DailyPost 2755
NEW PHISHING CAMPAIGN
In the fast-moving world of cyber security, not only do we have platform criminality we also have campaigns, and phishing can be one favorite example. The current one pertains to a new phishing campaign targeting at oil and gas with evolved data stealing malware. Phishing is known malaise of the cyber world to gain entry and then wreak devastation. It has any number of types; spear phishing and whaling phishing to name a few. What is making waves in the oil and natural gas cyber security is an updated version of Rhadamanthys, an information stealing malware. It is specifically being used in phishing campaigns targeting the oil and gas sector.
These mails are carefully crafted using unique vehicle incident lure. As the infection progresses into the later stages of the infection chain, they spoof the Federal Bureau of Transportation in a PDF “that mentions a significant fine for the incident.” The malicious link provided in the email uses an open redirect flow to connect the victim to a link hosting the supposed PDF document. The reality is otherwise. It is an “image that upon clicking downloads a ZIP archive with the stealer payload.”
This done, Rhadamanthys establishes connection with the command-and-control server, to harvest sensitive data from the compromised hosts. Why is this malware proclaimed to be an evolved one? The threat actors have created a combination of an information stealer and a LockBit ransomware variant. Trend Micro was supposed to have predicted that Rhadamanthys would come “bundled with a leaked LockBit payload, alongside a clipper malware and cryptocurrency miner.” What we are witnessing of late is a steady stream new stealer malware families like Sync Scheduler and Mighty stealer.
Indonesia has seen the emergence of malspam campaign that employs banking related lures. It uses the Agent Tesla malware to plunder sensitive information. According to Check Point Agent Tesla had set its eyes on Australia and US too. Deep research shows that Agent Tesla was secured by Cassandra Protector, which helped protect the malware programs against reverse-engineering or modification efforts. Interestingly, the messages are “sent via an open-source webmail tool called Round Cube.” The ease provided to conduct cybercrime operations makes it scary. It has become a low threshold game. “Anyone willing to provoke victims to launch the malware via spam campaigns can do so.”
HOW TO TAME THIS MULTI-HEADED HYDRA SEEMS TO BE BEYOND EVERYONE’S COMPREHENSION.
Sanjay Sahay
Have a nice evening.