Threat actors continue to expand their net and compromise systems worldwide in today’s evolving cyber threat landscape. Follow this article for the latest phishing and breach-related updates this week. It is crucial to watch out for potential problems and take necessary phishing protection measures with regard to your company.
Hackers Using New Tactics Like Coercion To Extort Payments
GuidePoint Security recently published its Q1 2023 GRIT Ransomware Report, in which researchers say that prominent ransomware groups are increasingly adopting innovative coercive strategies like double extortion modus operandi. Furthermore, they observed Medusa and AlphV leaking sensitive information and pressuring victims to pay.
- In 2023 beginning, the LockBit ransomware group released negotiation chat logs with one of its victims, Royal Mail, which had failed.
- Although it is not an entirely new method, the ransomware groups probably use it to deter aggressive negotiation tactics and strengthen the effectiveness of their shaming strategies.
- Other coercive measures that ransomware groups deploy include launching DDoS attacks and leaking selective data to the public to gain media attention and cause reputational damage to targeted organizations.
Israel: Cybercriminals Leak Personal Details As Netanyahu’s Facebook Account Targeted
Cybercriminals targeted Israeli Prime Minister Benjamin Netanyahu’s Facebook account on Wednesday evening and leaked identities and names of numerous Israelis. Additionally, another cyber-attack targeted the country’s Atid group.
The cybercriminals started broadcasting audio content in Persian and Arabic on Netanyahu’s account, which the authorities removed “minutes” after the attack. According to Yedioth Ahronoth, a hacker group that goes by the name Sharpboys published “a file with 200,000 records, including victim names, identity cards, and addresses.”
In response, the Atid group said, “Hackers from hostile countries attempted to compromise the accounts of leading educational institutions in Israel, and we thwarted the attempt. As far as we know, little information was leaked.”
Researchers Discover A New macOS Info-Stealer – Atomic.
The Cyble research team discovered the latest info-stealer malware, which steals sensitive information like cookies, financial details, local files, and passwords stored in macOS browsers. Named Atomic macOS Stealer (aka AMOS or Atomic), the developer is enhancing it with new features, and it received the latest update on April 25.
According to the researchers, Atomic is available for download on a private Telegram channel for a monthly subscription of $1,000. It scans the system for installed software and steals details from them. The targeted applications are cryptocurrency wallets (Electrum, Atomic, Binance, and Exodus) and web browsers (Google Chrome, Firefox, Opera, Microsoft Edge, Yandex, and Vivaldi).
Image sourced from tidalcyber.com
Cyberattack Disrupts A Massachusetts City Government, Shuts Down Computers
The City of Lowell recently alerted its residents about a cyberattack that targeted the municipality’s computer systems.
City Manager Tom Golden said, “We realized around 3 to 5 a.m. Monday that there was a breach”, further adding that phones, emails, and other city systems were down as a result.
“The City’s Management Information Systems Department (MIS) discovered a network disruption impacting various systems. Consequently, the MIS determined that the best action was segmenting and isolating the systems to troubleshoot them further. Hence, phones, servers, networks, and systems throughout the City remained inaccessible as we focused on protecting the City’s data assets,” said a statement on Lowell city’s Twitter page.
Cybercriminals Use Over 3,000 Fake Facebook Profiles For Luring Victims
Group-IB researchers detected a huge phishing campaign between February and March involving fake Meta support staff Facebook profiles. The attackers used approximately 3,200 profiles they created or hacked from genuine users. Out of the fake profiles, cybercriminals made 1,200 in March alone.
According to the researchers, the hackers developed these pages in over 20 different languages, and the key targets included public figures, sports personalities, celebrities, and businesses.
When the potential victims clicked on the links on these fake pages, they were redirected to over 220 phishing sites having Meta or Facebook branding. The researchers said that the cybercriminals used these sites for phishing or session hijacking attacks.
US Navy Contractor, The Fincantieri Marine Group Targeted In A Cyber-Attack
A US commercial and defense shipbuilder having ties with the government became a ransomware attack target on April 12.
Fincantieri Marine Group (FMG) acknowledged the cyberattack in a statement to USNI News last week and said it affected its email server and network operations. The statement reads, “The Fincantieri Marine Group suffered a network breach last week that explains the temporary disruption to a few computer systems on its network.”
“Our network security officials immediately isolated the targeted systems and reported the incident to the relevant partners and agencies. Furthermore, we roped in additional resources for investigating the incident and quickly restoring full functionality to the impacted systems.”
The company is a subsidiary of Italy-based Fincantieri SpA. It said no evidence suggests that the cyberattack impacted employees’ personal information.
The incident highlights the potential impact of such attacks on industrial control systems and why businesses need robust detection systems to identify and respond to such threats. Even if there was no data theft, the disruption caused by the attack has severe operational and financial implications.