November 1 global network security hotspot

Safety information report

The United States TrickBot Malware developers may face 60 Year imprisonment

One is believed to be TrickBot Russian nationals who are members of the malware development team have been extradited to the United States , He is now facing a possible prison sentence 60 Charges in .

The indictment says ,38 Year old Vladimir Dunaev, Also known as FFX, Is a malware Developer , Be responsible for supervising TrickBot Creation of browser injection module .

He is the second to be arrested with the Ministry of justice this year TrickBot Gang related malware developers .2 month , Latvian nationals Alla Witte, also called Max, Arrested for writing code related to extortion software control and deployment .

According to the indictment ,TrickBot The gang has at least 17 Members of the team , Each member has specific attributes in action ：

• Malware Manager - Outline programming requirements 、 Managing finance 、 Deploy TrickBot malice
• Software developer - Development TrickBot Module and give it to others for encryption
• Crypter- encryption TrickBot Module to avoid anti-virus detection
• Spammers - Distribute through spam and phishing activities TrickBot People who
• TrickBot On 2015 Years from Dyre Created in the ashes of the bank Trojan horse , Initially, it focused on stealing bank credentials by injecting and recording victim users' keys through the network

later , It has evolved into modular malware that can also distribute other threats . Now , The gang prefers to put blackmail software on the company's Network , In especial Conti.

It is believed that ,TrickBot Has infected millions of computers , Enable its operators to steal personal and sensitive information and steal funds from victims' bank accounts .

The malware affected the United States 、 The British 、 Australia 、 Belgium 、 Canada 、 Germany 、 India 、 Italy 、 Mexico 、 Spanish and Russian companies .

except Dunaev and Witta outside , The U.S. Department of justice also sued TrickBot Other members of the gang , Their names have not been made public , Distributed in many countries , Including Russia 、 Belarus and Ukraine .

News source ： 

https://www.bleepingcomputer.com/news/security/trickbot-malware-dev-extradited-to-us-faces-60-years-in-prison/

stay Covid-19 During the surge , Ransomware attacked Papua New Guinea

Bloomberg reports , The Finance Office of the government of Papua New Guinea was attacked by extortion software network , Hackers ask for bitcoin . Although many details surrounding the attack remain unclear , But it's clear , Hackers no longer use blackmail software only for the richest countries and richest companies .

Many services in Papua New Guinea are heavily dependent on foreign aid . Unknown hackers will PNG The financial department and its integrated financial management system as the goal , The system handles most of the financial assistance .

As report goes , The cyber attack took place last week , Although we know that hackers ask for bitcoin , But the Papua New Guinea government will not disclose how much money it wants . Bloomberg reports , under these circumstances , Foreign aid funds seem to have even been frozen , Although the mechanism of occurrence is not clear . most important of all , Papua New Guinea has been struggling in recent weeks to cope with the worst... To date covid-19 a surge . According to ABC News , The country currently has an average of about... Per day 388 Cases , It is generally accepted that , Due to poor detection , The actual figures are underestimated .

News source ： 

https://gizmodo.com/cowards-hit-papua-new-guinea-with-ransomware-during-cov-1847953543

Iran says Israel and the United States may be behind the cyber attack on gas stations

Iran's civil defense chief on Saturday accused Israel and the United States of being behind cyber attacks that could disrupt the entire Iranian gasoline sales , But said the technical investigation has not been completed .

“ We still can't confirm from the perspective of evidence , But from an analytical point of view , I think this is by the Zionist regime 、 Americans and their agents implement ,” The head of the civil defense department responsible for network security Gholamreza Jalali In an interview with state television, he said .

Iran has said in the past few years , Be highly vigilant against cyber attacks . Iran blamed those cyber attacks on its old enemies, the United States and Israel . meanwhile , The United States and other western countries accuse Iran of trying to destroy and invade their networks .

Iranian President Lech (Ebrahim Raisi) Said this week , The cyber attack was designed to create “ confusion ”. The attack disrupted Iranian gasoline sales .

Jalali say , According to the completed survey , Iran “ sure ” The United States and Israel are 7 On the Iranian railway and 2020 year 5 Behind the cyber attack on Abbas port in June .

Iran's state news agency (IRNA) Saturday said , Iran 4,300 About half of the gas stations have now been reconnected to the network , And resumed gasoline sales . A few hours after the cyber attack , Gas stations are gradually reopening , But it can only be operated manually .

