Threatpost spoke with Check Point Research Director of Threat Intelligence Research Maya Horowitz, who highlighted a rising trend of cybercriminal groups joining forces and bolstering the underground cybercriminal economy through their coordinated activities. “In some cases, it’s just an as-a-service model, so the groups don’t necessarily have to know each other. But in many cases, the cooperation is so tight, that we have to assume that there’s something there behind the scenes, that these groups actually communicate and complete each other’s gaps in the attack chain,” Horowitz said. Actors would likely split the profit after a successful attack or provide payment for services. Their reasons could range from capitalizing on some groups’ expertise in certain parts of the attack chain, or as a smokescreen to confound researchers looking into their methods and tools, Horowitz said. Horowitz also touched on the top malware families expected to emerge after the dismantling of Emotet, naming Phorpiex, Dridex and QBot as potential top malwares for 2021.
Jill Aitoro is senior vice president of content strategy for CyberRisk Alliance. She has more than 20 years of experience editing and reporting on technology, business and policy. Prior to joining CRA, she worked at Sightline Media as editor of Defense News and executive editor of the Business-to-Government Group. She previously worked at Washington Business Journal and Nextgov, covering federal technology, contracting and policy, as well as CMP Media’s VARBusiness and CRN and Penton Media’s iSeries News.
Vulnerable Apache NiFi implementations are being targeted in new attacks deploying the Kinsing cryptomining malware, as indicated by the significant increase in HTTP requests for "/nifi" on May 19, according to The Hacker News.
Numerous fraudulent websites masquerading as legitimate software, including ChatGPT, Gimp, AstraChat, and Go To Meeting, have been used in a new RomCom malware campaign by Cuba ransomware affiliate Void Rabisu, also known as Tropical Scorpius, from December 2022 to April 2023, which was mostly targeted at Eastern Europe, according to BleepingComputer.
Scandinavian Airlines has been demanded to pay $3 million by the Anonymous Sudan threat operation to put an end to distributed denial-of-service attacks against the airline's websites that began in February, reports The Record, a news site by cybersecurity firm Recorded Future.