Qilin’s Rust-based malware variant.
Related Posts
300,000 Systems Vulnerable to New Loop DoS Attack
300,000 Systems Vulnerable to New Loop DoS Attack
[[{“value”:”
Academic researchers describe a new application-layer loop DoS attack affecting Broadcom, Honeywell, Microsoft and MikroTik.
The post 300,000 Systems Vulnerable to New Loop DoS Attack appeared first on SecurityWeek.
“}]] Read More
SecurityWeek RSS Feed
Beware Of Malicious PDF Files That Mimic As Microsoft 2FA Security Update
Beware Of Malicious PDF Files That Mimic As Microsoft 2FA Security Update
Malware authors are exploiting the growing popularity of QR codes to target users through PDF files, where these malicious PDFs, often delivered via email disguised as faxes, contain QR codes that trick users into scanning them with their smartphones.
QR codes can be linked to malware downloads or phishing sites cleverly disguised as legitimate sources, such as security updates or SharePoint document links, which bypass traditional email security checks and leverage the trust users place in QR codes for everyday tasks.
Phishing scammers are impersonating the Microsoft login page by utilizing a QR code that redirects users through a benign-looking host (bing.com) to a phishing URL.
Scan Your Business Email Inbox to Find Advanced Email Threats – Try AI-Powered Free Threat Scan
The deceptive URL, obfuscated with Base64 encoding, ultimately leads to a login page designed to steal Microsoft account credentials such as the user ID and password.
The phishing page itself is designed to look like the authentic login interface used by Microsoft, which further increases the likelihood of the scam’s success.
Phishing attacks are evolving to use QR codes to trick users into entering their credentials on malicious websites, which can be designed to look like legitimate login pages and may even prefill the username field to increase believability.
Once a user enters their credentials, the attacker can steal them and use them to gain unauthorized access to the user’s email, personal information, and potentially sensitive corporate data.
Malicious QR codes can exploit vulnerabilities in mobile device QR scanners to circumvent user consent and carry out harmful actions.
It includes silently downloading and installing malware, subscribing users to premium SMS services, which results in unexpected charges, or initiating calls to premium rate numbers, which incurs high costs.
Even more serious, QR code exploits can steal login credentials, launch denial-of-service attacks, compromise user networks, and damage the reputation of targeted individuals or organizations.
According to SonicWall Indicators of Compromise (IOCs) and URLs suspected to be malicious, likely file hashes are represented in hexadecimal format, which could be compared to a database of known malicious files to identify potential threats.
The URLs are obfuscated with techniques like character substitution (e.g., ‘r’ for ‘e’).
Decoded, these URLs could lead to phishing sites or malware downloads, while analyzing these IOCs and URLs together can help security professionals detect and prevent cyberattacks.
Are you from SOC/DFIR Teams? – Sign up for a free ANY.RUN account! to Analyse Advanced Malware Files
The post Beware Of Malicious PDF Files That Mimic As Microsoft 2FA Security Update appeared first on Cyber Security News.
Muddling Meerkat Using DNS As A Powerful Weapon For Sophistication
Muddling Meerkat Using DNS As A Powerful Weapon For Sophistication
[[{“value”:”
Hackers exploit DNS vulnerabilities to redirect users to malicious websites, launch distributed denial-of-service (DDoS) attacks by overwhelming DNS servers, and manipulate domain resolutions to intercept traffic for surveillance or data theft purposes.
Infoblox researchers recently revealed “Muddling Meerkat,” a highly sophisticated likely Chinese state actor able to manipulate China’s Great Firewall internet censorship system.
This DNS-based threat bypasses security by generating massive distributed DNS query volumes propagated through open resolvers worldwide.
Document
Integrate ANY.RUN in Your Company for Effective Malware Analysis
Are you from SOC, Threat Research, or DFIR departments? If so, you can join an online community of 400,000 independent security researchers:
Real-time Detection
Interactive Malware Analysis
Easy to Learn by New Security Team members
Get detailed reports with maximum data
Set Up Virtual Machine in Linux & all Windows OS Versions
Interact with Malware Safely
If you want to test all these features now with completely free access to the sandbox:
Muddling Meerkat & Chinese Firewall
Leveraging its DNS expertise, Infoblox proactively discovered and blocked the actor’s domains to protect customers from this emerging cyber threat operating under China’s control of its national internet infrastructure.
Infoblox Threat Intel’s Dr. Renee Burton explained, “It was our unwavering focus on DNS data coupled with advanced data science and AI that enabled us to track down a Chinese-controlled DNS operator which we believe is behind the so-called ‘Muddling Meerkat’ campaign.”
The nickname denotes the campaign’s mysterious nature and its elaborate use of open resolvers and MX records to hide its tactics.
This discovery underscores for Infoblox customers the need for strong detection and response capabilities against such advanced threats based on DNS.
Not only that, but this actor’s activity also shows a deep understanding of domain name system (DNS) operations, which illustrates the importance of securing them.
Muddling Meerkat has been active since 2019 and shows a very high-level attack on the DNS system.
The Meerkat’s true intentions are currently unknown, but they seem to be related to reconnaissance. Initially, it was believed to be another type of slow-drip DDoS attack.
82% of this year’s threats were stopped by patented technology and Zero Day DNS capabilities before they could even make their first query, which amounts to a total of 46 million indicators identified in 2023 at a rate equal to .0002 percent false positives per one million queries.
Here below, we have mentioned all the sophisticated things that threat actors do in their operations:-
To provoke reactions from the Great Firewall, they can use non-MX records within Chinese IP ranges that will be false to show how their strategy involves using national infrastructure in new ways.
It can also be done by sending DNS queries for MX records as well as other types of domain name system resource record sets, such as those under common top-level domains like “.com” and “.org,” which are not owned or controlled by the threat actors. This helps hide the true intentions.
Another method is employing old domains created before 2000 to pass off as regular traffic on the domain name service while bypassing detection mechanisms, which only look for recently registered ones, indicating a deeper understanding of how DNS works.
Muddling Meerkat appears to be a Chinese state actor, because we can observe MX record responses from Chinese IP addresses that are not open on port 53 of Muddling Meerkat target domains over multiple years, I am confident those responses are results of the GFW,” researchers said.
Combat Email Threats with Easy-to-Launch Phishing Simulations: Email Security Awareness Training -> Try Free Demo
The post Muddling Meerkat Using DNS As A Powerful Weapon For Sophistication appeared first on Cyber Security News.
“}]] Read More
Cyber Security News