Increasing Watering Hole Attacks in Nigeria
  • Advisory
  • March 16, 2023

The threat actors behind these types of attacks will typically conduct reconnaissance on a specific group, primarily to determine which websites they visit on a regular basis. These can be discussion forums, social media platforms, blogs, or websites aimed at a specific industry or type of professional. They then either infect those sites with malware or create malicious third-party sites to lure users to the site. If users fall for it, their devices will become infected with malware, granting the threat actor unauthorised access. If the user connects to their organization's network using the compromised device, the actor may gain un-authorised access to organizational systems as well. Some of the techniques observed in this attack include: drive-by downloads, in which targets at a watering hole may download malicious content without their knowledge, consent, or action; Malvertising, in which hackers inject malicious code into advertisements at a watering hole in order to spread malware to their prey; and zero-day exploitation, in which threat actors exploit zero-day vulnerabilities in a website or browser that watering hole attackers can exploit.

Cybercriminals Using YouTube to Spread Malware
  • Advisory
  • March 23, 2023

To stimulate the interest of potential victims, video tutorials on how to pirate sought-after software such as AutoCAD, Adobe Photoshop, Adobe Premiere Pro, and other similar paid-for software are created. These videos are created with AI and feature humans with facial features that research has shown other humans find trustworthy. The tutorials in these videos are frequently bogus and steer viewers to links in the description that lead to information-stealing malware like Raccoon, Vidar, and RedLine.

AI-generated YouTube videos can be used for malware distribution in several ways:

  1.   Malicious actors can create AI-generated videos that include hidden or disguised malware. These videos may appear to be harmless or even entertaining, but they can contain malicious code that can infect a viewer's device when the video is downloaded or played.
  2.    Malicious actors can use AI-generated videos to trick viewers into downloading malware. For example, they can create a video that appears to be a legitimate software update or security patch, but in reality, it contains malware that infects the viewer's device.
  3.    Malicious actors can use AI-generated videos to distribute phishing scams. They can create a video that appears to be from a legitimate company or organization and prompts viewers to click on a link to enter their login credentials or personal information. Once the viewer clicks on the link, they are directed to a fake website that steals their information.
  4.    Malicious actors can use AI-generated videos to distribute ransomware. They can create a video that appears to be harmless, but when the viewer clicks on a link or downloads a file associated with the video, their device becomes infected with ransomware that locks them out of their files and demands payment to regain access.


Security Advisory on Increasing Phishing Attacks
  • Advisory
  • April 11, 2023

Such an attack usually starts with a phishing email, text message (also known as smishing), or even a direct message (DM) on a social media app that appears urgent and requires you to either click on a link that takes you to an external website or download a file attachment. This website is fraudulent and is intended to collect sensitive, potentially damaging information from the potential victim.

Another technique involves using a phone call, or vishing, to trick victims into disclosing sensitive information. In order to collect their information and compromise their accounts, the attacker would either call the victim or use an automated system to pretend to be calling from their bank.

Dangerous Android Malware Infiltrates Google Play Store Apps
  • Advisory
  • April 19, 2023

The affected apps have been downloaded more than a combined 60 million times, and some of them include:

  1. L.POINT with L.PAY
  2. GOM Player
  3. LIVE Score, Real-Time Score
  4. GOM Audio – Music Sync Lyrics
  5. Bounce Brick Breaker
  6. Pikicast
  7. SomNote – Beautiful Note App

When an affected app is installed and started for the first time, it will request for certain permissions. The malicious library then registers the device and gets its configuration from a remote server which contains parameters that determine the level of data theft and ad fraud that will be perpetrated on the device.

Critical Vulnerability Discovered in Popular WordPress Plugin
  • Advisory
  • May 15, 2023

The vulnerability CVE-2023-32243 allows for the changing of the password of any given user. This vulnerability occurs because the password reset function does not validate a password reset key and instead directly changes the password of the given user. So as long as the attacker(s) knows the username associated with the account, they can change the password, even if the particular account is an administrator. Therefore for this attack to be executed, the attacker must know the username for the targeted system for the malicious password reset.

Russian Snake Malware Infrastructure Identified Worldwide
  • Advisory
  • May 22, 2023

This sophisticated and persistent malware toolkit begins by infiltrating target systems via numerous techniques and establishing a backdoor for remote access. It then connects to a remote command and control server, where it can conduct its malicious activities on the target. The Snake tool is designed to be undetectable and persistent, making it difficult to detect and remove from infected systems. According to report, the malware is deployed to external-facing infrastructure nodes on a network. From there, it uses other tools, and techniques, tactics, and procedures (TTPs) on the internal network to conduct additional exploitation operations.

Recently, over 50 countries in North America, South America, Europe, Africa, Asia, and Australia have snake infrastructure, including the United States and Russia.

Latest Articles