Malware, Phishing and System Administration

Tricky Phish Angles for Persistence, Not Passwords

Krebs on Security

JANUARY 7, 2020

Late last year saw the re-emergence of a nasty phishing tactic that allows the attacker to gain full access to a user’s data stored in the cloud without actually stealing the account password. The phishing lure starts with a link that leads to the real login page for a cloud email and/or file storage service.

Phishing

Phishing Passwords Accountability Authentication

Group-IB uncovers PerSwaysion – sophisticated phishing campaign targeting executives worldwide

Security Affairs

APRIL 30, 2020

Group-IB uncovered a new sophisticated phishing campaign, tracked as PerSwaysion, against high-level executives of more than 150 companies worldwide. . PerSwaysion is a highly-targeted phishing campaign. New round of phishing attempts leveraging current victim’s account usually takes less than 24 hours.

Phishing

Phishing Accountability Financial Services Cloud Migration

Florence, Ala. Hit By Ransomware 12 Days After Being Alerted by KrebsOnSecurity

Krebs on Security

JUNE 9, 2020

That last effort prompted a gracious return call the following day from a system administrator for the city, who thanked me for the heads up and said he and his colleagues had isolated the computer and Windows network account Hold Security flagged as hacked. We don’t know, but that’s the roll of the dice,” Holt said.

Ransomware

Ransomware System Administration Backups Technology

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

New Linux Malware Shikitega Can Take Full Control of Devices

eSecurity Planet

SEPTEMBER 15, 2022

AT&T Alien Labs has discovered a new Linux malware that can be used for highly evasive attacks, as the infection has been designed for persistence and runs on practically all kinds of Linux devices. Indeed, the two flaws were patched months ago, but many systems aren’t up to date and thus still vulnerable.

Malware

Malware Social Engineering System Administration Antivirus

Nitrogen shelling malware from hacked sites

Malwarebytes

JANUARY 31, 2024

Nitrogen is the name given to a campaign and associated malware that have been distributed via malicious search ads. Malicious ads The ads are displayed via Google searches for popular search terms related to programs used by IT and system administrators.

Malware

Malware Hacking System Administration Ransomware

Active Nitrogen campaign delivered via malicious ads for PuTTY, FileZilla

Malwarebytes

APRIL 9, 2024

In the past couple of weeks, we have observed an ongoing campaign targeting system administrators with fraudulent ads for popular system utilities. Victims are tricked into downloading and running the Nitrogen malware masquerading as a PuTTY or FileZilla installer. dll (Nitrogen).

System Administration

System Administration DNS Engineering Social Engineering

North Korean Lazarus APT group targets blockchain tech companies

Malwarebytes

APRIL 19, 2022

Since 2018, one of the Lazarus Group’s tactics has been to disguse AppleJeus malware as cryptocurrency trading platforms for both Windows and Mac. CISA warns that it uses these trojanized applications to gain access to victims’ computers, to spread other malware, and steal private keys or to exploit other security gaps.

Cryptocurrency

Cryptocurrency Social Engineering Computers and Electronics Engineering

MY TAKE: Memory hacking arises as a go-to tactic to carry out deep, persistent incursions

The Last Watchdog

MARCH 4, 2019

It was designed to make it convenient for system administrators to automate tasks and manage configurations across all Windows endpoints and servers in a company network. Another branch of attacks revolve around ransomware, crypto jacking, denial of service attacks and malware spreading activities.

Hacking

Hacking Energy and Utilities System Administration Accountability

Story of the Year: global IT outages and supply chain attacks

SecureList

DECEMBER 9, 2024

User data was stolen from Cisco Duo, a service that provides organizations with multi-factor authentication (MFA) and single sign-on (SSO) network access, as a consequence of a phishing attack targeting an employee of a third-party telephony provider. The breach allowed the threat actor to download SMS message logs. Why does it matter?

Internet

Internet Internet Risk Social Engineering

Top Cybersecurity Trends to Watch Out For in 2025

Centraleyes

DECEMBER 16, 2024

Verizons Data Breach Investigations Report showed that 74% of security breaches involve a human element, with system administrators and developers accounting for most of these errors. We are seeing increased use of AI to automate attacks, including malware generation and phishing campaigns.

Cybersecurity

Cybersecurity Insurance Cyber Insurance Risk

Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies

Security Affairs

APRIL 30, 2023

CERT-UA warns of a spear-phishing campaign conducted by APT28 group targeting Ukrainian government bodies with fake ‘Windows Update’ guides. Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks. ” reads the alert published by CERT-UA.

