Despite the seemingly reduced prevalence of Magecart attacks, a new, more covert campaign was observed by Malwarebytes to continue being connected to a "pretty wide infrastructure," reports ZDNet.
Malwarebytes researchers discovered that the novel Magecart skimmer domain identified by Sansec, as well as a suspected host determined by another security researcher, were tied to a more widespread campaign, which was related to another campaign last year that involved a skimmer with virtual machine detection capabilities. However, the skimmer was found to have the VM code removed.
"If the Magecart threat actors decided to switch their operations exclusively server-side then the majority of companies, including ours, would lose visibility overnight. This is why we often look up to researchers that work the website cleanups. If something happens, these guys would likely notice it. For now, we can say that Magecart client-side attacks are still around and that we could easily be missing them if we rely on automated crawlers and sandboxes, at least if we don't make them more robust," said Malwarebytes researcher Jrme Segura.
SiliconAngle reports that mounting security alert fatigue has prompted Torq to introduce its new HyperSOC system based on its Hyperautomation Platform using artificial intelligence to enable security operation center response automation, management, and monitoring in a bid to bolster the investigation and remediation of cybersecurity threats.
Moldovan botnet operator Alexander Lefterov, also known as Alipatime, Alipako, and Uptime, has been indicted by the U.S. Department of Justice for his involvement in widespread attacks against U.S.-based computers, BleepingComputer reports.
CyberScoop reports that over 100 Ukrainian local government and police documents uploaded to VirusTotal in February were discovered to have been infected with the OfflRouter malware, which dates back to 2015 and could only spread through already compromised files and removable media devices.