Winson Digital Techniques

  Ransomware has emerged as the only cryptocurrency-based crime to grow in 2023, with cybercriminals extorting nearly $175.8 million more than they did a year ago, according to findings from Chainalysis. "Ransomware attackers are on pace for their second-biggest year ever, having extorted at least $449.1 million through June," the blockchain analytics firm said"If this pace continues, ransomware attackers will extort $898.6 million from victims in 2023, trailing only 2021's $939.9 million." In contrast, crypto scams have pulled in 77% less revenue than they did through June of 2022, largely driven by the abrupt exit of VidiLook, which pays users VDL tokens in return for watching digital ads that then can be exchanged for large rewards. So have the inflows to illicit addresses associated with malware, darknet markets, child abuse material, and fraud shops. The development, following a decline in ransomware revenues in 2022, marks a reversal of sorts, wi...

  A developing ransomware called   Big Head   is being distributed as part of a malvertising campaign that takes the form of bogus Microsoft Windows updates and Word installers. Big Head was first documented by Fortinet FortiGuard Labs last month when it discovered multiple variants of the ransomware that are designed to encrypt files on victims' machines in exchange for a cryptocurrency payment. "One Big Head ransomware variant displays a fake Windows Update, potentially indicating that the ransomware was also distributed as a fake Windows Update," Fortinet researchers said. "One of the variants has a Microsoft Word icon and was likely distributed as counterfeit software." Most of the Big Head samples have been submitted from the U.S., Spain, France, and Turkey. In a new analysis of the .NET-based ransomware, Trend Micro detailed its inner workings, calling out its ability to deploy three encrypted binaries: 1.exe to propagate the malware, archive.exe to facili...

  Malicious actors exploited an unknown flaw in Revolut's payment systems to steal more than $20 million of the company's funds in early 2022. The development was reported by the Financial Times, citing multiple unnamed sources with knowledge of the incident. The breach has not been disclosed publicly. The fault stemmed from discrepancies between Revolut's U.S. and European systems, causing funds to be erroneously refunded using its own money when some transactions were declined. The problem was first detected in late 2021. But before it could be closed, the report said organized criminal groups leveraged the loophole by "encouraging individuals to try to make expensive purchases that would go on to be declined." The refunded amounts would then be withdrawn from ATMs. The exact technical details associated with the flaw are currently unclear. About $23 million was stolen in total, with some funds recovered by pursuing those who had withdrawn cash. The mass fraud s...

  Ransomware attacks are a major problem for organizations everywhere, and the severity of this problem continues to intensify. Recently, Microsoft's Incident Response team investigated the BlackByte 2.0 ransomware attacks and exposed these cyber strikes' terrifying velocity and damaging nature. The findings indicate that hackers can complete the entire attack process, from gaining initial access to causing significant damage, in just five days. They waste no time infiltrating systems, encrypting important data, and demanding a ransom to release it. This shortened timeline poses a significant challenge for organizations trying to protect themselves against these harmful operations. BlackByte ransomware is used in the final stage of the attack, using an 8-digit number key to encrypt the data. To carry out these attacks, hackers use a powerful combination of tools and techniques. The investigation revealed that they take advantage of unpatched Microsoft Exchange Servers—an ...

  South Korean education, construction, diplomatic, and political institutions are at the receiving end of new attacks perpetrated by a China-aligned threat actor known as the   Tonto Team . "Recent cases have revealed that the group is using a file related to anti-malware products to ultimately execute their malicious attacks," the AhnLab Security Emergency Response Center (ASEC)  in a report published this week. Tonto Team, active since at least 2009, has a track record of targeting various sectors across Asia and Eastern Europe. Earlier this year, the group was attributed to an unsuccessful phishing attack on cybersecurity company Group-IB. The attack sequence discovered by ASEC starts with a Microsoft Compiled HTML Help (.CHM) file that executes a binary file to side-load a malicious DLL file (slc.dll) and launch ReVBShell, an open source VBScript backdoor also put to use by another Chinese threat actor called Tick. ReVBShell is subsequently l...

  The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has   added   two vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The two flaws are listed below - CVE-2023-20963 (CVSS score: 7.8) - Android Framework Privilege Escalation Vulnerability CVE-2023-29492 (CVSS score: TBD) - Novi Survey Insecure Deserialization Vulnerability "Android Framework contains an unspecified vulnerability that allows for privilege escalation after updating an app to a higher Target SDK with no additional execution privileges needed," CISA said in an advisory for CVE-2023-20963. Google, in its monthly Android Security Bulletin for March 2023,   acknowledged  "there are indications that CVE-2023-20963 may be under limited, targeted exploitation." The development comes as tech news site Ars Technica disclosed late last month that Android apps digitally signed by China's e-commerce com...