Online payment firms in North and Latin America and the Asia Pacific have been targeted for over a year by the Silent Skimmer campaign that sought to exfiltrate sensitive payment data from checkout pages, The Hacker News reports.
Attributed to Chinese-speaking attackers, Silent Skimmer involved the exploitation of web app vulnerabilities followed by the utilization of various living-off-the-land techniques and open-source tools for further compromise, according to a report from the BlackBerry Research and Intelligence Team. Threat actors then distribute a PowerShell-based remote access trojan aimed at compromising web servers and facilitating stealthy financial data theft from payment checkout pages. Researchers also found that virtual private servers leveraged in the web skimmer campaign were dependent on victims' geolocation in a bid to avoid detection.
"The attacker focuses predominantly on regional websites that collect payment data, taking advantage of vulnerabilities in commonly used technologies to gain unauthorized access and retrieve sensitive payment information entered into or stored on the site," said researchers.
Large Catholic nonprofit hired Mandiant to investigate what’s now an unspecified cybersecurity incident that has reportedly forced hospitals in at least Maryland, Michigan, Kansas, and Wisconsin to shut down its systems.
Operational technology and internet-of-things cybersecurity provider Nozomi Networks and Google's Mandiant have forged an expanded threat intelligence collaboration aimed at bolstering industry and enterprise cybersecurity, reports SiliconAngle.
Boeing has confirmed being the unnamed multinational aeronautical and defense corporation demanded by the LockBit ransomware operation to pay a $200 million ransom as mentioned in an unsealed indictment against LockBit administrator Dmitry Yuryevich Khoroshev, also known as LockBitSupp, according to CyberScoop.