News source ： 

https://cn.reuters.com/article/%E4%BC%8A%E6%9C%97%E7%A7%B0%E4%BB%A5%E8%89%B2%E5%88%97%E5%92%8C%E7%BE%8E%E5%9B%BD%E5%8F%AF%E8%83%BD%E6%98%AF%E5%8A%A0%E6%B2%B9%E7%AB%99%E7%BD%91%E7%BB%9C%E6%94%BB%E5%87%BB%E4%BA%8B%E4%BB%B6%E7%9A%84%E5%B9%95%E5%90%8E%E9%BB%91%E6%89%8B-idCNL4S2RR00G

Gartner：2021 year Q3 New extortion software has become the biggest emerging risk

according to Gartner The latest risk monitoring report ,2021 Third quarter of 2007 , The biggest concern of executives is “ New blackmail Software ” The threat of . Yes 294 A survey of executives from different industries and regions shows that , Concerns about ransomware outweigh epidemics .

Gartner Vice president of risk and audit Matt Shinkman Express ：“ Executives think , The negative impact of evolving blackmail software attacks is very serious , Among the many risks associated with the new crown pandemic and global supply chain disruption , Blackmail software attacks took the lead .”

The risk of the new extortion software model first appeared in the top five emerging risks in the third quarter , Because the biggest risk in the last quarter “ Network security control failed ” Has matured into an established risk . The remaining risks in the top five are related to the pandemic and its impact on work .

The new extortion software model has become the biggest threat to enterprises in many ways , This is closely related to the popularity of cryptocurrency . Cryptocurrency enhances the anonymity of attackers , At the same time, it also provides a new model for blackmail victims . The business model of ransomware has become more professional and efficient , Include “ Extort software as a service ” And bitcoin payment demand , Lead to a surge in attacks . The technology of attacking itself is also developing , The virus infects the backup system , Do not rely on Phishing as a carrier , More difficult to identify “ No documents ” and “ Encrypted hijacking ” Attack and other viruses .

News source ： 

http://www.199it.com/archives/1333980.html

AbstractEmu Malware quietly attacks Android equipment

AbstractEmu It's a new one Android Malware , It uses code abstraction and anti emulation checking to stop analysis from the moment the application opens . When a smartphone is infected , Malware can completely control the device while avoiding detection .

according to Lookout Threat Labs That's what I'm saying , share 19 individual Android The application is disguised as a utility application that contains rooting functions . In many rogue applications , One of them entered Google Play The store . Before being cleared by Google , It has attracted more than 10,000 Downloads .

It is said that these rogue applications are distributed through third-party stores , Samsung, for example Galaxy Store And Amazon app store . You can also do it in Aptoide、APKPure And other little-known markets .

This type of malware is destructive . It can be accessed through the rooting process Android operating system . Bad actors can silently grant dangerous permissions or install more malware , Without user interaction .

Lookout It has not been determined AbstractEmu Responsible company or individual . However , The company hinted that it was designed by a resource rich team , The motivation of the team is from Android Stealing money from smartphone users .

except AbstractEmu, It should also be noted that it belongs to UltimaSMS（ Fraud ） Part of the application . These applications have been Google Delete . However , Before they are cleared , They were downloaded 1050 Ten thousand times .

These applications look like video and photo editors 、 Call interceptors and other normal uses . However , What users don't know is what they think of them Android The equipment caused injury .

These fake apps can access the location of the phone and understand the language and area code . Once you get these details , They can use them to fish for more information , For example, e-mail address and telephone number . These applications will not lead to extortion software or identity theft . But they do want money .

When downloading one of these applications , Will automatically subscribe to SMS service . Will be charged monthly 40 Dollar fee . The amount will depend on the country of residence / Regional and mobile operators .

News source ： 

https://socialbarrel.com/abstractemu-malware-silently-attacks-android-devices/132947/

The police arrested the manufacturer 1,800 Hackers who repeatedly blackmail software attacks

Europol announced the arrest of 12 people , It is believed that they are related to 71 A country's 1,800 The victim's blackmail software attack . According to the law enforcement report , The attacker deployed LockerGoga、MegaCortex and Dharma Wait for blackmail Software , as well as Trickbot Malware and Cobalt Strike Later development tools .

LockerGoga and MegaCortex The infection peaked that year , Netherlands National Cybersecurity center (NCSC) A report from will 1,800 The secondary infection was attributed to Ryuk Blackmail Software .

The most noteworthy case related to the suspect is 2019 For Norwegian aluminum production giant NorskHydro The attack of , As a result, the company's operation has been seriously and long-term interrupted . The arrest took place on 2021 year 10 month 26 In Ukraine and Switzerland , Due to simultaneous raids , The police confiscated five luxury cars 、 Electronic equipment and 52,000 USD cash .

The attacker encrypted the infected system , And leave a ransom note , Ask victims to pay huge sums of money in bitcoin in exchange for decryption keys . Some of the people now arrested are believed to be responsible for money laundering , Use bitcoin hybrid services to cover up the trace of funds . The operation was a great success in law enforcement , This is due to... From seven European police departments 50 Multiple investigators 、 Six Europol experts and members of the FBI and the United States Secret Service .

News source ： 

https://www.bleepingcomputer.com/news/security/police-arrest-hackers-behind-over-1-800-ransomware-attacks/