The Week Of MOVEit Tremors


While ransomware group Cl0p had a field day tapping the MOVEit vulnerability, Google released its Secure AI Framework (SAIF), officially joining the AI security bandwagon. 

The Google Secure AI Framework (SAIF), a conceptual framework aimed at establishing robust security standards for AI development and deployment, follows the European Commission’s draft Artificial Intelligence Act and Microsoft’s efforts in AI security.  

The declared aim of the framework was to addresses security risks, integrate various security efforts with Google’s AI platforms, encourage research, and emphasize the delivery of secure AI offerings.  

However, it also seemed to align more with Google’s business interests than the greater good, by bolstering its reputation, differentiating its products, and ensuring customer retention. 

MOVEit tremors won’t end 

It seems like the world is still grappling with the effects of the MOVEit transfer vulnerability being actively exploited. 

In the latest update on the MOVEit data leak incident, the Cl0p ransomware group has issued ultimatums to several victims, including big names like the BBC, British Airways, and Boots.  

The deadline for the release of stolen data has been extended to June 14, 2023, unless the ransom is paid. The hackers have even provided email addresses for affected companies to initiate conversations regarding ransom payments or to request sample files as proof of their claims. 

Not only were MOVEit Transfer clients affected, but companies that used the services of Zellis, the payroll service provider, were also impacted by the security breach. It’s alarming to see the extent of this breach and the potential consequences for those involved. 

Anonymous Sudan hits Microsoft 

Meanwhile, Anonymous Sudan launched a fresh wave of DDoS attacks on American organizations, including Microsoft 

The hacktivist group seemingly misunderstood a statement made by the US Secretary of State, which led to these attacks. It’s unfortunate to see how misunderstandings can escalate into such large-scale malicious activities! 

On the topic of malicious activities, Cyble Research and Intelligence Labs (CRIL) found that over 45,000 users fell victim to malicious PyPI packages 

PyPI administrators temporarily suspended new user and project registrations due to an overwhelming surge in malicious users and projects. It’s concerning to see how these malicious actors exploit platforms and put innocent users at risk. 

Additionally, we have come across some information about new ransomware gangs.  

Ransomware gangs: appearance and reappearance 

The Darkrace ransomware gang seems to be in its early stages, targeting Windows operating systems and exhibiting similarities to the LockBit ransomware.  

CRIL researchers found NoEscape, a newly discovered Ransomware-as-a-Service (RaaS) initiative, being promoted on a cybercrime forum.  

The NoEscape RaaS dashboard panel and builder page revealed the range of executable building options offered, including Windows and Linux/ESXi servers.

Affiliates can customize the ransomware executables by specifying various parameters such as ransomware name, key name, comment, price, and timer type, it seemed! 

On the other hand, the notorious LockBit 2.0 ransomware group has resurfaced, utilizing various methods to spread its malware and employing a double extortion technique to increase their chances of receiving ransom payments. 

“The Lockbit ransomware has taken a surprising turn by adopting the old strategy of distributing its payload through malicious documents,” wrote CRIL researchers. 

“This shift in behavior has caught us off guard, making it difficult to predict the motives behind this change.”  

Private messengers: Neither private, nor safe 

We all use messenger apps under the false hope that the chats are private and safe. We were proven wrong time and again. 

Take the case about this Android malware called “HelloTeacher,” which disguises itself as popular messaging applications like Viber or Kik Messenger.  

This malware has the capability to steal sensitive data, including contact details, SMS data, and even capturing pictures and recording screens. It’s alarming to see how these malware creators continue to evolve their tactics. 

These incidents serve as reminders of the constant threats we face in the digital world. It’s crucial for us to remain vigilant and take necessary precautions to protect our systems and data.





Source link