Weekly Cybersecurity Recap Feb 18
Table of Contents
- By David Lukic
- Published: Feb 18, 2022
- Last Updated: May 18, 2022
The world is on edge as tempers are flaring by the Ukraine border, contentious Olympic drama unfolds, and cyber-attacks continue to spike. The United States is still the most targeted nation in the context of cyber-attacks through websites in Asia, and those specifically geared toward the Asian market are also being targeted at an elevated frequency. Here's a quick look at the top digital attacks from the week gone by.
Emotet Malware
Microsoft Excel files containing Emotet malware avoid detection to implement a multi-stage attack. This unique form of malware contains scripts that latently transmit a nasty payload. The latest version of the Emotet malware is sent through email messages.
Though Emotet first appeared in 2014, it has since evolved and is now considered to be a significant threat to computer users across the globe. The Emotet attack centers on thread hijacking that generates fake replies to email messages that have been compromised by Emotet in prior months.
The digital miscreants behind Emotet zero in on targeted individuals with social engineering, transmit the messages and disperse the Emotet malware to activate macro downloads that execute an HTML application. The application sends PowerShell stages that transmit the Emotet payload. The botnet component of the attack relies on data plucked from stolen emails to create phony replies that fool computer users into thinking the new message is genuine.
MyloBot Malware
MyloBot malware is sending sextortion emails. Though MyloBot existed in the past, it has reemerged to wreak additional havoc in 2022. This malware sends sextortion emails to those who visit adult websites, demanding that they pay a ransom in bitcoin.
The ransom request is transmitted with the use of harmful payloads. A victim who fails to pay the $2,700+ ransom suffers the unfortunate fate of his or her videos/pictures being uploaded on the internet. However, no one is quite sure as to whether such threats are legitimate. The hackers behind MyloBot insist they are capable of hacking webcams to capture the video footage in question.
MyloBot is advanced to the point that it eliminates competing forms of malware from targets' computers. This malware uses hollowing, in which code is sent to a suspended and hollowed process to avoid digital security barriers. Such a feat is possible with advanced memory unmapping that replaces the memory with arbitrary code to facilitate processing.
49ers Attack
The San Francisco 49ers NFL football franchise was hit by a cyber-attack during the league's biggest weekend. The attack occurred smack dab in the middle of Super Bowl weekend. BlackByte ransomware attackers stole sensitive information from the franchise. The hackers will not return the stolen data until the franchise meets its demands.
Though the 49ers' brass admitted the attack caused IT network issues, they did not reveal whether they would pay the ransom. BlackByte attacks are especially worrisome as they have been highlighted by the federal government as one of the most dangerous forms of ransomware.
Vendor Hacks
Several vendor hacking incidents were publicized earlier this week. The incidents impacted more than 600,000 people. One of the hacks was reported by a business that works on behalf of health plan providers. The other incident pertains to a government contractor. The former of the two breaches were reported in the second week of February. This incident went unreported for more than an entire year despite the fact that it affected nearly 95,000 individuals. To be more specific, the attack centered on fraudulent wire transfers.
The latter of the breaches, a 2021 ransomware attack, was recently reported to state and federal regulators on the first of February. Morley Companies issued the report, stating it affected more than 520,000 individuals.
