The idea that the public markets are not as exclusive to tech firms as some believed was reinforced by Rubrik's aggressive IPO pricing ...
Cybersecurity researchers at Zscaler ThreatLabz have uncovered a concerning trend in which cybercriminals are exploiting popular web hosting and blogging platforms to disseminate malware and steal sensitive data. This sophisticated tactic, known as SEO poisoning within the realm of Black Hat SEO techniques, has been employed to manipulate search engine results, pushing fraudulent websites to the forefront of users' search queries, thereby increasing the risk of unwittingly accessing malicious content.
How They Operate
The cybercriminals orchestrating these operations have devised intricate strategies to evade detection and entice unsuspecting users into downloading malware. They fabricate fraudulent websites spanning a wide array of topics, ranging from pirated software to culinary recipes, often hosted on well-established platforms such as Weebly. By adopting the guise of legitimate sites, complete with endorsements like "Powered by Weebly," they exploit users' trust in reputable services to perpetrate their malicious activities.
The process commences with cybercriminals setting up sham sites on web hosting services, adeptly avoiding detection by both hosting providers and users. When individuals search for relevant content and click on links from search results, they unknowingly find themselves on these malevolent sites. To circumvent scrutiny from security researchers, the perpetrators implement evasion techniques, including scrutinising referral URLs. Should a user access the site directly, indicating a potential analysis, the site tactfully sidesteps redirection to preserve its cloak of invisibility.
The Payload Delivery System
Malicious payloads are secretly delivered through multi-layered zipped files concealed within seemingly innocuous content. For instance, an individual seeking cracked software may inadvertently download malware instead of the anticipated content. Upon execution, the malware puts together a sequence of activities, encompassing process hollowing and DLL sideloading, aimed at downloading additional malware and establishing communication with command-and-control servers.
Tricks to Avoid Detection
To further complicate their activities, threat actors employ techniques, including string concatenation, mathematical manipulation, and the utilisation of password-protected ZIP archives. These tactics serve to confound security measures, rendering the malicious code arduous to decipher and bolstering the malware's ability to slightly pass over detection.
Data Theft and Deceptive Tactics
Once ensconced within a system, the malware embarks on an mission to harvest extensive troves of data, encompassing system information, browser data, credentials, and browsing history. Additionally, it sets its sights on emails pertaining to cryptocurrency exchanges, adeptly modifying email content and intercepting one-time authentication codes to facilitate unauthorised access.
How To Protect Yourself?
Keeping in mind such campaigns, users are advised to exercise utmost caution when procuring software from unfamiliar sources and to prioritise visiting reputable websites. Staying abreast of emerging cybersecurity threats and securing defences with robust protocols can substantially mitigate the risk of succumbing to potential infections.
In an April 17 analysis from its Sophos X-Ops research team, cybersecurity firm Sophos observed an increase in low-cost, primitive ransomware—a boon for aspiring threat actors and a headache for defenders.
It's far more difficult to find something that there are only twenty copies of in the world, said Christopher Budd, director of threat research at Sophos X-Ops.
The group linked the choices to the cheap handguns that flooded the US firearms market in the 1960s and 1970s, known as junk guns.
Between June 2023 and February 2024, the Sophos team spotted 19 different types of "independently produced, inexpensive, and crudely constructed ransomware." Some missed clean graphics, while others used programming languages like C# and.NET, which "have a shallower learning curve," noted the paper.
It seems to be a fairly recent thing," noting that poor-quality malware has existed for decades.
Sophos discovered one with no price indicated, two open-source models, one for $20 (later reduced to free), and one for 0.5 BTC (about $13K).
According to a 2023 research by cybersecurity firm CrowdStrike, the cost of a Ransomware as a Service (RaaS) kit "ranges from $40 per month to several thousand dollars." RaaS models depend on affiliates purchasing ransomware and consenting to a subscription fee based on the victim's payment.
Junk-gun ransomware destroys that commission: capitalism in action, in a sense.
In most instances, you don't have any kind of partner fees to pay, Budd stated.
Ransomware groups such as LockBit have become large enough to be tracked and halted by government agencies. Junky ransomware has the potential to fly under the radar and bypass detection technology.
There is no single source of knowledge for investigators and researchers to track, the Sophos report stated.
Budd and his crew saw users asking basic inquiries in forums praising the cheap items. What is the best language for creating ransomware? Is writing in C# worthwhile? How should malware be priced and sold?
Budd describes a forum featuring inexpensive ransomware and beginner queries as a welcome place for young hackers waiting for their chance in the big leagues.