Today’s Cybersecurity Threats and Trends - 09/24/2024

'Necro'-mancers revive threats thought to be long dead.

Author

J.W. Croley
September 24, 2024

Before we dive in, I would like to thank all of you for supporting us with your subscription! My goal is to bring both actionable insights and information regarding cybersecurity threats to the non-tech and technical professional alike. If this sounds like something that would help someone you know, please share the newsletter!

1. Octo2’s Many Tendrils Assault Android

Primary Threat: A new variant of the Octo banking trojan, Octo2, has emerged, targeting European financial institutions. ThreatFabric's research reveals the malware’s improved ability to take over devices remotely, enabling fraudulent transactions and intercepting sensitive data. It uses APK binding services like Zombinder to deliver malware through seemingly legitimate apps.

  • MITRE Tactics: Initial Access, Collection

  • Risk: High – Octo2’s advanced device takeover capabilities make it a potent threat.

2. Twelve Targets Russian Systems

Primary Threat: Hacktivist group Twelve is actively targeting Russian organizations, using a unified kill chain model to disrupt critical services. Kaspersky's analysis outlines the group’s methods, shared infrastructure with DARKSTAR, which include spear-phishing and exploiting known vulnerabilities to gain access to networks and systems.

  • MITRE Tactics: Initial Access, Impact

  • Risk: Medium – Hacktivist activity presents disruption and data theft risks.

Did you know…?

The first Trojan horse malware was created in 1975 by John Walker and was called "ANIMAL." It masqueraded as a simple quiz game but secretly copied itself to other directories. Today’s Trojans, like Octo2, have evolved to take over entire devices remotely, showing how far malware has come in sophistication over the decades!

Find out more about Trojans and their history: Here

3. Mallox Ransomware Makes Moves

Primary Threat: A new Linux variant of the Mallox ransomware, built from leaked Kryptina code, is spreading rapidly. SentinelLabs' research details how the ransomware targets Linux servers in enterprise environments, encrypting data and demanding ransom payments in cryptocurrency.

  • MITRE Tactics: Impact, Execution

  • Risk: High – This variant’s rapid deployment makes it a serious threat to Linux systems.

4. Necro Trojan Nightmare

Primary Threat: Necro, an Android trojan previously believed to be dormant, has resurfaced, infecting over 11 million devices via compromised apps on Google Play. Kaspersky's research highlights the trojan's ability to exfiltrate sensitive data and install additional malware.

  • MITRE Tactics: Execution, Exfiltration

  • Risk: High – The widespread nature of this malware campaign is highly concerning.

5. Water Treatment Plant Penetrated

Primary Threat: A water treatment facility in Arkansas City, Kansas, was forced to revert to manual operations following a cyberattack. Officials released a notice stating that the attack impacted systems controlling water operations, prompting a temporary shift to manual control.

  • MITRE Tactics: Impact, Execution

  • Risk: Medium – Critical infrastructure remains a high-value target for cyberattacks.

IN SUMMARY:

This week’s newsletter highlights evolving malware threats, including the Octo2 banking trojan and the resurgence of Necro on Android.

Hacktivist group Twelve continues its attacks on Russian organizations, while new variants of Mallox ransomware are targeting Linux systems.

Lastly, a Kansas water facility has become the latest victim of critical infrastructure cyberattacks, forcing operations into manual mode.

Stay vigilant, patch promptly, and remember, “It’s better to be paranoid that pwnd.”

J.W.

(P.S. Check out our partners! It goes a long way to support this newsletter!)