The operators of the Glupteba botnet resurfaced in June 2022 as part of a renewed and “upscaled” campaign, months after Google disrupted the malicious activity.

The ongoing attack is suggestive of the malware’s resilience in the face of takedowns, cybersecurity company Nozomi Networks said in a write-up. “In addition, there was a tenfold increase in TOR hidden services being used as C2 servers since the 2021 campaign,” it noted.

The malware, which is distributed through fraudulent ads or software cracks, is also equipped to retrieve additional payloads that enable it to steal credentials, mine cryptocurrencies, and expand its reach by exploiting vulnerabilities in IoT devices from MikroTik and Netgear.

It’s also an instance of an unusual malware that leverages blockchain as a mechanism for command-and-control (C2) since at least 2019, rendering its infrastructure resistant to takedown efforts as in the case of a traditional server.

Specifically, the botnet is designed to search the public Bitcoin blockchain for transactions related to wallet addresses owned by the threat actor so as to fetch the encrypted C2 server address.

images from Hacker News

Threat actors continue to adapt to the latest technologies, practices, and even data privacy laws—and it’s up to organizations to stay one step ahead by implementing strong cybersecurity measures and programs.

Here’s a look at how cybercrime will evolve in 2023 and what you can do to secure and protect your organization in the year ahead.

Increase in digital supply chain attacks

With the rapid modernization and digitization of supply chains come new security risks. Gartner predicts that by 2025, 45% of organizations worldwide will have experienced attacks on their software supply chains—this is a three-fold increase from 2021. Previously, these types of attacks weren’t even likely to happen because supply chains weren’t connected to the internet. But now that they are, supply chains need to be secured properly.

The introduction of new technology around software supply chains means there are likely security holes that have yet to be identified, but are essential to uncover in order to protect your organization in 2023.

If you’ve introduced new software supply chains to your technology stack, or plan to do so sometime in the next year, then you must integrate updated cybersecurity configurations. Employ people and processes that have experience with digital supply chains to ensure that security measures are implemented correctly.

images from Hacker News

A Rust variant of a ransomware strain known as Agenda has been observed in the wild, making it the latest malware to adopt the cross-platform programming language after BlackCat, Hive, Luna, and RansomExx.

Agenda, attributed to an operator named Qilin, is a ransomware-as-a-service (RaaS) group that has been linked to a spate of attacks primarily targeting manufacturing and IT industries across different countries.

A previous version of the ransomware, written in Go and customized for each victim, singled out healthcare and education sectors in countries like Indonesia, Saudi Arabia, South Africa, and Thailand.

Agenda, like Royal ransomware, expands on the idea of partial encryption (aka intermittent encryption) by configuring parameters that are used to determine the percentage of file content to be encrypted.

images from Hacker News

Meta Platforms disclosed that it took down no less than 200 covert influence operations since 2017 spanning roughly 70 countries across 42 languages.

The social media conglomerate also took steps to disable accounts and block infrastructure operated by spyware vendors, including in China, Russia, Israel, the U.S. and India, that targeted individuals in about 200 countries.

“The global surveillance-for-hire industry continues to grow and indiscriminately target people – including journalists, activists, litigants, and political opposition – to collect intelligence, manipulate and compromise their devices and accounts across the internet,” the company noted in a report published last week.

The networks that were found to engage in coordinated inauthentic behaviour (CIB) originated from 68 countries. More than 100 nations are said to have been targeted by at least one such network, either foreign or domestic.

With 34 operations, the U.S. emerged as the most frequently targeted nation during the five-year period, followed by Ukraine (20) and the U.K. (16).

images from Hacker News

Google on Friday announced that its client-side encryption for Gmail is in beta for Workspace and education customers as part of its efforts to secure emails sent using the web version of the platform.

The development comes at a time when concerns about online privacy and data security are at an all-time high, making it a welcome change for users who value the protection of their personal data.

To that end, Google Workspace Enterprise Plus, Education Plus, and Education Standard customers can apply to sign up for the beta until January 20, 2023. It’s not available to personal Google Accounts.

“Using client-side encryption in Gmail ensures sensitive data in the email body and attachments are indecipherable to Google servers,” the company said in a post. “Customers retain control over encryption keys and the identity service to access those keys.”

It is important to know that the latest safeguards offered by Gmail is different from end-to-end encryption.

images from Hacker News