In a glance.
- Gamaredon continues to target Ukraine.
- A RedLine thief disguised as a game cheat.
- Emotet’s place in the malware landscape.
- The dangers of quantum computing.
Gamaredon continues to target Ukraine.
Cisco Talos Says Russian threat actor Gamaredon (also known as Primitive Bear) continues to conduct espionage campaigns against Ukrainian organizations. The threat actor uses malicious emails to distribute malicious Microsoft Office documents:
“Cisco Talos has discovered Gamaredon APT activity targeting users in Ukraine with malicious LNK files distributed in RAR archives. The campaign, part of an ongoing espionage operation noted as recently as August 2022, aims to deliver information-stealing malware to Ukrainian victims’ devices and make them heavy-duty several Standardized PowerShell and VBScript (VBS) scripts as part of the infection chain. Infostealer is a dual-purpose malware that includes capabilities to extract specific file types and deploy additional script-based binary payloads on an infected endpoint.”
A RedLine thief disguised as a game cheat.
Kaspersky Warn That the RedLine Trojan is distributed with a package of malware that can be spread by posting YouTube videos containing malicious links. The researchers note that although this technique is unusual, it is achieved through “the use of relatively under-developed software”:
“In addition to the payload itself, the detected package is noteworthy for its self-publishing functions. Several files are responsible for this, which receive and post videos on infected users’ YouTube channels with links to a password-protected archive with the package in the description. The videos announce Reports cheats and breaches and provides hacking instructions for popular games and software.Among the games mentioned are APB Reloaded, CrossFire, DayZ, Dying Light 2, F1® 22, Farming Simulator, Farthest Frontier, FIFA 22, Final Fantasy XIV, Forza and Lego Star Wars and Osu!, Point Blank, Project Zomboid, Rust, Sniper Elite, Spider-Man, Stray, Thymesia, VRChat and Walken. According to Google, the hacked channels were quickly terminated for violating the company’s community guidelines.”
Emotet’s place in the malware landscape.
Researchers at AdvIntel note More than 1.2 million Emotetes have been infected since the beginning of 2022. Most of the infections (35.7%) are in the United States. The researchers also warn that the Quantum and BlackCat ransomware groups are now using a botnet to distribute malware after the dissolution of Conti in June 2022. BleepingComputer Add Significant spikes in Emotet activity were observed by both AdvIntel and ESET in 2022.
According to Check Point visibility, FormBook infostealer replaced Emotet as the most prevalent malware strain in August 2022, followed by AgentTesla Trojan, XMRig cryptominer, and Guloader downloader.
The dangers of quantum computing.
Deloitte has published Results of a survey on awareness of cybersecurity risks related to quantum computing. The survey found that just over half (50.2%) of respondents are familiar with “harvest now, decrypt later” attacks. These attacks involve stealing encrypted data and storing it until a quantum computer is developed that can crack the encryption.
26.6% of survey respondents said their organization has already conducted a quantum computing risk assessment, while 18.4% plan to conduct an assessment within one year.
Additionally, 27.7% of survey respondents said their organizations were more likely to tackle quantum risks after regulatory pressure, while 20.7% cited a leadership demand within the organization “to enable cryptographic agility that can address algorithms outdated by quantum computing.” “