System Administration

System Administration Government Phishing Malware

FIN7 sysadmin behind “billions in damage” gets 10 years

Malwarebytes

APRIL 20, 2021

Hladyr is the systems administrator for the FIN7 hacking group, and is considered the mastermind behind the Carbanak campaign , a series of cyberattacks said to stolen as much as $900 million from banks in early part of the last decade. The malware. The campaigns all started with spear-phishing targeted at bank employees.

System Administration

System Administration Banking Malware Penetration Testing

Microsoft to notify Office 365 users of nation-state attacks

Security Affairs

FEBRUARY 8, 2021

Microsoft Defender for Office 365 protects all of Office 365 against advanced threats like business email compromise and credential phishing. The alerts are also sent to system administrators and security teams, who can directly contact the affected employees and take action to prevent their accounts take over.

System Administration

System Administration Hacking Cyber threats Accountability

Anatomy Of A Phishing Kit

SiteLock

APRIL 7, 2022

In this article, we look at a few phishing kits that were recently found in customer sites and compare their structure and complexity. What Is A Phishing Kit? Everyone has heard of phishing emails and phishing sites, but what exactly is a phishing ‘kit’. Phishing Kit – Citi Group. First, the address bar.

Phishing

Phishing Malware Engineering System Administration

Kimsuky APT poses as journalists and broadcast writers in its attacks

Security Affairs

JUNE 3, 2023

The APT group has persistently refined its social engineering tactics, making its spear-phishing campaigns progressively harder to detect. “In many instances, Kimsuky actors do not attach malware to their initial email. “Usually, the questions will revolve around current events and whether U.S.

Social Engineering

Social Engineering Phishing System Administration Engineering

The Phight Against Phishing

Digital Shadows

AUGUST 17, 2021

What is Phish(ing)? But, never mind the dozens of other reports and white papers about phishing that come out every year from security industry leaders, let’s take a look at the 2021 Verizon DBIR. Why should I care about Phish? The reason why phishing is still reigning supreme?

Phishing

Phishing Accountability Social Engineering Mobile

Ransomware – Stop’em Before They Wreak Havoc

Thales Cloud Protection & Licensing

MAY 17, 2023

Ransomware is a vicious type of malware that infects your laptop/desktop or server. Cybercriminals use it as a launching pad to block access to business-critical systems by encrypting data in files, databases, or entire computer systems, until the victim pays a ransom. What is Ransomware?

Ransomware

Ransomware Encryption Authentication System Administration

Russian-speaking cybercrime evolution: What changed from 2016 to 2021

SecureList

OCTOBER 20, 2021

We also review what pushed cybercriminals to transform their operations into the now well-known malware-as-a-service model — the use of cloud servers, the decreasing relevance of custom malware and the subsequent emergence of small, agile teams. Malware developers — no longer hiring. Client-side attacks on the wane.

Cybercrime

Cybercrime Banking Malware Ransomware

FIN7 cybercrime gang creates fake cybersecurity firm to recruit pentesters for ransomware attacks

Security Affairs

OCTOBER 22, 2021

FIN7, operating under the guise of Bastion Secure, published job offers for programmers (PHP, C++, Python), system administrators, and reverse engineers. The gang was looking for administrators to map out compromised companies’ networks and locate sensitive data, including backup.

Cybercrime

Cybercrime Ransomware Cybersecurity Backups

Black Hat AI Tools Fuel Rise in Business Email Compromise (BEC) Attacks

eSecurity Planet

JULY 13, 2023

“WormGPT produced an email that was not only remarkably persuasive but also strategically cunning, showcasing its potential for sophisticated phishing and BEC attacks” (screenshot below). ” Just last week, Acronis reported that AI tools like ChatGPT have been behind a 464% increase in phishing attacks this year.

Cybercrime

Cybercrime Phishing Marketing System Administration

5 Emotions Used in Social Engineering Attacks [with Examples]

SecureWorld News

MARCH 11, 2022

He writes about this in his book, "Ghost in the Wires": "I would call the company I'd targeted, ask for their computer room, make sure I was talking to a system administrator, and tell him, 'This is [whatever fictitious name popped into my head at that moment], from DEC support. Mitnick says his favorite emotional tool was fear.

Social Engineering

Social Engineering Engineering Phishing Accountability

MY TAKE: Why monetizing data lakes will require applying ‘attribute-based’ access rules to encryption

The Last Watchdog

JUNE 2, 2021

The best evidence of this is how email has become a battleground where companies must continually defend attackers’ endlessly creative efforts to manipulate email to circulate malware and distribute phishing ruses. In fact, it highlights how the migration to cloud services has expanded the attack surface.

