••• All important news related to new attacks and see the solutions we can offer you •••
DeathStalker APT Targets SMBs with Cyber Espionage
The hacker-for-hire group, operating since at least 2012, primarily targets financial firms.
Small and midsize businesses (SMBs) should have a new advanced persistent threat (APT) on their collective radar: DeathStalker has been targeting SMBs in the financial sector since at least 2012.
Kaspersky researchers tracking the group since 2018 report DeathStalker has targeted companies around the world.
Attackers don't seem motivated by financial gain; they don't deploy ransomware or steal payment data.
The focus is sensitive business data, which could mean DeathStalker offers hacker-for-hire services, or serves as a sort of "information broker," in financial circles.
DarkSide: New targeted ransomware demands million dollar ransoms
A new ransomware operation named DarkSide began attacking organizations earlier this month with customized attacks that have already earned them million-dollar payouts.
Starting around August 10th, 2020, the new ransomware operation began performing targeted attacks against numerous companies.
In a "press release" issued by the threat actors, they claim to be former affiliates who had made millions of dollars working with other ransomware operations.
After not finding a "product" that suited their needs, they decided to launch their own operation.
"We are a new product on the market, but that does not mean that we have no experience and we came from nowhere.
We received millions of dollars profit by partnering with other well-known cryptolockers. We created DarkSide because we didn't find the perfect product for us. Now we have it."
Cryptojacking worm steals AWS credentials from Docker systems
A cybercrime group known as TeamTNT is using a crypto-mining worm to steal plaintext AWS credentials and config files from compromised Docker and Kubernetes systems.
TeamTNT's cryptocurrency mining botnet was first reported in May by MalwareHunterTeam and further analyzed by Trend Micro researchers who discovered its affinity for misconfigured Docker containers.
According to researchers at Cado Security this is the first-ever worm that comes with AWS credential theft functionality on top of run-of-the-mill cryptomining modules.