Encryption

Encryption Artificial Intelligence IoT Data collection

Cloud Hopper operation hit 8 of the world’s biggest IT service providers

Security Affairs

JUNE 27, 2019

“APT10 often attacked a service provider’s system by “spear-phishing” – sending company employees emails designed to trick them into revealing their passwords or installing malware. APT10 hackers also targeted the customers of the IT companies stealing plans, blueprints, personal information, and other data.

Identity Theft

Identity Theft Hacking Advertising System Administration

Top IT Areas You Need to Check to Strengthen Your Cybersecurity

CyberSecurity Insiders

SEPTEMBER 24, 2021

From phishing attacks to ransomware attacks, business owners need to be adequately prepared to prevent further damage. . Human errors often lead to data breaches, malware, and virus attacks that might compromise the company’s systems. Besides, cybercriminals are becoming craftier with sophisticated technology. Human Resources.

Cybersecurity

Cybersecurity Data breaches Backups Firewall

Red Team vs Blue Team vs Purple Team: Differences Explained

eSecurity Planet

FEBRUARY 21, 2023

Blue teams consist of security analysts, network engineers and system administrators. A red team’s activity can extend beyond cybersecurity attacks and vulnerability scanning to include phishing , social engineering , and physical compromise campaigns lasting weeks or more.

Social Engineering

Social Engineering Penetration Testing Engineering Risk

Three members of FIN7 (Carbanak) gang charged with stealing 15 million credit cards

Security Affairs

AUGUST 2, 2018

The gang stole over a billion euros from banks across the world, the name “Carbanak” comes with the name of the malware they used to compromise computers at banks and other financial institutions. Hladyr is suspected to be a system administrator for the group. The man is suspected to be a supervisor of the group.

Banking

Banking Cybercrime Identity Theft Penetration Testing

Fake Company Sheds Light on Ransomware Group Tactics

eSecurity Planet

NOVEMBER 4, 2021

They’re known for their credit card malware and phishing campaigns. They targeted specific profiles such as system administrators who know how to map corporate networks, locate backups and identify users within a system, which are critical steps in ransomware attacks. practice assignments and job interviews.

Ransomware

Ransomware Backups Penetration Testing System Administration

Top 10 web application vulnerabilities in 2021–2023

SecureList

MARCH 12, 2024

During one of the projects, an SQL injection into an application that was open to signup by any internet user let us obtain the credentials of an internal system administrator. An XSS attack against the application’s clients can be used for obtaining user authentication information, such as cookies, phishing or spreading malware.

Passwords

Passwords Authentication Architecture Risk

Know Your Code

SiteLock

JANUARY 13, 2022

This can include any number of the following activities: Processing phishing data – They can set up your site as a phishing site or simply as a location to store data from a phishing site. Maarten Broekman has worked as a system administrator and systems engineer for over 25 years, primarily in the shared web-hosting space.

Cryptocurrency

Cryptocurrency Phishing Software System Administration

Behind The Code: wpyii2 The Fake WordPress Plugin

SiteLock

MAY 16, 2022

The SiteLock Malware Research Team (SMRT) detected and remediated numerous phishing kits installed on a customer site in a variety of locations. First, we find a post on the WordPress forums that implies a plugin was “resurrected as malware” with the similar header information. About The Author.

Malware

Malware System Administration Engineering Phishing

Is Cloud Storage Safe From Ransomware?

Spinone

FEBRUARY 18, 2020

These are words that no system administrator or business leader wants to hear from anyone using a computer on their network. It makes sense then that the bad guys are taking notice of the trends in enterprise data storage and developing malware, including ransomware, that will target your cloud environments.

Ransomware

Ransomware Encryption Malware Backups

Cyber Security Awareness and Risk Management

Spinone

DECEMBER 26, 2018

Social engineering attacks , including phishing, spam, and viruses introduced via clickable links within e-mail affected 80% of the banking institutions in 2016. VoIP phishing and impersonation also victimized millions of corporate employees across the world , contributing to an even greater cyber threat.

Security Awareness

Security Awareness Risk Cyber threats Cyber Risk

Top Cybersecurity Trends to Watch Out For in 2025

Centraleyes

DECEMBER 16, 2024

Verizons Data Breach Investigations Report showed that 74% of security breaches involve a human element, with system administrators and developers accounting for most of these errors. We are seeing increased use of AI to automate attacks, including malware generation and phishing campaigns.

Cybersecurity

Cybersecurity Insurance Cyber Insurance Risk

Ransomware Gangs and the Name Game Distraction

Krebs on Security

AUGUST 5, 2021

It’s nice when ransomware gangs have their bitcoin stolen, malware servers shut down, or are otherwise forced to disband. REvil’s last big victim was Kaseya , a Miami-based company whose products help system administrators manage large networks remotely. ” That CrowdStrike report was from July 2019. .

Ransomware

Ransomware Cybercrime Malware System Administration

The Hacker Mind Podcast: Beyond MITRE ATT&CK

ForAllSecure

AUGUST 16, 2022

They're the long game operations where something as small as a single phishing email could escalate into millions of IDs being exfiltrated. Living off the land or fireless malware is a threat actor leveraging the utilities readily available on a system. And so then it becomes Okay, well, how can you defend against this?

InfoSec

InfoSec Firewall Engineering System Administration

IT threat evolution Q2 2021

SecureList

AUGUST 12, 2021

We discovered the malware as part of an attack against a high-profile organization in Vietnam. We found the loader for this file so interesting that we decided to base one of the tracks of our Targeted Malware Reverse Engineering course on it. The exploit-chain attempts to install malware in the system through a dropper.

Ransomware

Ransomware Malware Banking Encryption

Top Cybersecurity Accounts to Follow on Twitter

eSecurity Planet

DECEMBER 3, 2021

Brian Krebs is an independent investigative reporter known for his coverage of technology, malware , data breaches , and cybercrime developments. Russian software engineer Eugene Kaspersky’s frustration with the malware of the 80s and 90s led to the founding of antivirus and cybersecurity vendor Kaspersky Lab. — thaddeus e.

Accountability

Accountability Cybersecurity Penetration Testing InfoSec

China-linked APT group MirrorFace targets Japan

Security Affairs

JANUARY 10, 2025

Campaign A (20192023): Used emails with malware attachments (LODEINFO) to target politicians, media, and government. Campaign C (2024): Delivered malware (ANEL) via email links, targeting academia and think tanks, evolving to abuse Visual Studio Code. .“This Track antivirus detections carefully.

Antivirus

Antivirus Malware System Administration Technology

Tricky Phish Angles for Persistence, Not Passwords

Group-IB uncovers PerSwaysion – sophisticated phishing campaign targeting executives worldwide

Webinars

Trending Sources

Florence, Ala. Hit By Ransomware 12 Days After Being Alerted by KrebsOnSecurity

Webinars

New Linux Malware Shikitega Can Take Full Control of Devices

Nitrogen shelling malware from hacked sites

Active Nitrogen campaign delivered via malicious ads for PuTTY, FileZilla

North Korean Lazarus APT group targets blockchain tech companies

MY TAKE: Memory hacking arises as a go-to tactic to carry out deep, persistent incursions

Story of the Year: global IT outages and supply chain attacks

Top Cybersecurity Trends to Watch Out For in 2025

Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies

FIN7 sysadmin behind “billions in damage” gets 10 years

Microsoft to notify Office 365 users of nation-state attacks

Anatomy Of A Phishing Kit

Kimsuky APT poses as journalists and broadcast writers in its attacks

The Phight Against Phishing

Ransomware – Stop’em Before They Wreak Havoc

Russian-speaking cybercrime evolution: What changed from 2016 to 2021

FIN7 cybercrime gang creates fake cybersecurity firm to recruit pentesters for ransomware attacks

Black Hat AI Tools Fuel Rise in Business Email Compromise (BEC) Attacks

5 Emotions Used in Social Engineering Attacks [with Examples]

MY TAKE: Why monetizing data lakes will require applying ‘attribute-based’ access rules to encryption

Cloud Hopper operation hit 8 of the world’s biggest IT service providers

Top IT Areas You Need to Check to Strengthen Your Cybersecurity

Red Team vs Blue Team vs Purple Team: Differences Explained

Three members of FIN7 (Carbanak) gang charged with stealing 15 million credit cards

Fake Company Sheds Light on Ransomware Group Tactics

Top 10 web application vulnerabilities in 2021–2023

Know Your Code

Behind The Code: wpyii2 The Fake WordPress Plugin

Is Cloud Storage Safe From Ransomware?

Cyber Security Awareness and Risk Management

Top Cybersecurity Trends to Watch Out For in 2025

Ransomware Gangs and the Name Game Distraction

The Hacker Mind Podcast: Beyond MITRE ATT&CK

IT threat evolution Q2 2021

Top Cybersecurity Accounts to Follow on Twitter

China-linked APT group MirrorFace targets Japan

Stay Connected